gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

rename terminology "not flag" to "negate option"

Browse Source
This commit is contained in:
root
2024-08-22 08:28:33 +00:00
parent e538f5bb52
commit 72cf89723d
23 changed files with 183 additions and 183 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/api_reference.md
View File

@@ -861,7 +861,7 @@ int maat_scan_not_logic(struct maat *instance, int table_id,
size_t *n_hit_result, struct maat_state *state);
```
If the rule configuration contains NOT-conditions, this interface needs to be called to activate the calculation of rule_id involving NOT-conditions. This means that other scanning interfaces will not activate NOT-conditions except for calling this interface. When to call this interface is determined by the caller. For example, on a session, four packets were scanned with maat_scan_string and three rule_id were hit. The NOT-condition was expected to be activated, so this interface was called and two new rule_id were hit.
If the rule configuration contains negate-conditions, this interface needs to be called to activate the calculation of rule_id involving negate-conditions. This means that other scanning interfaces will not activate negate-conditions except for calling this interface. When to call this interface is determined by the caller. For example, on a session, four packets were scanned with maat_scan_string and three rule_id were hit. The negate-condition was expected to be activated, so this interface was called and two new rule_id were hit.
Since this interface only activates non-conditions and does not call the underlying scanning engine to perform actual scanning tasks, there is no data to be scanned.

2
docs/getting_started.md
View File

@@ -60,7 +60,7 @@ Table schema is stored in a json file(such as table_info.conf), which is loaded
"custom": {
"group_id":1,
"rule_id":2,
"not_flag":4,
"negate_option":4,
"attribute_name":5,
"condition_index":6
}

2
docs/logical_combinations.md
View File

@@ -124,7 +124,7 @@ rule(rule) = condition1 & !condition2
The JSON configuration for the logical `OR` can be referenced at [unit_test Json configuration](../test/maat_json.json) with rule_id=145.
The group_name: "123_IP_group" is a NOT condition of this rule.
The group_name: "123_IP_group" is a negate condition of this rule.
## Group exclude

18
docs/maat_table.md
View File

@@ -256,7 +256,7 @@ Describe the relationship between group and rule.
| **group_ids** | VARCHAR(256) | group ids are separated by commas(g1,g2,g3) |
| **rule_id** | LONG LONG | rule id |
| **is_valid** | INT | 0(invalid), 1(valid) |
| **not_flag** | INT | logical 'NOT', identify a NOT condition, 0(no) 1(yes) |
| **negate_option** | INT | logical 'NOT', identify a negate condition, 0(no) 1(yes) |
| **attribute** | VARCHAR2(256) | attribute name, NOT NULL |
| **Nth_condition** | INT | the condition seq in (conjunctive normal form)CNF, from 0 to 7. groups with the same condition ID are logical 'OR' |
@@ -443,7 +443,7 @@ In addition to the rule table, there is also the group2rule table in the table s
**Note:** This will involve the terminology of [condition](./terminology.md#condition).
1. For expressions without NOT-conditions, returning the matched rule_id:
1. For expressions without negate-conditions, returning the matched rule_id:
* rule1 = condition1 & condition2 = {attribute1, g1} & {attribute2, g2}
@@ -451,7 +451,7 @@ In addition to the rule table, there is also the group2rule table in the table s
Given the matched attribute_id and group_id, all matching rule_ids can be provided. For example, if scanning attribute1 matches g2 and attribute2 matches g3, rule_runtime will return the matched rule_id 2.
2. For expressions with NOT-conditions, returning the matched rule_id:
2. For expressions with negate-conditions, returning the matched rule_id:
* rule3 = condition1 & !condition2 = {attribute1, g1} & !{attribute2, g2}
@@ -459,7 +459,7 @@ In addition to the rule table, there is also the group2rule table in the table s
If scanning attribute1 matches g1 and attribute2 matches g3, rule_runtime will return the matched rule_id 4.
3. If a rule_id is matched, the full hit path can be obtained: **item_id -> group_id ->** {super_group_id} -> condition{**attribute_id, not_flag, condition_index} -> rule_id**. If the matched group is not referenced by a rule, a half hit path can be obtained: **item_id -> group_id** -> {super_group_id}.
3. If a rule_id is matched, the full hit path can be obtained: **item_id -> group_id ->** {super_group_id} -> condition{**attribute_id, negate_option, condition_index} -> rule_id**. If the matched group is not referenced by a rule, a half hit path can be obtained: **item_id -> group_id** -> {super_group_id}.
4. Getting the matched group_ids and the count of hit groups.
@@ -473,9 +473,9 @@ Rule runtime loads the rule table and group2rule table configurations into memor
1. All condition_ids under the same rule are used to construct AND expressions, and all rule AND expressions are used to build a bool_matcher.
2. For not_flag=0 (conditions), a `condition_id hash` is built, key:{group_id, attribute_id, not_flag}, value:condition_id.
2. For negate_option=0 (conditions), a `condition_id hash` is built, key:{group_id, attribute_id, negate_option}, value:condition_id.
3. For not_flag=1 (NOT-conditions), a `NOT_condition_id hash` is built, key:{group_id, attribute_id, not_flag}, value:condition_id.
3. For negate_option=1 (negate-conditions), a `NOT_condition_id hash` is built, key:{group_id, attribute_id, negate_option}, value:condition_id.
* **Data Plane**
@@ -493,10 +493,10 @@ On the data plane, services are provided externally through the maat API, primar
* Use the hit condition_ids to determine if there are any hit rule_ids. If there are, populate the half-hit path which will become full-hit path.
2. **maat_scan_not_logic**: This interface is used to activate NOT-condition logic.
2. **maat_scan_not_logic**: This interface is used to activate negate-condition logic.
* Traverse the `NOT_condition_group` of `attribute_id`. For each `group_id`, form a key `{group_id, attribute_id, 1}` to obtain the `NOT_condition_id`. If it is in the `exclude condition_ids` set, ignore it; otherwise, add it to the `all hit condition_ids` set as a hit `NOT_condition_id`, and record the half-hit path of the NOT-condition.
* Traverse the `NOT_condition_group` of `attribute_id`. For each `group_id`, form a key `{group_id, attribute_id, 1}` to obtain the `NOT_condition_id`. If it is in the `exclude condition_ids` set, ignore it; otherwise, add it to the `all hit condition_ids` set as a hit `NOT_condition_id`, and record the half-hit path of the negate-condition.
* Use the `all hit condition_ids` to calculate if there are any newly hit rule_ids. If there are, populate the half-hit path of the NOT-condition which will become full-hit path.
* Use the `all hit condition_ids` to calculate if there are any newly hit rule_ids. If there are, populate the half-hit path of the negate-condition which will become full-hit path.
3. **xx_get_hit_path**: This interface is used to retrieve the hit path.

2
docs/monitor_tools.md
View File

@@ -22,7 +22,7 @@ The statistical information in the above figure is divided into two parts, part1
- plug_acc_num: total number of configurations for plugin tables
- NOT_condition_num: total number of NOT-conditions
- NOT_condition_num: total number of negate-conditions
- excl_grp_num: total number of exclude groups

2
docs/terminology.md
View File

@@ -60,7 +60,7 @@ The relationship between group and rule is stored in the [group2rule table](./ma
A condition consists of several Literals and the relationship between them is a `logical 'OR'`.
