gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

rename attribute to field

Browse Source
This commit is contained in:
liuchang
2024-11-26 06:55:29 +00:00
parent 6990542158
commit a18157cd41
30 changed files with 1140 additions and 1146 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/getting_started.md
View File

@@ -61,7 +61,7 @@ Table schema is stored in a json file(such as table_info.json), which is loaded
"object_id":1, "object_id":1,
"rule_id":2, "rule_id":2,
"negate_option":4, "negate_option":4,
"attribute_name":5, "field_name":5,
"condition_index":6 "condition_index":6
} }
}, },

16
docs/logical_combinations.md
View File

@@ -42,7 +42,7 @@ Before showing how to configure the specific rules, we need some raw materials (
```bash ```bash
rule(rule) = condition1 & condition2 rule(rule) = condition1 & condition2
= {attribute1, object1, condition_index1} & {attribute2, object2, condition_index2} = {field1, object1, condition_index1} & {field2, object2, condition_index2}
= {2, 211, 1} & {1, 201, 2} = {2, 211, 1} & {1, 201, 2}
``` ```
@@ -53,7 +53,7 @@ rule(rule) = condition1 & condition2
```bash ```bash
rule(rule) = condition1 & condition2 rule(rule) = condition1 & condition2
= {attribute1, object1, condition_index1} & {attribute2, object2, condition_index2} = {field1, object1, condition_index1} & {field2, object2, condition_index2}
= {2, 211, 1} & {3, 221, 2} = {2, 211, 1} & {3, 221, 2}
``` ```
@@ -74,7 +74,7 @@ object_name: "152_mail_addr" and object_name: "interval_object_refered" are two
```bash ```bash
rule(rule) = condition1 & condition2 rule(rule) = condition1 & condition2
= {attribute1, (object1 | object2), condition_index1} & {attribute2, object3, condition_index2} = {field1, (object1 | object2), condition_index1} & {field2, object3, condition_index2}
= {2, (211 | 212), 1} & {1, 201, 2} = {2, (211 | 212), 1} & {1, 201, 2}
``` ```
@@ -86,7 +86,7 @@ rule(rule) = condition1 & condition2
```bash ```bash
rule(rule) = condition1 & condition2 rule(rule) = condition1 & condition2
= {attribute1, object1, condition_index1} & {attribute2, (object2 | object3), condition_index2} = {field1, object1, condition_index1} & {field2, (object2 | object3), condition_index2}
= {2, 211, 1} & {3, (221 | 222), 2} = {2, 211, 1} & {3, (221 | 222), 2}
``` ```
@@ -106,7 +106,7 @@ object_name: "152_mail_addr" contains two regions(items) with a logical `OR` rel
```bash ```bash
rule(rule) = condition1 & !condition2 rule(rule) = condition1 & !condition2
= {attribute1, object1, condition_index1} & !{attribute2, object2, condition_index2} = {field1, object1, condition_index1} & !{field2, object2, condition_index2}
= {2, 211, 1} & !{1, 201, 2} = {2, 211, 1} & !{1, 201, 2}
``` ```
@@ -118,7 +118,7 @@ rule(rule) = condition1 & !condition2
```bash ```bash
rule(rule) = condition1 & !condition2 rule(rule) = condition1 & !condition2
= {attribute1, object1, condition_index1} & !{attribute2, (object2 | object3), condition_index2} = {field1, object1, condition_index1} & !{field2, (object2 | object3), condition_index2}
= {2, 211, 1} & !{3, (221 | 222), 2} = {2, 211, 1} & !{3, (221 | 222), 2}
``` ```
@@ -148,7 +148,7 @@ super_object1 = object1 exclude object2
And then configure the rule. And then configure the rule.
```bash ```bash
rule(rule) = condition1 & condition2 rule(rule) = condition1 & condition2
= {attribute1, super_object1, condition_index1} & {attribute2, object2, condition_index2} = {field1, super_object1, condition_index1} & {field2, object2, condition_index2}
= {2, (210 exclude 211), 1} & {1, 201, 2} = {2, (210 exclude 211), 1} & {1, 201, 2}
``` ```
@@ -167,7 +167,7 @@ super_object2 = object2 exclude object3
And then configure the rule. And then configure the rule.
```bash ```bash
rule(rule) = condition1 & condition2 rule(rule) = condition1 & condition2
= {attribute1, object1, condition_index1} & {attribute2, super_object2, condition_index2} = {field1, object1, condition_index1} & {field2, super_object2, condition_index2}
= {2, 211, 1} & {1, (202 exclude 201), 2} = {2, 211, 1} & {1, (202 exclude 201), 2}
``` ```

