From 7980d8792410c999055b234139b15540e468dc49 Mon Sep 17 00:00:00 2001
From: zhengchao <zhengchao@iie.ac.cn>
Date: Tue, 1 Jun 2021 21:19:41 +0800
Subject: [PATCH] =?UTF-8?q?bool=20matcher=E4=B8=AD=E5=BC=95=E7=94=A8?=
 =?UTF-8?q?=E4=BA=86=E5=B7=B2=E7=BB=8F=E8=A2=AB=E9=87=8A=E6=94=BE=E7=9A=84?=
 =?UTF-8?q?compile=EF=BC=8C=E5=AF=BC=E8=87=B4=E6=AE=B5=E9=94=99=E8=AF=AF?=
 =?UTF-8?q?=E3=80=82=20TSG-6548?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/entry/Maat_hierarchy.cpp | 17 ++++---
 src/entry/Maat_rule.cpp      |  2 +-
 test/test_maatframe.cpp      | 92 +++++++++++++++++++++++++++++++++++-
 3 files changed, 102 insertions(+), 9 deletions(-)

diff --git a/src/entry/Maat_hierarchy.cpp b/src/entry/Maat_hierarchy.cpp
index 2a47fc8..67db3c7 100644
--- a/src/entry/Maat_hierarchy.cpp
+++ b/src/entry/Maat_hierarchy.cpp
@@ -66,8 +66,10 @@ struct Maat_hierarchy_clause_state
 UT_icd ut_literal_id_icd = {sizeof(struct Maat_hierarchy_literal_id), NULL, NULL, NULL};
 UT_icd ut_clause_id_icd = {sizeof(unsigned long long), NULL, NULL, NULL};
 
+#define MAAT_HIER_COMPILE_MAGIC	0x4a5b6c7d
 struct Maat_hierarchy_compile
 {
+	unsigned int magic;
 	int compile_id;
 	int actual_clause_num;
 	int declared_clause_num;
@@ -273,6 +275,7 @@ static struct Maat_hierarchy_compile* Maat_hierarchy_compile_new(struct Maat_hie
 	int i=0;
 	struct Maat_hierarchy_compile* compile=NULL;
 	compile=ALLOC(struct Maat_hierarchy_compile, 1);
+	compile->magic=MAAT_HIER_COMPILE_MAGIC;
 	compile->compile_id=compile_id;
 	HASH_ADD_INT(hier->hash_compile_by_id, compile_id, compile);
 	for(i=0; i<MAX_ITEMS_PER_BOOL_EXPR; i++)
@@ -299,6 +302,7 @@ static void Maat_hierarchy_compile_free(struct Maat_hierarchy* hier, struct Maat
 		clause_state->literal_ids=NULL;
 		clause_state->in_use=0;
 	}
+	compile->magic=0;
 	free(compile);
 }
 
@@ -1348,7 +1352,7 @@ static size_t Maat_hierarchy_compile_mid_update_by_compile(struct Maat_hierarchy
 int Maat_hierarchy_region_compile(struct Maat_hierarchy* hier, struct Maat_hierarchy_compile_mid* mid, int is_last_compile, void** user_data_array, size_t ud_array_sz)
 {
 	int bool_match_ret=0, i=0;
-	struct Maat_hierarchy_compile* compile_array=NULL;
+	struct Maat_hierarchy_compile* compile=NULL;
 	void **expr_match=hier->expr_match_buff+mid->thread_num*MAX_SCANNER_HIT_NUM;
 
 	size_t r_in_c_cnt=0, this_scan_region_hits=mid->this_scan_region_hit_cnt;
@@ -1364,18 +1368,19 @@ int Maat_hierarchy_region_compile(struct Maat_hierarchy* hier, struct Maat_hiera
 						expr_match, MAX_SCANNER_HIT_NUM);
 	for(i=0; i<bool_match_ret && ud_result_cnt<ud_array_sz; i++)
 	{
-		compile_array=(struct Maat_hierarchy_compile*)expr_match[i];
-		r_in_c_cnt=Maat_hierarchy_compile_mid_update_by_compile(hier, mid, compile_array);
-		if(compile_array->not_clause_cnt>0 && !is_last_compile)
+		compile=(struct Maat_hierarchy_compile*)expr_match[i];
+		assert(compile->magic==MAAT_HIER_COMPILE_MAGIC);
+		r_in_c_cnt=Maat_hierarchy_compile_mid_update_by_compile(hier, mid, compile);
+		if(compile->not_clause_cnt>0 && !is_last_compile)
 		{
 			mid->not_clause_hitted_flag=1;
 		}
-		else if(compile_array->user_data)//For compile may be dettached by Maat_hierarchy_compile_dettach_user_data, only return non-NULL userdata.
+		else if(compile->user_data)//For compile may be dettached by Maat_hierarchy_compile_dettach_user_data, only return non-NULL userdata.
 		{		
 			if(r_in_c_cnt>0 ||				//compile hitted becasue of new reigon
 				this_scan_region_hits==0)	//or hit a compile that refer a NOT-logic group in previous scan.
 			{
-				user_data_array[ud_result_cnt]=compile_array->user_data;
+				user_data_array[ud_result_cnt]=compile->user_data;
 				ud_result_cnt++;
 			}
 		}
diff --git a/src/entry/Maat_rule.cpp b/src/entry/Maat_rule.cpp
index 8027645..40d4527 100644
--- a/src/entry/Maat_rule.cpp
+++ b/src/entry/Maat_rule.cpp
@@ -57,7 +57,7 @@ extern "C"
 }
 #endif
 