Conditions are divided into two categories based on whether they contain the logical "NOT" operation: `condition` and `NOT-condition`. In Maat, the logical "NOT" only appears in the condition, which means that if you want to use the logical "NOT", you need to configure conditions for the rules.
Conditions are divided into two categories based on whether they contain the logical "NOT" operation: `condition` and `negate-condition`. In Maat, the logical "NOT" only appears in the condition, which means that if you want to use the logical "NOT", you need to configure conditions for the rules.
## Literal

2
include/maat.h
View File

@@ -30,7 +30,7 @@ struct maat;
struct maat_hit_path {
int Nth_scan;
int attribute_id; // 0 is not a attribute.
int NOT_flag; // 1 means NOT condition(condition)
int negate_option; // 1 means negate condition(condition)
int condition_index; // 0 ~ 7
long long item_id;
long long sub_group_id;

6
scanner/bool_matcher/bool_matcher.cpp
View File

@@ -60,7 +60,7 @@ struct bool_matcher * bool_matcher_new(struct bool_expr * exprs, size_t expr_num
{
for(unsigned int j=0; j<exprs[i].item_num; j++)
{
if(exprs[i].items[j].not_flag==0) M1[exprs[i].items[j].item_id]++;
if(exprs[i].items[j].negate_option==0) M1[exprs[i].items[j].item_id]++;
}
}
@@ -71,7 +71,7 @@ struct bool_matcher * bool_matcher_new(struct bool_expr * exprs, size_t expr_num
unsigned long long item_id = 0;
for(unsigned int j=0; j<exprs[i].item_num; j++)
{
if(exprs[i].items[j].not_flag==0)
if(exprs[i].items[j].negate_option==0)
{
unsigned int c=M1[exprs[i].items[j].item_id];
if(c<min_count)
@@ -129,7 +129,7 @@ int do_match(struct bool_expr_item * expr, unsigned long long * item_ids, size_t
unsigned int i=0;
for(unsigned int j=0; j<expr->item_num; ++j)
{
if(expr->items[j].not_flag==0)
if(expr->items[j].negate_option==0)
{
while(i<item_num && item_ids[i]<expr->items[j].item_id) ++i;
if(i==item_num || item_ids[i]>expr->items[j].item_id) return 0;

6
scanner/bool_matcher/bool_matcher.h
View File

@@ -27,14 +27,14 @@ extern "C"
#define MAX_ITEMS_PER_BOOL_EXPR 8
/* not_flag=0表示布尔项item_id必须出现not_flag=1表示布尔项item_id不能出现 */
/* negate_option=0表示布尔项item_id必须出现negate_option=1表示布尔项item_id不能出现 */
struct bool_item
{
unsigned long long item_id;
unsigned char not_flag;
unsigned char negate_option;
};
/* At least one item's not_flag should be 0. */
/* At least one item's negate_option should be 0. */
struct bool_expr
{
unsigned long long expr_id;

2
scanner/expr_matcher/expr_matcher.cpp
View File

@@ -221,7 +221,7 @@ static struct bool_expr *bool_exprs_new(struct expr_rule *rules, size_t n_rule,
}
bool_exprs[i].items[j].item_id = pattern_index++;
bool_exprs[i].items[j].not_flag = 0;
bool_exprs[i].items[j].negate_option = 0;
}
bool_exprs[i].expr_id = rules[i].expr_id;

2
src/inc_internal/maat_core.h
View File

@@ -195,7 +195,7 @@ struct maat_state {
uint16_t thread_id;
int16_t rule_table_id;
uint8_t district_flag;
uint8_t logic_not_flag;
uint8_t logic_negate_option;
};
int my_scandir(const char *dir, struct dirent ***namelist,

18
src/json2iris.c
View File

@@ -643,7 +643,7 @@ write_region_rule(cJSON *region_json, int rule_id, int group_id,
static int
write_group2rule_line(int *group_ids, size_t n_group_id,
int rule_id, int group_not_flag,
int rule_id, int group_negate_option,
int condition_index, const char *attribute,
struct iris_description *p_iris,
struct iris_table *g2c_table)
@@ -670,10 +670,10 @@ write_group2rule_line(int *group_ids, size_t n_group_id,
}
group_id_str[strlen(group_id_str) - 1] = '\0';
snprintf(buff, sizeof(buff), "%s\t%d\t%d\t%s\t%d\t1\n", group_id_str,
rule_id, group_not_flag, attribute, condition_index);
rule_id, group_negate_option, attribute, condition_index);
} else {
snprintf(buff, sizeof(buff), "%d\t%d\t%d\t%s\t%d\t1\n", group_ids[0],
rule_id, group_not_flag, attribute, condition_index);
rule_id, group_negate_option, attribute, condition_index);
}
table->write_pos += memcat(&(table->buff), table->write_pos,
@@ -753,7 +753,7 @@ write_group_rule(cJSON *group_json, int parent_id,
struct log_handle *logger)
{
int ret = 0;
int group_not_flag = 0;
int group_negate_option = 0;
int condition_index = 0;
const char *group_name = NULL;
char group_name_array[32][MAX_NAME_STR_LEN];
@@ -797,11 +797,11 @@ write_group_rule(cJSON *group_json, int parent_id,
attribute = item->valuestring;
}
item = cJSON_GetObjectItem(group_json, "not_flag");
item = cJSON_GetObjectItem(group_json, "negate_option");
if (NULL == item || item->type != cJSON_Number) {
group_not_flag = 0;
group_negate_option = 0;
} else {
group_not_flag = item->valueint;
group_negate_option = item->valueint;
}
item = cJSON_GetObjectItem(group_json, "condition_index");
@@ -833,7 +833,7 @@ write_group_rule(cJSON *group_json, int parent_id,
}
assert(parent_type == PARENT_TYPE_RULE);
ret = write_group2rule_line(group_ids, group_name_cnt, parent_id,
group_not_flag, condition_index,
group_negate_option, condition_index,
attribute, p_iris, g2c_table);
} else {
@@ -894,7 +894,7 @@ write_group_rule(cJSON *group_json, int parent_id,
if (parent_type == PARENT_TYPE_RULE) {
ret = write_group2rule_line(&(group_info->group_id), 1, parent_id,
group_not_flag, condition_index,
group_negate_option, condition_index,
attribute, p_iris, g2c_table);
if (ret < 0) {
log_fatal(logger, MODULE_JSON2IRIS,

6
src/maat_api.c
View File

@@ -50,9 +50,9 @@ enum district_flag {
DISTRICT_FLAG_SET
};
enum logic_not_flag {
LOGIC_NOT_FLAG_UNSET,