38
docs/maat_table.md
View File

@@ -7,7 +7,7 @@ The maat table consists of two parts: `schema` and `runtime`, which is the core
## 1. Table schema ## 1. Table schema
Maat tables are divided into two categories: physical tables that actually exist in the database and attributes that reference physical tables. Maat tables are divided into two categories: physical tables that actually exist in the database and fields that reference physical tables.
The types of physical tables are as follows: The types of physical tables are as follows:
- [item table](#11-item-table) - [item table](#11-item-table)
@@ -22,7 +22,7 @@ The types of physical tables are as follows:
Different physical tables can be combined into one table, see [conjunction table](#110-conjunction-table) Different physical tables can be combined into one table, see [conjunction table](#110-conjunction-table)
A attribute can only reference one physical table or conjuntion table, see [attribute](#111-attribute) A field can only reference one physical table or conjuntion table, see [field](#111-field)
### 1.1 <a name='Itemtable'></a> Item table ### 1.1 <a name='Itemtable'></a> Item table
@@ -257,7 +257,7 @@ Describe the relationship between object and rule.
| **rule_id** | LONG LONG | rule id | | **rule_id** | LONG LONG | rule id |
| **is_valid** | INT | 0(invalid), 1(valid) | | **is_valid** | INT | 0(invalid), 1(valid) |
| **negate_option** | INT | logical 'NOT', identify a negate condition, 0(no) 1(yes) | | **negate_option** | INT | logical 'NOT', identify a negate condition, 0(no) 1(yes) |
| **attribute** | VARCHAR2(256) | attribute name, NOT NULL | | **field** | VARCHAR2(256) | field name, NOT NULL |
| **Nth_condition** | INT | the condition seq in (conjunctive normal form)CNF, from 0 to 7. objects with the same condition ID are logical 'OR' | | **Nth_condition** | INT | the condition seq in (conjunctive normal form)CNF, from 0 to 7. objects with the same condition ID are logical 'OR' |
NOTE: If object_id is invalid in xx_item table, it must be marked as invalid in this table. NOTE: If object_id is invalid in xx_item table, it must be marked as invalid in this table.
@@ -370,11 +370,11 @@ For example: HTTP_REGION is the conjunction of HTTP_URL and HTTP_HOST.
`Note`: Only physical tables support conjunction. `Note`: Only physical tables support conjunction.
### 1.11 <a name='Attribute'></a> attribute ### 1.11 <a name='Field'></a> field
A physical table refers to a table that physically exists in the database. In contrast, there are no attributes in the database. Attributes are merely references to physical tables, where one attribute can only reference one physical table. If you want to reference multiple physical tables of the same type, you need to first combine these physical tables into a conjunction table, and then have the attribute reference it. A physical table can be referenced by multiple attributes. A physical table refers to a table that physically exists in the database. In contrast, there are no fields in the database. Fields are merely references to physical tables, where one field can only reference one physical table. If you want to reference multiple physical tables of the same type, you need to first combine these physical tables into a conjunction table, and then have the field reference it. A physical table can be referenced by multiple fields.
Attributes are often used for different traffic attributes, where different attributes represent different traffic attributes, such as HTTP_HOST, HTTP_URL, and so on. Fields are often used for different traffic fields, where different fields represent different traffic fields, such as HTTP_HOST, HTTP_URL, and so on.
### 1.12 <a name='ForeignFiles'></a>Foreign Files ### 1.12 <a name='ForeignFiles'></a>Foreign Files
@@ -445,21 +445,21 @@ In addition to the rule table, there is also the object2rule table in the table
1. For expressions without negate-conditions, returning the matched rule_id: 1. For expressions without negate-conditions, returning the matched rule_id:
* rule1 = condition1 & condition2 = {attribute1, g1} & {attribute2, g2} * rule1 = condition1 & condition2 = {field1, g1} & {field2, g2}
* rule2 = condition1 & condition2 = {attribute1, g2} & {attribute2, g3} * rule2 = condition1 & condition2 = {field1, g2} & {field2, g3}
Given the matched attribute_id and object_id, all matching rule_ids can be provided. For example, if scanning attribute1 matches g2 and attribute2 matches g3, rule_runtime will return the matched rule_id 2. Given the matched field_id and object_id, all matching rule_ids can be provided. For example, if scanning field1 matches g2 and field2 matches g3, rule_runtime will return the matched rule_id 2.
2. For expressions with negate-conditions, returning the matched rule_id: 2. For expressions with negate-conditions, returning the matched rule_id:
* rule3 = condition1 & !condition2 = {attribute1, g1} & !{attribute2, g2} * rule3 = condition1 & !condition2 = {field1, g1} & !{field2, g2}
* rule4 = !condition1 & condition2 = !{attribute1, g2} & {attribute2, g3} * rule4 = !condition1 & condition2 = !{field1, g2} & {field2, g3}
If scanning attribute1 matches g1 and attribute2 matches g3, rule_runtime will return the matched rule_id 4. If scanning field1 matches g1 and field2 matches g3, rule_runtime will return the matched rule_id 4.