-int MAAT_FRAME_VERSION_3_1_21_20210513=1;
+int MAAT_FRAME_VERSION_3_1_22_20210601=1;
 
 int is_valid_table_name(const char* str)
 {
diff --git a/test/test_maatframe.cpp b/test/test_maatframe.cpp
index c2f5842..44872dc 100644
--- a/test/test_maatframe.cpp
+++ b/test/test_maatframe.cpp
@@ -3983,9 +3983,9 @@ TEST_F(MaatCmdTest, SameScanStatusWhenClauseUpdate_TSG6419)
 	Maat_command_raw_set_compile(feather, MAAT_OP_ADD, &compile1, compile_table_name, NULL, 2, 0, 0);
 
 	
-	//region11->group11--clause0-->compile1
+	//region11->group11--clause1-->compile1
 	//					    	   /    
-	//region21->group21--clause1--/
+	//region21->group21--clause2--/
 
 
 	memset(&group11, 0, sizeof(group11));
@@ -4076,6 +4076,94 @@ TEST_F(MaatCmdTest, SameScanStatusWhenClauseUpdate_TSG6419)
 	Maat_clean_status(&mid);
 
 }
+TEST_F(MaatCmdTest, CompileDelete_TSG6548)
+{
+	Maat_feather_t feather=MaatCmdTest::_shared_feather;
+
+	const char* g2c_tn="GROUP2COMPILE";
+	const char* compile_table_name="COMPILE";
+	const char* ip_table_name="IP_PLUS_CONFIG";
+
+	struct Maat_rule_t compile1;
+	struct Maat_cmd_group2compile group11;
+	struct Maat_cmd_region region11;
+
+
+	memset(&compile1, 0, sizeof(compile1));
+	compile1.config_id=(int)Maat_cmd_incrby(feather, "TEST_SEQ", 1);
+	Maat_command_raw_set_compile(feather, MAAT_OP_ADD, &compile1, compile_table_name, NULL, 1, 0, 0);
+
+	
+	//region11->group11--clause1-->compile1
+
+
+
+	memset(&group11, 0, sizeof(group11));
+	group11.group_id=Maat_command_get_new_group_id(feather);
+	group11.table_name=g2c_tn;
+	group11.compile_id=compile1.config_id;
+	group11.clause_index=1;
+	Maat_command_raw_set_group2compile(feather, MAAT_OP_ADD, &group11);
+
+	memset(&region11, 0, sizeof(region11));
+	region11.region_id=Maat_command_get_new_region_id(feather);
+	region11.region_type=REGION_IP_PLUS;
+	region11.table_name=ip_table_name;
+	region11.ip_plus_rule.addr_type=ADDR_TYPE_IPv4;
+	region11.ip_plus_rule.saddr_format="range";
+	region11.ip_plus_rule.src_ip1="192.168.73.163";
+	region11.ip_plus_rule.src_ip2="192.168.73.180";
+	region11.ip_plus_rule.sport_format="range";
+	region11.ip_plus_rule.src_port1=region11.ip_plus_rule.src_port2=0;
+
+	region11.ip_plus_rule.daddr_format="mask";
+	region11.ip_plus_rule.dst_ip1="0.0.0.0";
+	region11.ip_plus_rule.dst_ip2="255.255.255.255";
+	region11.ip_plus_rule.dport_format="range";
+	region11.ip_plus_rule.dst_port1=region11.ip_plus_rule.dst_port2=0;
+	Maat_command_raw_set_region(feather, MAAT_OP_ADD, &region11, group11.group_id);
+
+	sleep(1);
+
+	int table_id=0, ret=0, hit_cnt=0, miss_cnt=0;
+	struct Maat_rule_t result[4];
+	scan_status_t mid=NULL;
+	struct ipaddr ipv4_addr;
+	struct stream_tuple4_v4 v4_addr;
+	ipv4_addr_set(&ipv4_addr, &v4_addr, "192.168.73.169", 50001, "10.0.6.201", 80);
+
+	memset(result, 0, sizeof(result));
+	table_id=Maat_table_register(feather, ip_table_name);
+	ret=Maat_scan_proto_addr(feather,table_id, &ipv4_addr, 6, result, 4, &mid,0);
+	EXPECT_EQ(ret, 1);
+	EXPECT_EQ(result[0].config_id, compile1.config_id);
+
+	
+
+	Maat_command_raw_set_compile(feather, MAAT_OP_DEL, &compile1, compile_table_name, NULL, 1, 0, 0);
+	Maat_command_raw_set_group2compile(feather, MAAT_OP_DEL, &group11);
+
+	time_t update_time=time(NULL);
+	time_t now=update_time;
+	while(now-update_time<60)
+	{
+		ret=Maat_scan_proto_addr(feather,table_id, &ipv4_addr, 6, result, 4, &mid, 0);
+		if(ret>0)
+		{
+			hit_cnt++;
+			EXPECT_EQ(result[0].config_id, compile1.config_id);
+		}
+		else
+		{
+			EXPECT_EQ(ret, -2);
+			miss_cnt++;
+		}
+		now=time(NULL);
+	}
+	//scan hit for at most 1 second (rule updating latency), miss for at least 2 seconds.
+	EXPECT_LE(hit_cnt, miss_cnt);
+	Maat_clean_status(&mid);
+}
 
 #define Update_DeadLock_Detection
 TEST_F(MaatCmdTest,    UpdateDeadLockDetection)