LOGIC_NOT_FLAG_SET
enum logic_negate_option {
LOGIC_NEGATE_OPTION_UNSET,
LOGIC_NEGATE_OPTION_SET
};
struct maat_stream {

2
src/maat_bool_plugin.c
View File

@@ -375,7 +375,7 @@ bool_plugin_expr_new(struct bool_plugin_schema *schema, const char *table_name,
n_item = ull_dedup(items, n_item);
for (size_t i = 0; i < n_item; i++) {
bool_expr->items[i].item_id = items[i];
bool_expr->items[i].not_flag = 0;
bool_expr->items[i].negate_option = 0;
}
bool_expr->item_num = n_item;

84
src/maat_rule.c
View File

@@ -30,9 +30,9 @@
#define MAX_NOT_CONDITION_NUM 8
enum condition_not_flag {
CONDITION_NOT_FLAG_UNSET = 0,
CONDITION_NOT_FLAG_SET
enum condition_negate_option {
CONDITION_NEGATE_OPTION_UNSET = 0,
CONDITION_NEGATE_OPTION_SET
};
struct rule_schema {
@@ -47,7 +47,7 @@ struct rule_schema {
struct group2rule_schema {
int group_id_column;
int rule_id_column;
int not_flag_column;
int negate_option_column;
int attribute_name_column;
int condition_index_column;
int asso_rule_table_id; //asso is abbreviation for associated
@@ -65,7 +65,7 @@ struct rule_item {
struct group2rule_item {
UT_array *group_ids;
long long rule_id;
int not_flag;
int negate_option;
int attribute_id;
int condition_index;
};
@@ -73,7 +73,7 @@ struct group2rule_item {
struct condition_query_key {
long long group_id;
int attribute_id;
int not_flag;
int negate_option;
};
struct condition_id_kv {
@@ -101,8 +101,8 @@ struct rule_runtime {
struct bool_matcher *bm;
struct rcu_hash_table *cfg_hash; // <rule_id, struct maat_rule>
struct maat_runtime *ref_maat_rt;
struct condition_id_kv *condition_id_kv_hash; //store condition_ids(not_flag == 0)
struct condition_id_kv *not_condition_id_kv_hash; //store NOT_condition_ids(not_flag == 1)
struct condition_id_kv *condition_id_kv_hash; //store condition_ids(negate_option == 0)
struct condition_id_kv *not_condition_id_kv_hash; //store NOT_condition_ids(negate_option == 1)
struct bool_expr_match *expr_match_buff;
struct maat_garbage_bin *ref_garbage_bin;
struct log_handle *logger;
@@ -117,7 +117,7 @@ struct group2rule_runtime {
long long rule_num;
long long update_err_cnt;
struct rule_runtime *ref_rule_rt;
struct table_condition *tbl_not_condition_hash; //each attribute's not condition number <= MAX_NOT_CONDITION_NUM
struct table_condition *tbl_not_condition_hash; //each attribute's negate condition number <= MAX_NOT_CONDITION_NUM
};
struct condition_literal {
@@ -129,7 +129,7 @@ struct condition_literal {
struct rule_condition {
long long condition_id;
UT_array *literals; //struct condition_literal
char not_flag; // 1 byte
char negate_option; // 1 byte
char in_use; // 1 byte
char pad[6]; // for 8 bytes alignment
};
@@ -155,7 +155,7 @@ struct internal_hit_path {
long long group_id;
int Nth_scan;
int attribute_id;
int NOT_flag; // 1 means NOT condition
int negate_option; // 1 means negate condition
};
struct rule2table_id {
@@ -469,12 +469,12 @@ void *group2rule_schema_new(cJSON *json, struct table_manager *tbl_mgr,
goto error;
}
custom_item = cJSON_GetObjectItem(item, "not_flag");
custom_item = cJSON_GetObjectItem(item, "negate_option");
if (custom_item != NULL && custom_item->type == cJSON_Number) {
g2c_schema->not_flag_column = custom_item->valueint;
g2c_schema->negate_option_column = custom_item->valueint;
} else {
log_fatal(logger, MODULE_RULE,
"[%s:%d] table: <%s> schema has no not_flag column",
"[%s:%d] table: <%s> schema has no negate_option column",
__FUNCTION__, __LINE__, table_name);
goto error;
}
@@ -732,21 +732,21 @@ group2rule_item_new(const char *line, struct group2rule_schema *g2c_schema,
}
g2c_item->rule_id = atoll(line + column_offset);
ret = get_column_pos(line, g2c_schema->not_flag_column, &column_offset,
ret = get_column_pos(line, g2c_schema->negate_option_column, &column_offset,
&column_len);
if (ret < 0) {
log_fatal(logger, MODULE_RULE,
"[%s:%d] g2c table:<%s> has no NOT_flag in line:%s ",
"[%s:%d] g2c table:<%s> has no negate_option in line:%s ",
__FUNCTION__, __LINE__, table_name, line);
goto error;
}
g2c_item->not_flag = atoi(line + column_offset);
if (g2c_item->not_flag != CONDITION_NOT_FLAG_SET &&
g2c_item->not_flag != CONDITION_NOT_FLAG_UNSET) {
g2c_item->negate_option = atoi(line + column_offset);
if (g2c_item->negate_option != CONDITION_NEGATE_OPTION_SET &&
g2c_item->negate_option != CONDITION_NEGATE_OPTION_UNSET) {
log_fatal(logger, MODULE_RULE,
"[%s:%d] g2c table:<%s> NOT_flag:%d is illegal in line:%s ",
__FUNCTION__, __LINE__, table_name, g2c_item->not_flag, line);
"[%s:%d] g2c table:<%s> negate_option:%d is illegal in line:%s ",
__FUNCTION__, __LINE__, table_name, g2c_item->negate_option, line);
goto error;
}
@@ -870,7 +870,7 @@ static void maat_rule_condition_add_literal(struct maat_rule *rule,
{
struct rule_condition *condition = rule->conditions + g2c_item->condition_index;
condition->not_flag = g2c_item->not_flag;
condition->negate_option = g2c_item->negate_option;
if (0 == condition->in_use) {
condition->in_use = 1;
@@ -944,12 +944,12 @@ maat_rule_bool_matcher_new(struct rule_runtime *rule_rt,
for (size_t it = 0; it < tmp_cl->group_cnt; it++) {
printf("<before bool_matcher_new> rule_rt:%p rule_id:%lld, condition_id:%llu, condition_query_key{%lld: %d, %d}\n",
rule_rt, iter_rule->rule_id, iter_rule->conditions[i].condition_id, tmp_cl->group_ids[it],
tmp_cl->attribute_id, iter_rule->conditions[i].not_flag);
tmp_cl->attribute_id, iter_rule->conditions[i].negate_option);
}
}
#endif