3. If a rule_id is matched, the full hit path can be obtained: **item_id -> object_id ->** {super_object_id} -> condition{**attribute_id, negate_option, condition_index} -> rule_id**. If the matched object is not referenced by a rule, a half hit path can be obtained: **item_id -> object_id** -> {super_object_id}. 3. If a rule_id is matched, the full hit path can be obtained: **item_id -> object_id ->** {super_object_id} -> condition{**field_id, negate_option, condition_index} -> rule_id**. If the matched object is not referenced by a rule, a half hit path can be obtained: **item_id -> object_id** -> {super_object_id}.
4. Getting the matched object_ids and the count of hit objects. 4. Getting the matched object_ids and the count of hit objects.
@@ -473,9 +473,9 @@ Rule runtime loads the rule table and object2rule table configurations into memo
1. All condition_ids under the same rule are used to construct AND expressions, and all rule AND expressions are used to build a bool_matcher. 1. All condition_ids under the same rule are used to construct AND expressions, and all rule AND expressions are used to build a bool_matcher.
2. For negate_option=0 (conditions), a `condition_id hash` is built, key:{object_id, attribute_id, negate_option}, value:condition_id. 2. For negate_option=0 (conditions), a `condition_id hash` is built, key:{object_id, field_id, negate_option}, value:condition_id.
3. For negate_option=1 (negate-conditions), a `NOT_condition_id hash` is built, key:{object_id, attribute_id, negate_option}, value:condition_id. 3. For negate_option=1 (negate-conditions), a `NOT_condition_id hash` is built, key:{object_id, field_id, negate_option}, value:condition_id.
* **Data Plane** * **Data Plane**
@@ -485,17 +485,17 @@ On the data plane, services are provided externally through the maat API, primar
* The hit item_id and object_id form a half-hit path. * The hit item_id and object_id form a half-hit path.
* The object_id that is hit and the scanned `attribute_id` form the key {object_id, attribute_id, 0}. This key is used to find the `hit condition_ids` in the condition_id hash. * The object_id that is hit and the scanned `field_id` form the key {object_id, field_id, 0}. This key is used to find the `hit condition_ids` in the condition_id hash.
* Use the key {object_id, attribute_id, 1} to search for NOT_condition_ids in the NOT_condition_id hash and cache them as `exclude condition_ids`. These condition_ids need to be removed from all condition_ids that are eventually hit. This is because the scan hit {object_id, attribute_id, 0} => condition_id, leading to the deduction that {object_id, attribute_id, 1} => NOT_condition_id does not hit. * Use the key {object_id, field_id, 1} to search for NOT_condition_ids in the NOT_condition_id hash and cache them as `exclude condition_ids`. These condition_ids need to be removed from all condition_ids that are eventually hit. This is because the scan hit {object_id, field_id, 0} => condition_id, leading to the deduction that {object_id, field_id, 1} => NOT_condition_id does not hit.
* Identify the object_ids in attribute_id table that appear in the NOT_condition and add them to the `NOT_condition_object` set. Ensure that this set does not contain any object_id that was hit during scanning. If any such object_id is present, remove it from the set to form the final `NOT_condition_object` for the attribute_id table. * Identify the object_ids in field_id table that appear in the NOT_condition and add them to the `NOT_condition_object` set. Ensure that this set does not contain any object_id that was hit during scanning. If any such object_id is present, remove it from the set to form the final `NOT_condition_object` for the field_id table.
* Use the hit condition_ids to determine if there are any hit rule_ids. If there are, populate the half-hit path which will become full-hit path. * Use the hit condition_ids to determine if there are any hit rule_ids. If there are, populate the half-hit path which will become full-hit path.
2. **maat_scan_not_logic**: This interface is used to activate negate-condition logic. 2. **maat_scan_not_logic**: This interface is used to activate negate-condition logic.
* Traverse the `NOT_condition_object` of `attribute_id`. For each `object_id`, form a key `{object_id, attribute_id, 1}` to obtain the `NOT_condition_id`. If it is in the `exclude condition_ids` set, ignore it; otherwise, add it to the `all hit condition_ids` set as a hit `NOT_condition_id`, and record the half-hit path of the negate-condition. * Traverse the `NOT_condition_object` of `field_id`. For each `object_id`, form a key `{object_id, field_id, 1}` to obtain the `NOT_condition_id`. If it is in the `exclude condition_ids` set, ignore it; otherwise, add it to the `all hit condition_ids` set as a hit `NOT_condition_id`, and record the half-hit path of the negate-condition.
* Use the `all hit condition_ids` to calculate if there are any newly hit rule_ids. If there are, populate the half-hit path of the negate-condition which will become full-hit path. * Use the `all hit condition_ids` to calculate if there are any newly hit rule_ids. If there are, populate the half-hit path of the negate-condition which will become full-hit path.