bool_expr_array[expr_cnt].items[j].item_id = iter_rule->conditions[i].condition_id;
bool_expr_array[expr_cnt].items[j].not_flag = 0;
bool_expr_array[expr_cnt].items[j].negate_option = 0;
j++;
}
}
@@ -1035,14 +1035,14 @@ static inline int compare_rule_id(const void *a, const void *b)
* @brief build <condition_query_key, condition_id_array> hash for condition or not_condition
*
* @param rule_rt: rule runtime handle
* @param not_flag: specify whether to build condition or NOT_condition hash for rule runtime
* @param negate_option: specify whether to build condition or NOT_condition hash for rule runtime
* 0 -> condition hash
* 1 -> NOT_condition hash
*
* @retval generated condition_id_kv_hash
*/
static struct condition_id_kv *
build_condition_id_kv_hash(struct rule_runtime *rule_rt, int not_flag)
build_condition_id_kv_hash(struct rule_runtime *rule_rt, int negate_option)
{
if (NULL == rule_rt) {
return NULL;
@@ -1060,12 +1060,12 @@ build_condition_id_kv_hash(struct rule_runtime *rule_rt, int not_flag)
continue;
}
if (0 == not_flag) {
if (CONDITION_NOT_FLAG_SET == condition->not_flag) {
if (0 == negate_option) {
if (CONDITION_NEGATE_OPTION_SET == condition->negate_option) {
continue;
}
} else {
if (CONDITION_NOT_FLAG_UNSET == condition->not_flag) {
if (CONDITION_NEGATE_OPTION_UNSET == condition->negate_option) {
continue;
}
}
@@ -1076,7 +1076,7 @@ build_condition_id_kv_hash(struct rule_runtime *rule_rt, int not_flag)
for (size_t k = 0; k < tmp_cl->group_cnt; k++) {
struct condition_query_key key =
{tmp_cl->group_ids[k], tmp_cl->attribute_id, condition->not_flag};
{tmp_cl->group_ids[k], tmp_cl->attribute_id, condition->negate_option};
struct condition_id_kv *condition_id_kv = NULL;
HASH_FIND(hh, condition_id_kv_hash, &key, sizeof(struct condition_query_key),
@@ -1256,7 +1256,7 @@ maat_rule_clone(struct maat_rule *rule, int deep_copy)
for (size_t i = 0; i < MAX_ITEMS_PER_BOOL_EXPR; i++) {
new_rule->conditions[i].condition_id = rule->conditions[i].condition_id;
new_rule->conditions[i].in_use = rule->conditions[i].in_use;
new_rule->conditions[i].not_flag = rule->conditions[i].not_flag;
new_rule->conditions[i].negate_option = rule->conditions[i].negate_option;
utarray_new(new_rule->conditions[i].literals, &ut_condition_literal_icd);
for (size_t j = 0; j < utarray_len(rule->conditions[i].literals); j++) {
tmp_literal =
@@ -1570,7 +1570,7 @@ void rule_state_free(struct rule_state *rule_state,
static void
rule_state_add_internal_hit_path(struct rule_state *rule_state,
long long item_id, long long group_id,
int attribute_id, int NOT_flag, int Nth_scan)
int attribute_id, int negate_option, int Nth_scan)
{
if (NULL == rule_state) {
return;
@@ -1581,7 +1581,7 @@ rule_state_add_internal_hit_path(struct rule_state *rule_state,
new_path.Nth_scan = Nth_scan;
new_path.group_id = group_id;
new_path.attribute_id = attribute_id;
new_path.NOT_flag = NOT_flag;
new_path.negate_option = negate_option;
utarray_push_back(rule_state->internal_hit_paths, &new_path);
}
@@ -1602,7 +1602,7 @@ static int maat_rule_has_condition_query_key(struct maat_rule *rule,
continue;
}
if (condition->not_flag != key->not_flag) {
if (condition->negate_option != key->negate_option) {
continue;
}
@@ -1761,7 +1761,7 @@ size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id,
}
key.attribute_id = hit_path_array[j].attribute_id;
key.not_flag = hit_path_array[j].NOT_flag;
key.negate_option = hit_path_array[j].negate_option;
if (maat_rule_has_condition_query_key(rule, &key)) {
populate_hit_path_with_rule(hit_path_array, j, n_hit_path,
&n_new_hit_path, rule);
@@ -1901,7 +1901,7 @@ rule_state_update_hit_conditions(struct rule_state *rule_state,
rule_state_add_hit_conditions(rule_state, condition_id_kv->condition_ids);
}
key.not_flag = 1;
key.negate_option = 1;
HASH_FIND(hh, rule_rt->not_condition_id_kv_hash, &key, sizeof(key), condition_id_kv);
if (condition_id_kv != NULL) {
rule_state_add_exclude_not_conditions(rule_state, condition_id_kv->condition_ids);
@@ -2196,7 +2196,7 @@ static int validate_table_not_condition(struct group2rule_runtime *g2c_rt,
if (not_condition->actual_condition_num >= MAX_NOT_CONDITION_NUM) {
const char *table_name = table_manager_get_table_name(tbl_mgr, table_id);
log_fatal(logger, MODULE_RULE,
"[%s:%d]table:<%s> NOT condition num exceed maximum:%d",
"[%s:%d]table:<%s> negate condition num exceed maximum:%d",
__FUNCTION__, __LINE__, table_name, MAX_NOT_CONDITION_NUM);
return -1;
}
@@ -2237,13 +2237,13 @@ int group2rule_runtime_update(void *g2c_runtime, void *g2c_schema,
return -1;
}
if (1 == g2c_item->not_flag) {
if (1 == g2c_item->negate_option) {
ret = validate_table_not_condition(g2c_rt, schema->ref_tbl_mgr,
g2c_item->attribute_id, is_valid,
rule_rt->logger);
if (ret < 0) {
log_fatal(rule_rt->logger, MODULE_RULE,
"[%s:%d]validate NOT condition failed, abandon config:%s",
"[%s:%d]validate negate condition failed, abandon config:%s",
__FUNCTION__, __LINE__, line);
goto next;
}
@@ -2254,7 +2254,7 @@ int group2rule_runtime_update(void *g2c_runtime, void *g2c_schema,
ret = maat_remove_group_from_rule(rule_rt->cfg_hash, g2c_item,
rule_rt->logger);
if (0 == ret) {
if (g2c_item->not_flag) {
if (g2c_item->negate_option) {
g2c_rt->not_condition_cnt--;
}
g2c_rt->rule_num--;
@@ -2266,7 +2266,7 @@ int group2rule_runtime_update(void *g2c_runtime, void *g2c_schema,
ret = maat_add_group_to_rule(rule_rt->cfg_hash, g2c_item,
rule_rt->logger);
if (0 == ret) {
if (g2c_item->not_flag) {
if (g2c_item->negate_option) {
g2c_rt->not_condition_cnt++;
}
g2c_rt->rule_num++;
@@ -2713,7 +2713,7 @@ size_t rule_state_get_internal_hit_paths(struct rule_state *rule_state,
tmp_path.sub_group_id = internal_path->group_id;
tmp_path.top_group_id = *p;
tmp_path.attribute_id = internal_path->attribute_id;
tmp_path.NOT_flag = internal_path->NOT_flag;
tmp_path.negate_option = internal_path->negate_option;
tmp_path.condition_index = -1;
tmp_path.rule_id = -1;

2
test/benchmark/benchmark_table_info.conf
View File

@@ -572,7 +572,7 @@
"custom": {
"group_id":1,
"rule_id":2,
"not_flag":3,
"negate_option":3,
"attribute_name":4,
"condition_index":5
}

4
test/bool_matcher_gtest.cpp
View File

@@ -15,9 +15,9 @@ TEST(bool_matcher_match, MultiExprWithSameID) {
bool_expr_array->expr_id = 100;
bool_expr_array->item_num = 2;
bool_expr_array->items[0].item_id = 1;
bool_expr_array->items[0].not_flag = 0;
bool_expr_array->items[0].negate_option = 0;
bool_expr_array->items[1].item_id = 1;
bool_expr_array->items[1].not_flag = 0;
bool_expr_array->items[1].negate_option = 0;
size_t mem_size = 0;
struct bool_matcher *bm = bool_matcher_new(bool_expr_array, 1, &mem_size);

2
test/file_test_tableinfo.conf
View File

@@ -54,7 +54,7 @@
"custom": {
"group_id":1,
"rule_id":2,
"not_flag":4,
"negate_option":4,
"attribute_name":5,
"condition_index":6
}

26
test/maat_framework_gtest.cpp
View File

@@ -6845,7 +6845,7 @@ TEST_F(Policy, NotConditionHitPath) {
EXPECT_EQ(hit_path[0].Nth_scan, 1);
EXPECT_EQ(hit_path[0].attribute_id, url_table_id);
EXPECT_EQ(hit_path[0].NOT_flag, 0);
EXPECT_EQ(hit_path[0].negate_option, 0);
EXPECT_EQ(hit_path[0].condition_index, 1);
EXPECT_EQ(hit_path[0].sub_group_id, 249);
EXPECT_EQ(hit_path[0].top_group_id, 249);
@@ -6853,7 +6853,7 @@ TEST_F(Policy, NotConditionHitPath) {
EXPECT_EQ(hit_path[1].Nth_scan, 2);
EXPECT_EQ(hit_path[1].attribute_id, ip_table_id);
EXPECT_EQ(hit_path[1].NOT_flag, 1);
EXPECT_EQ(hit_path[1].negate_option, 1);
EXPECT_EQ(hit_path[1].condition_index, -1);
EXPECT_EQ(hit_path[1].sub_group_id, 100);
EXPECT_EQ(hit_path[1].top_group_id, 144);
@@ -6861,7 +6861,7 @@ TEST_F(Policy, NotConditionHitPath) {
EXPECT_EQ(hit_path[2].Nth_scan, 2);
EXPECT_EQ(hit_path[2].attribute_id, ip_table_id);
EXPECT_EQ(hit_path[2].NOT_flag, 1);
EXPECT_EQ(hit_path[2].negate_option, 1);
EXPECT_EQ(hit_path[2].condition_index, -1);
EXPECT_EQ(hit_path[2].sub_group_id, 100);
EXPECT_EQ(hit_path[2].top_group_id, -1);
@@ -6869,7 +6869,7 @@ TEST_F(Policy, NotConditionHitPath) {
EXPECT_EQ(hit_path[3].Nth_scan, 2);
EXPECT_EQ(hit_path[3].attribute_id, ip_table_id);
EXPECT_EQ(hit_path[3].NOT_flag, 1);
EXPECT_EQ(hit_path[3].negate_option, 1);
EXPECT_EQ(hit_path[3].condition_index, 2);
EXPECT_EQ(hit_path[3].sub_group_id, 250);
EXPECT_EQ(hit_path[3].top_group_id, 250);
@@ -10122,7 +10122,7 @@ TEST_F(MaatCmd, HitPathHasNotGroup) {
EXPECT_EQ(hit_path[path_idx].sub_group_id, group1_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, group11_id);
EXPECT_EQ(hit_path[path_idx].attribute_id, http_req_table_id);
EXPECT_EQ(hit_path[path_idx].NOT_flag, 1);
EXPECT_EQ(hit_path[path_idx].negate_option, 1);
EXPECT_EQ(hit_path[path_idx].rule_id, -1);
path_idx++;
@@ -10131,7 +10131,7 @@ TEST_F(MaatCmd, HitPathHasNotGroup) {
EXPECT_EQ(hit_path[path_idx].sub_group_id, group1_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, -1);
EXPECT_EQ(hit_path[path_idx].attribute_id, http_req_table_id);
EXPECT_EQ(hit_path[path_idx].NOT_flag, 1);
EXPECT_EQ(hit_path[path_idx].negate_option, 1);
EXPECT_EQ(hit_path[path_idx].rule_id, -1);
int http_res_table_id = maat_get_table_id(maat_inst, "HTTP_RESPONSE_HEADER");
@@ -10164,7 +10164,7 @@ TEST_F(MaatCmd, HitPathHasNotGroup) {
EXPECT_EQ(hit_path[path_idx].item_id, -1);
EXPECT_EQ(hit_path[path_idx].sub_group_id, group1_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, group11_id);
EXPECT_EQ(hit_path[path_idx].NOT_flag, 1);
EXPECT_EQ(hit_path[path_idx].negate_option, 1);
EXPECT_EQ(hit_path[path_idx].rule_id, -1);
path_idx++;
@@ -10173,7 +10173,7 @@ TEST_F(MaatCmd, HitPathHasNotGroup) {
EXPECT_EQ(hit_path[path_idx].item_id, -1);
EXPECT_EQ(hit_path[path_idx].sub_group_id, group1_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, group1_id);
EXPECT_EQ(hit_path[path_idx].NOT_flag, 1);
EXPECT_EQ(hit_path[path_idx].negate_option, 1);
EXPECT_EQ(hit_path[path_idx].rule_id, rule1_id);
path_idx++;
@@ -10183,7 +10183,7 @@ TEST_F(MaatCmd, HitPathHasNotGroup) {
EXPECT_EQ(hit_path[path_idx].sub_group_id, group2_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, group21_id);
EXPECT_EQ(hit_path[path_idx].attribute_id, http_res_table_id);
EXPECT_EQ(hit_path[path_idx].NOT_flag, 0);
EXPECT_EQ(hit_path[path_idx].negate_option, 0);
EXPECT_EQ(hit_path[path_idx].rule_id, rule1_id);
path_idx++;
@@ -10193,7 +10193,7 @@ TEST_F(MaatCmd, HitPathHasNotGroup) {
EXPECT_EQ(hit_path[path_idx].sub_group_id, group2_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, -1);
EXPECT_EQ(hit_path[path_idx].attribute_id, http_res_table_id);
EXPECT_EQ(hit_path[path_idx].NOT_flag, 0);
EXPECT_EQ(hit_path[path_idx].negate_option, 0);
EXPECT_EQ(hit_path[path_idx].rule_id, -1);
const char *keywords1 = "In math theory, a finite and infinite come up all the time.";
@@ -10225,7 +10225,7 @@ TEST_F(MaatCmd, HitPathHasNotGroup) {
EXPECT_EQ(hit_path[path_idx].sub_group_id, group4_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, -1);
EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].NOT_flag, 0);