4
docs/object_hierarchy.md
View File

@@ -4,7 +4,7 @@ A object can reference other objects, and can also be referenced by other object
## Include ## Include
Include is equivalent to the inclusion semantics in set theory. For example, when object_A is included by object_B, if a traffic attribute satisfies object_A, object_B is satisfied. Include is equivalent to the inclusion semantics in set theory. For example, when object_A is included by object_B, if a traffic field satisfies object_A, object_B is satisfied.
## Exclude ## Exclude
@@ -51,7 +51,7 @@ Restrictions:
- A object should include at least one subordinate object. (Exclude only is not allowed) - A object should include at least one subordinate object. (Exclude only is not allowed)
- Traffic attribute using stream scan cannot allow use object(object) with exclude, i.e., keywords object on HTTP Response Body, Email attachment. - Traffic field using stream scan cannot allow use object(object) with exclude, i.e., keywords object on HTTP Response Body, Email attachment.
Now, let's see a graph of hierarchy example, where the dotted line means exclude. The matched subordinate objects and activated superiors are listed in the following table. Now, let's see a graph of hierarchy example, where the dotted line means exclude. The matched subordinate objects and activated superiors are listed in the following table.

2
docs/overview.md
View File

@@ -28,7 +28,7 @@ As shown in the diagram below, maat organizes and abstracts configurations using
In addition, objects support nesting. For more detailed information, please refer to [object hierarchy](./object_hierarchy.md). In addition, objects support nesting. For more detailed information, please refer to [object hierarchy](./object_hierarchy.md).
If we define literal_id = {attribute_id, object_id}, then a literal is composed of one or more literal_ids. The multiple literal_ids that form the same condition have a logical “OR” relationship. The multiple conditions that form the same rule have a logical “AND” relationship, and there can be a maximum of 8 conditions within the same rule. In addition, the condition itself supports logical "NOT". If we define literal_id = {field_id, object_id}, then a literal is composed of one or more literal_ids. The multiple literal_ids that form the same condition have a logical “OR” relationship. The multiple conditions that form the same rule have a logical “AND” relationship, and there can be a maximum of 8 conditions within the same rule. In addition, the condition itself supports logical "NOT".
<img src="./imgs/rule_diagram.png" width="800" height="450" > <img src="./imgs/rule_diagram.png" width="800" height="450" >

16
docs/terminology.md
View File

@@ -6,7 +6,7 @@
* [Condition(Condition)](#condition) * [Condition(Condition)](#condition)
* [Literal](#literal) * [Literal](#literal)
* [Physical table](#physical-table) * [Physical table](#physical-table)
* [Attribute](#attribute) * [Field](#field)
* [Table schema](#table-schema) * [Table schema](#table-schema)
* [Table runtime](#table-runtime) * [Table runtime](#table-runtime)
* [Table rule](#table-ruleconfiguration) * [Table rule](#table-ruleconfiguration)
@@ -19,7 +19,7 @@
## Item ## Item
As a filter for network attributes, the smallest unit of a rule As a filter for network fields, the smallest unit of a rule
- Eg1: specify that the UserAgent field in the HTTP protocol contains substrings "Chrome" and "11.8.1", - Eg1: specify that the UserAgent field in the HTTP protocol contains substrings "Chrome" and "11.8.1",
&ensp;&ensp; HTTP UserAgent: Chrome & 11.8.1 &ensp;&ensp; HTTP UserAgent: Chrome & 11.8.1
@@ -48,7 +48,7 @@ The relationship between object and object is stored in the [object_group table]
## Rule(Policy) ## Rule(Policy)
A conjunctive normal form(CNF) consisting of multiple objects and attributes. A conjunctive normal form(CNF) consisting of multiple objects and fields.
`Note`: A rule can contain up to 8 conditions and multiple conditions in the same rule can be logical 'AND' and logical 'NOT' relationships. `Note`: A rule can contain up to 8 conditions and multiple conditions in the same rule can be logical 'AND' and logical 'NOT' relationships.
@@ -64,19 +64,19 @@ Conditions are divided into two categories based on whether they contain the log
## Literal ## Literal
A Literal consists of `attribute_id(attribute id)` and `object_id`. During the rules loading process, a unique condition_id will be generated based on the combination of attribute_id and object_id in the same condition. A Literal consists of `field_id(field id)` and `object_id`. During the rules loading process, a unique condition_id will be generated based on the combination of field_id and object_id in the same condition.
## Physical table ## Physical table
Different rules are stored in different tables in the actual database, including [item table](./maat_table.md#11-item-table), [rule table](./maat_table.md#12-rule-table), [object2rule table](./maat_table.md#13-object2rule-table), [object_group table](./maat_table.md#14-object_group-table), and [xx_plugin table](./maat_table.md#15-plugin-table), and so on. Different rules are stored in different tables in the actual database, including [item table](./maat_table.md#11-item-table), [rule table](./maat_table.md#12-rule-table), [object2rule table](./maat_table.md#13-object2rule-table), [object_group table](./maat_table.md#14-object_group-table), and [xx_plugin table](./maat_table.md#15-plugin-table), and so on.
## Attribute ## Field
A attribute references a physical table. In practice, network traffic attributes are commonly used as attribute, such as HTTP_HOST, SSL_SNI, etc. The constraints of attributes are as follows: A field references a physical table. In practice, network traffic fields are commonly used as field, such as HTTP_HOST, SSL_SNI, etc. The constraints of fields are as follows:
* A attribute can only reference one physical table. If it need to reference multiple physical tables of the same type, these physical tables can be first joined together into one table and then referenced. * A field can only reference one physical table. If it need to reference multiple physical tables of the same type, these physical tables can be first joined together into one table and then referenced.
* A physical table can be referenced by different attributes. For example, the keyword_table can be referenced by two attributes, http_request_body_virt and http_response_body_virt. * A physical table can be referenced by different fields. For example, the keyword_table can be referenced by two fields, http_request_body_virt and http_response_body_virt.
<img src="./imgs/virt-phy-mapping.png" width="300" height="150" > <img src="./imgs/virt-phy-mapping.png" width="300" height="150" >