EXPECT_EQ(hit_path[path_idx].negate_option, 0);
EXPECT_EQ(hit_path[path_idx].rule_id, -1);
int ip_table_id = maat_get_table_id(maat_inst, ip_table_name);
@@ -10255,7 +10255,7 @@ TEST_F(MaatCmd, HitPathHasNotGroup) {
EXPECT_EQ(hit_path[path_idx].sub_group_id, group3_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, -1);
EXPECT_EQ(hit_path[path_idx].attribute_id, ip_table_id);
EXPECT_EQ(hit_path[path_idx].NOT_flag, 0);
EXPECT_EQ(hit_path[path_idx].negate_option, 0);
EXPECT_EQ(hit_path[path_idx].rule_id, -1);
Nth_scan++;
@@ -10280,7 +10280,7 @@ TEST_F(MaatCmd, HitPathHasNotGroup) {
EXPECT_EQ(hit_path[path_idx].sub_group_id, group4_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, -1);
EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].NOT_flag, 0);
EXPECT_EQ(hit_path[path_idx].negate_option, 0);
EXPECT_EQ(hit_path[path_idx].rule_id, -1);
maat_stream_free(stream);

166
test/maat_json.json
View File

@@ -735,7 +735,7 @@
"attribute": "HTTP_URL_FILTER",
"group_name": "143_url_group1",
"group_id": 121,
"not_flag": 0,
"negate_option": 0,
"regions": [
{
"table_name": "HTTP_URL",
@@ -751,7 +751,7 @@
"attribute": "HTTP_URL_FILTER",
"group_name": "143_url_group2",
"group_id": 122,
"not_flag": 1,
"negate_option": 1,
"regions": [
{
"table_name": "HTTP_URL",
@@ -778,7 +778,7 @@
"attribute": "HTTP_URL_FILTER",
"group_name": "144_url_group",
"group_id": 123,
"not_flag": 0,
"negate_option": 0,
"regions": [
{
"table_name": "HTTP_URL",
@@ -794,7 +794,7 @@
"attribute": "HTTP_RESPONSE_KEYWORDS",
"group_name": "144_keywords_group",
"group_id": 124,
"not_flag": 1,
"negate_option": 1,
"regions": [
{
"table_name": "KEYWORDS_TABLE",
@@ -821,7 +821,7 @@
"attribute": "HTTP_URL",
"group_name": "145_url_group",
"group_id": 125,
"not_flag": 0,
"negate_option": 0,
"regions": [
{
"table_name": "HTTP_URL",
@@ -836,7 +836,7 @@
{
"attribute": "ATTRIBUTE_IP_CONFIG",
"group_name": "123_IP_group",
"not_flag": 1
"negate_option": 1
}
]
},
@@ -853,7 +853,7 @@
"attribute": "HTTP_URL_FILTER",
"group_name": "146_url_group",
"group_id": 126,
"not_flag": 0,
"negate_option": 0,
"condition_index": 0,
"regions": [
{
@@ -870,7 +870,7 @@
"attribute": "HTTP_RESPONSE_KEYWORDS",
"group_name": "146_keywords_group",
"group_id": 127,
"not_flag": 1,
"negate_option": 1,
"condition_index": 1,
"regions": [
{
@@ -886,7 +886,7 @@
{
"attribute": "ATTRIBUTE_IP_CONFIG",
"group_name": "123_IP_group",
"not_flag": 1,
"negate_option": 1,
"condition_index": 2
}
]
@@ -904,7 +904,7 @@
"attribute": "HTTP_RESPONSE_KEYWORDS_1",
"group_name": "147_keywords_group1",
"group_id": 128,
"not_flag": 1,
"negate_option": 1,
"condition_index": 0,
"regions": [
{
@@ -921,7 +921,7 @@
"attribute": "HTTP_RESPONSE_KEYWORDS_2",
"group_name": "147_keywords_group2",
"group_id": 129,
"not_flag": 1,
"negate_option": 1,
"condition_index": 1,
"regions": [
{
@@ -938,7 +938,7 @@
"attribute": "HTTP_RESPONSE_KEYWORDS_3",
"group_name": "147_keywords_group3",
"group_id": 130,
"not_flag": 1,
"negate_option": 1,
"condition_index": 2,
"regions": [
{
@@ -955,7 +955,7 @@
"attribute": "HTTP_RESPONSE_KEYWORDS_4",
"group_name": "147_keywords_group4",
"group_id": 131,
"not_flag": 1,
"negate_option": 1,
"condition_index": 3,
"regions": [
{
@@ -972,7 +972,7 @@
"attribute": "HTTP_RESPONSE_KEYWORDS_5",
"group_name": "147_keywords_group5",
"group_id": 132,
"not_flag": 1,
"negate_option": 1,
"condition_index": 4,
"regions": [
{
@@ -989,7 +989,7 @@
"attribute": "HTTP_RESPONSE_KEYWORDS_6",
"group_name": "147_keywords_group6",
"group_id": 133,
"not_flag": 1,
"negate_option": 1,
"condition_index": 5,
"regions": [
{
@@ -1006,7 +1006,7 @@
"attribute": "HTTP_RESPONSE_KEYWORDS_7",
"group_name": "147_keywords_group7",
"group_id": 134,
"not_flag": 1,
"negate_option": 1,
"condition_index": 6,
"regions": [
{
@@ -1023,7 +1023,7 @@
"attribute": "HTTP_RESPONSE_KEYWORDS_8",
"group_name": "147_keywords_group8",
"group_id": 135,
"not_flag": 1,
"negate_option": 1,
"condition_index": 7,
"regions": [
{
@@ -1215,7 +1215,7 @@
"attribute": "MAIL_ADDR",
"group_name": "153_expr_group",
"group_id": 143,
"not_flag": 0,
"negate_option": 0,
"regions": [
{
"table_type": "expr",
@@ -1258,7 +1258,7 @@
"attribute": "IP_PLUS_CONFIG",
"group_name": "154_IP_group",
"group_id": 145,
"not_flag": 0,
"negate_option": 0,
"regions": [
{
"table_type":"ip",
@@ -1284,7 +1284,7 @@
"attribute": "IP_PLUS_CONFIG",
"group_name": "155_IP_group",
"group_id": 146,
"not_flag": 0,
"negate_option": 0,
"regions": [
{
"table_type":"ip",
@@ -1412,13 +1412,13 @@
{
"attribute": "HTTP_RESPONSE_KEYWORDS",
"group_name": "TakeMeHome",
"not_flag": 0
"negate_option": 0
},
{
"attribute": "HTTP_URL",
"group_name": "160_url_group",
"group_id": 151,
"not_flag": 0,
"negate_option": 0,
"regions": [
{
"table_name": "HTTP_URL",
@@ -1445,7 +1445,7 @@
"attribute": "HTTP_SIGNATURE",
"group_name": "vt_grp_http_sig1",
"group_id": 152,
"not_flag": 0,
"negate_option": 0,
"regions": [
{
"table_name": "HTTP_SIGNATURE",
@@ -1462,7 +1462,7 @@
"attribute": "HTTP_SIGNATURE",
"group_name": "vt_grp_http_sig2",
"group_id": 153,
"not_flag": 0,
"negate_option": 0,
"regions": [
{
"table_name": "HTTP_SIGNATURE",
@@ -1498,12 +1498,12 @@
{
"attribute": "HTTP_REQUEST_HEADER",
"group_name": "vt_grp_http_sig1",
"not_flag": 0
"negate_option": 0
},
{
"attribute": "HTTP_RESPONSE_HEADER",
"group_name": "vt_grp_http_sig2",
"not_flag": 0
"negate_option": 0
}
]
},
@@ -1519,12 +1519,12 @@
{
"attribute": "HTTP_REQUEST_HEADER",
"group_name": "vt_grp_http_sig2",
"not_flag": 0
"negate_option": 0
},
{
"attribute": "HTTP_RESPONSE_HEADER",
"group_name": "vt_grp_http_sig2",
"not_flag": 0
"negate_option": 0
}
]
},
@@ -1583,7 +1583,7 @@
"attribute": "IP_PLUS_CONFIG",
"group_name": "165_IP_group",
"group_id": 156,
"not_flag": 0,
"negate_option": 0,
"regions": [
{
"table_type":"ip",
@@ -1695,7 +1695,7 @@
"group_name": "169_IP_group",
"group_id": 160,
"condition_index": 0,
"not_flag" : 0,
"negate_option" : 0,
"regions": [
{
"table_type":"ip",
@@ -1721,7 +1721,7 @@
"attribute": "IP_PLUS_CONFIG",
"group_name": "ipv4_attribute.source",
"group_id": 161,
"not_flag": 0,
"negate_option": 0,
"regions": [
{
"table_type":"ip",
@@ -1747,7 +1747,7 @@
"attribute": "IP_PLUS_CONFIG",
"group_name": "ipv4_attribute.destination",
"group_id": 162,
"not_flag": 0,
"negate_option": 0,
"regions": [
{
"table_type":"ip",
@@ -1772,13 +1772,13 @@
{
"attribute": "ASN_NOT_LOGIC",
"group_name": ["ASN1234", "ASN6789", "ASN9001"],
"not_flag": 1,
"negate_option": 1,
"condition_index": 0
},
{
"attribute": "DESTINATION_IP_ASN",
"group_name": "ASN2345",
"not_flag": 0,
"negate_option": 0,
"condition_index": 1
}
]
@@ -1795,13 +1795,13 @@
{
"attribute": "SOURCE_IP_ASN",
"group_name": ["ASN1234", "ASN6789", "ASN9001"],
"not_flag": 0,
"negate_option": 0,
"condition_index": 0
},
{
"attribute": "DESTINATION_IP_ASN",
"group_name": "ASN2345",
"not_flag": 0,
"negate_option": 0,
"condition_index": 1
}
]
@@ -1844,19 +1844,19 @@
{
"attribute": "SOURCE_IP_ASN",
"group_name": ["ASN1234", "ASN6789", "ASN9001"],
"not_flag": 0,
"negate_option": 0,
"condition_index": 0
},
{
"attribute": "SOURCE_IP_GEO",
"group_name": "Country-Sparta-IP",
"not_flag": 0,
"negate_option": 0,
"condition_index": 0
},
{
"attribute": "IP_CONFIG",
"group_name": "financial-department-ip",
"not_flag": 0,
"negate_option": 0,
"condition_index": 1
}
]
@@ -1873,19 +1873,19 @@
{
"attribute": "SOURCE_IP_ASN",
"group_name": ["ASN1234", "ASN6789", "ASN9001"],
"not_flag": 1,
"negate_option": 1,
"condition_index": 0
},
{
"attribute": "IP_PLUS_CONFIG",
"group_name": "develop-department-ip",
"not_flag": 1,
"negate_option": 1,
"condition_index": 0
},
{
"attribute": "SOURCE_IP_GEO",
"group_name": "Country-Sparta-IP",
"not_flag": 0,
"negate_option": 0,
"condition_index": 1
}
]
@@ -1954,31 +1954,31 @@
{
"attribute": "DESTINATION_IP_ASN",
"group_name": ["ASN1234", "ASN6789", "ASN9001"],
"not_flag": 1,
"negate_option": 1,
"condition_index": 0
},
{
"attribute": "SOURCE_IP_GEO",
"group_name": "Country-Sparta-IP",
"not_flag": 1,
"negate_option": 1,
"condition_index": 0
},
{
"attribute": "DESTINATION_IP_ASN",
"group_name": "ASN9002",
"not_flag": 1,
"negate_option": 1,
"condition_index": 1
},
{
"attribute": "DESTINATION_IP_ASN",
"group_name": "ASN9003",
"not_flag": 0,
"negate_option": 0,
"condition_index": 2
},
{
"attribute": "IP_PLUS_CONFIG",
"group_name": "security-department-ip",
"not_flag": 0,
"negate_option": 0,
"condition_index": 3
}
]
@@ -1996,7 +1996,7 @@
"attribute": "HTTP_URL_FILTER",
"group_name": "186_expr_group",
"group_id": 170,
"not_flag": 1,
"negate_option": 1,
"regions": [
{
"table_name": "HTTP_URL",
@@ -2012,7 +2012,7 @@
"attribute": "IP_PLUS_CONFIG",
"group_name": "186_IP_group",
"group_id": 171,
"not_flag": 0,
"negate_option": 0,
"regions": [
{
"table_type":"ip",
@@ -2038,7 +2038,7 @@
"attribute": "HTTP_URL_FILTER",
"group_name": "187_url_group",
"group_id": 172,
"not_flag": 1,
"negate_option": 1,
"regions": [
{
"table_name": "HTTP_URL",
@@ -2054,7 +2054,7 @@
"attribute": "IP_PLUS_CONFIG",
"group_name": "187_IP_group",
"group_id": 173,
"not_flag": 0,
"negate_option": 0,
"regions": [
{
"table_type":"ip",
@@ -2080,7 +2080,7 @@
"attribute": "HTTP_URL_FILTER",
"group_name": "188_url_group",
"group_id": 174,
"not_flag": 1,
"negate_option": 1,
"regions": [
{
"table_name": "HTTP_URL",
@@ -2096,7 +2096,7 @@
"attribute": "IP_PLUS_CONFIG",
"group_name": "188_IP_group",
"group_id": 175,
"not_flag": 0,
"negate_option": 0,
"regions": [
{
"table_type":"ip",
@@ -2841,7 +2841,7 @@
"attribute": "IP_PLUS_CONFIG",
"group_name": "208_IP_group",
"group_id": 213,
"not_flag": 0,
"negate_option": 0,
"regions": [
{
"table_type":"ip",
@@ -2918,7 +2918,7 @@
"attribute": "IP_PERF_CONFIG",
"group_name": "211_IP_group",
"group_id": 216,
"not_flag": 0,
"negate_option": 0,
"regions": [
{
"table_type":"ip",
@@ -3046,14 +3046,14 @@
{
"attribute": "HTTP_URL_FILTER",
"group_name": "ExcludeLogicGroup200",
"not_flag": 0,
"negate_option": 0,
"condition_index": 0
},
{
"attribute": "HTTP_RESPONSE_KEYWORDS",
"group_name": "NOTConditionAndExcludeGroup216",
"group_id": 221,
"not_flag": 1,
"negate_option": 1,
"condition_index": 1,
"regions": [
{
@@ -3081,7 +3081,7 @@
"attribute": "HTTP_URL_FILTER",
"group_name": "NOTConditionAndExcludeGroup217_1",
"group_id": 222,
"not_flag": 1,
"negate_option": 1,
"condition_index": 0,
"sub_groups": [
{
@@ -3120,7 +3120,7 @@
"attribute": "HTTP_RESPONSE_KEYWORDS",
"group_name": "NOTConditionAndExcludeGroup217_2",
"group_id": 225,
"not_flag": 0,
"negate_option": 0,
"condition_index": 1,
"regions": [
{
@@ -3173,7 +3173,7 @@
"attribute": "HTTP_DUMMY",
"group_name": "NOTConditionAndExcludeGroup219_1",
"group_id": 227,
"not_flag": 0,
"negate_option": 0,
"condition_index": 0,
"regions": [
{
@@ -3190,7 +3190,7 @@
"attribute": "HTTP_DUMMY",
"group_name": "NOTConditionAndExcludeGroup219_2",
"group_id": 228,
"not_flag": 1,
"negate_option": 1,
"condition_index": 1,