44
include/maat.h
View File

@@ -25,14 +25,14 @@ extern "C"
#include <netinet/in.h> #include <netinet/in.h>
#include <uuid/uuid.h> #include <uuid/uuid.h>
#define MAX_ATTR_NAME_LEN 128 #define MAX_FIELD_NAME_LEN 128
/* maat instance handle */ /* maat instance handle */
struct maat; struct maat;
struct maat_hit_path { struct maat_hit_path {
int Nth_scan; int Nth_scan;
char attribute_name[MAX_ATTR_NAME_LEN]; // 0 is not a attribute. char field_name[MAX_FIELD_NAME_LEN]; // 0 is not a field.
int negate_option; // 1 means negate condition(condition) int negate_option; // 1 means negate condition(condition)
int condition_index; // 0 ~ 7 int condition_index; // 0 ~ 7
uuid_t item_uuid; uuid_t item_uuid;
@@ -247,37 +247,37 @@ struct maat_state;
* MAAT_SCAN_HALF_HIT * MAAT_SCAN_HALF_HIT
* MAAT_SCAN_HIT * MAAT_SCAN_HIT
*/ */
int maat_scan_flag(struct maat *instance, const char *table_name, const char *attribute_name, int maat_scan_flag(struct maat *instance, const char *table_name, const char *field_name,
long long flag, struct maat_state *state); long long flag, struct maat_state *state);
int maat_scan_integer(struct maat *instance, const char *table_name, const char *attribute_name, int maat_scan_integer(struct maat *instance, const char *table_name, const char *field_name,
long long integer, struct maat_state *state); long long integer, struct maat_state *state);
/** /**
* @param ip_addr: ipv4 address in network order * @param ip_addr: ipv4 address in network order
* @param port: port in host order. If the port is not specified, use -1. Note that 0 is a valid port. * @param port: port in host order. If the port is not specified, use -1. Note that 0 is a valid port.
*/ */
int maat_scan_ipv4_port(struct maat *instance, const char *table_name, const char *attribute_name, int maat_scan_ipv4_port(struct maat *instance, const char *table_name, const char *field_name,
uint32_t ip_addr, int port, struct maat_state *state); uint32_t ip_addr, int port, struct maat_state *state);
int maat_scan_ipv6_port(struct maat *instance, const char *table_name, const char *attribute_name, int maat_scan_ipv6_port(struct maat *instance, const char *table_name, const char *field_name,
uint8_t *ip_addr, int port, struct maat_state *state); uint8_t *ip_addr, int port, struct maat_state *state);
int maat_scan_ipv4(struct maat *instance, const char *table_name, const char *attribute_name, int maat_scan_ipv4(struct maat *instance, const char *table_name, const char *field_name,
uint32_t ip_addr, struct maat_state *state); uint32_t ip_addr, struct maat_state *state);
int maat_scan_ipv6(struct maat *instance, const char *table_name, const char *attribute_name, int maat_scan_ipv6(struct maat *instance, const char *table_name, const char *field_name,
uint8_t *ip_addr, struct maat_state *state); uint8_t *ip_addr, struct maat_state *state);
int maat_scan_string(struct maat *instance, const char *table_name, const char *attribute_name, int maat_scan_string(struct maat *instance, const char *table_name, const char *field_name,
const char *data, size_t data_len, struct maat_state *state); const char *data, size_t data_len, struct maat_state *state);
int maat_scan_object(struct maat *instance, const char *table_name, const char *attribute_name, int maat_scan_object(struct maat *instance, const char *table_name, const char *field_name,
uuid_t object_uuid_array[], uuid_t item_uuid_array[], size_t array_size, struct maat_state *state); uuid_t object_uuid_array[], uuid_t item_uuid_array[], size_t array_size, struct maat_state *state);