"regions": [
{
@@ -3207,7 +3207,7 @@
"attribute": "HTTP_DUMMY",
"group_name": "NOTConditionAndExcludeGroup219_3",
"group_id": 229,
"not_flag": 1,
"negate_option": 1,
"condition_index": 2,
"regions": [
{
@@ -3224,7 +3224,7 @@
"attribute": "HTTP_DUMMY",
"group_name": "NOTConditionAndExcludeGroup219_4",
"group_id": 230,
"not_flag": 1,
"negate_option": 1,
"condition_index": 3,
"regions": [
{
@@ -3241,7 +3241,7 @@
"attribute": "HTTP_DUMMY",
"group_name": "NOTConditionAndExcludeGroup219_5",
"group_id": 231,
"not_flag": 1,
"negate_option": 1,
"condition_index": 4,
"regions": [
{
@@ -3258,7 +3258,7 @@
"attribute": "HTTP_DUMMY",
"group_name": "NOTConditionAndExcludeGroup219_6",
"group_id": 232,
"not_flag": 1,
"negate_option": 1,
"condition_index": 5,
"regions": [
{
@@ -3275,7 +3275,7 @@
"attribute": "HTTP_DUMMY",
"group_name": "NOTConditionAndExcludeGroup219_7",
"group_id": 233,
"not_flag": 1,
"negate_option": 1,
"condition_index": 6,
"regions": [
{
@@ -3292,7 +3292,7 @@
"attribute": "HTTP_DUMMY",
"group_name": "NOTConditionAndExcludeGroup219_8",
"group_id": 234,
"not_flag": 1,
"negate_option": 1,
"condition_index": 7,
"regions": [
{
@@ -3320,7 +3320,7 @@
"attribute": "HTTP_DUMMY",
"group_name": "NOTConditionAndExcludeGroup220_1",
"group_id": 235,
"not_flag": 0,
"negate_option": 0,
"condition_index": 0,
"regions": [
{
@@ -3337,7 +3337,7 @@
"attribute": "HTTP_DUMMY",
"group_name": "NOTConditionAndExcludeGroup220_2",
"group_id": 236,
"not_flag": 1,
"negate_option": 1,
"condition_index": 1,
"regions": [
{
@@ -3354,7 +3354,7 @@
"attribute": "HTTP_DUMMY",
"group_name": "NOTConditionAndExcludeGroup220_3",
"group_id": 237,
"not_flag": 1,
"negate_option": 1,
"condition_index": 2,
"regions": [
{
@@ -3382,7 +3382,7 @@
"attribute": "HTTP_REQUEST_HEADER",
"group_name": "NOTLogicGroup_221_1",
"group_id": 238,
"not_flag": 1,
"negate_option": 1,
"regions": [
{
"table_name": "HTTP_SIGNATURE",
@@ -3399,7 +3399,7 @@
"attribute": "HTTP_URL",
"group_name": "NOTLogicGroup_221_2",
"group_id": 239,
"not_flag": 0,
"negate_option": 0,
"regions": [
{
"table_name": "HTTP_URL",
@@ -3426,7 +3426,7 @@
"attribute": "HTTP_NOT_LOGIC_1",
"group_name": "NOTLogicGroup_222",
"group_id": 240,
"not_flag": 1,
"negate_option": 1,
"condition_index": 0,
"regions": [
{
@@ -3454,7 +3454,7 @@
"attribute": "HTTP_NOT_LOGIC",
"group_name": "NOTLogicGroup_223_1",
"group_id": 241,
"not_flag": 1,
"negate_option": 1,
"condition_index": 0,
"regions": [
{
@@ -3471,7 +3471,7 @@
"attribute": "HTTP_NOT_LOGIC",
"group_name": "NOTLogicGroup_223_2",
"group_id": 242,
"not_flag": 1,
"negate_option": 1,
"condition_index": 1,
"regions": [
{
@@ -3488,7 +3488,7 @@
"attribute": "HTTP_NOT_LOGIC",
"group_name": "NOTLogicGroup_223_1",
"group_id": 243,
"not_flag": 1,
"negate_option": 1,
"condition_index": 2,
"regions": [
{
@@ -3516,7 +3516,7 @@
"attribute": "KEYWORDS_TABLE",
"group_name": "NOTLogicGroup_224_1",
"group_id": 244,
"not_flag": 1,
"negate_option": 1,
"condition_index": 0,
"regions": [
{
@@ -3533,7 +3533,7 @@
"attribute": "HTTP_RESPONSE_KEYWORDS",
"group_name": "NOTLogicGroup_224_2",
"group_id": 245,
"not_flag": 0,
"negate_option": 0,
"condition_index": 1,
"regions": [
{
@@ -3561,7 +3561,7 @@
"attribute": "KEYWORDS_TABLE",
"group_name": "EscapeGroup_225_1",
"group_id": 246,
"not_flag": 0,
"negate_option": 0,
"condition_index": 0,
"regions": [
{
@@ -3623,7 +3623,7 @@
"attribute": "HTTP_URL",
"group_name": "228_url_group",
"group_id": 249,
"not_flag": 0,
"negate_option": 0,
"condition_index": 1,
"regions": [
{
@@ -3640,7 +3640,7 @@
"attribute": "ATTRIBUTE_IP_CONFIG",
"group_name": "228_IP_group",
"group_id": 250,
"not_flag": 1,
"negate_option": 1,
"condition_index": 2,
"regions": [
{
@@ -3787,7 +3787,7 @@
"attribute": "KEYWORDS_TABLE",
"group_name": "EscapeGroup_234_1",
"group_id": 260,
"not_flag": 0,
"negate_option": 0,
"condition_index": 0,
"regions": [
{
@@ -3815,7 +3815,7 @@
"attribute": "KEYWORDS_TABLE",
"group_name": "EscapeGroup_235_1",
"group_id": 261,
"not_flag": 0,
"negate_option": 0,
"condition_index": 0,
"regions": [
{

4
test/table_info.conf
View File

@@ -47,7 +47,7 @@
"custom": {
"group_id":1,
"rule_id":2,
"not_flag":3,
"negate_option":3,
"attribute_name":4,
"condition_index":5
}
@@ -84,7 +84,7 @@
"custom": {
"group_id":1,
"rule_id":2,
"not_flag":3,
"negate_option":3,
"attribute_name":4,
"condition_index":5
}

4
test/test_utils.cpp
View File

@@ -170,13 +170,13 @@ int rule_table_set_line(struct maat *maat_inst, const char *table_name,
int group2rule_table_set_line(struct maat *maat_inst, const char *table_name,
enum maat_operation op, long long group_id,
long long rule_id, int not_flag,
long long rule_id, int negate_option,
const char *attribute_name, int condition_index,
int expire_after)
{
char table_line[128] = {0};
sprintf(table_line, "%lld\t%lld\t%d\t%s\t%d\t%d",
group_id, rule_id, not_flag, attribute_name, condition_index, op);
group_id, rule_id, negate_option, attribute_name, condition_index, op);
struct maat_cmd_line line_rule;
line_rule.rule_id = TO_GROUP2X_KEY(group_id, rule_id, condition_index);

2
test/test_utils.h
View File

@@ -20,7 +20,7 @@ int rule_table_set_line(struct maat *maat_inst, const char *table_name,
int group2rule_table_set_line(struct maat *maat_inst, const char *table_name,
enum maat_operation op, long long group_id,
long long rule_id, int not_flag,
long long rule_id, int negate_option,
const char *attribute_name, int condition_index,
int expire_after);