int maat_scan_not_logic(struct maat *instance, const char *table_name, const char *attribute_name, struct maat_state *state); int maat_scan_not_logic(struct maat *instance, const char *table_name, const char *field_name, struct maat_state *state);
struct maat_stream; struct maat_stream;
struct maat_stream *maat_stream_new(struct maat *instance, const char *table_name, const char *attribute_name, struct maat_state *state); struct maat_stream *maat_stream_new(struct maat *instance, const char *table_name, const char *field_name, struct maat_state *state);
int maat_stream_scan(struct maat_stream *stream, const char *data, int data_len, struct maat_state *state); int maat_stream_scan(struct maat_stream *stream, const char *data, int data_len, struct maat_state *state);
@@ -311,36 +311,36 @@ int maat_state_get_hit_paths(struct maat_state *state, struct maat_hit_path *pat
*/ */
size_t maat_state_get_scan_count(struct maat_state *state); size_t maat_state_get_scan_count(struct maat_state *state);
size_t maat_state_get_attribute_cnt(struct maat_state *state); size_t maat_state_get_field_cnt(struct maat_state *state);
/** /**
* @brief return all attribute names * @brief return all field names
* NOTE: attribute names are valid until the state is freed or reset * NOTE: field names are valid until the state is freed or reset
*/ */
size_t maat_state_get_attribute_names(struct maat_state *state, const char *attribute_names[], size_t array_size); size_t maat_state_get_field_names(struct maat_state *state, const char *field_names[], size_t array_size);
/** /**
* @brief return all hit objects * @brief return all hit objects
*/ */
size_t maat_state_get_hit_objects(struct maat_state *state, size_t maat_state_get_hit_objects(struct maat_state *state,
const char *attribute_name, const char *field_name,
uuid_t object_array[], uuid_t object_array[],
size_t array_size); size_t array_size);
size_t maat_state_get_hit_object_cnt(struct maat_state *state, const char *attribute_name); size_t maat_state_get_hit_object_cnt(struct maat_state *state, const char *field_name);
/** /**
* @brief return direct hit items and direct hit objects * @brief return direct hit items and direct hit objects
* NOTE: hit items may be duplicated * NOTE: hit items may be duplicated
*/ */
size_t maat_state_get_hit_items(struct maat_state *state, size_t maat_state_get_hit_items(struct maat_state *state,
const char *attribute_name, const char *field_name,
uuid_t item_array[], uuid_t item_array[],
uuid_t direct_object_array[], uuid_t direct_object_array[],
size_t array_size); size_t array_size);
size_t maat_state_get_hit_item_cnt(struct maat_state *state, size_t maat_state_get_hit_item_cnt(struct maat_state *state,
const char *attribute_name); const char *field_name);
/** /**
* @brief indirect object means superior object * @brief indirect object means superior object
@@ -348,11 +348,11 @@ size_t maat_state_get_hit_item_cnt(struct maat_state *state,
* NOTE: hit objects may be duplicated * NOTE: hit objects may be duplicated
*/ */
size_t maat_state_get_indirect_hit_objects(struct maat_state *state, size_t maat_state_get_indirect_hit_objects(struct maat_state *state,
const char *attribute_name, const char *field_name,
uuid_t object_array[], uuid_t object_array[],
size_t array_size); size_t array_size);
size_t maat_state_get_indirect_hit_object_cnt(struct maat_state *state, const char *attribute_name); size_t maat_state_get_indirect_hit_object_cnt(struct maat_state *state, const char *field_name);
#ifdef __cplusplus #ifdef __cplusplus
} }

4
src/inc_internal/maat_expr.h
View File

@@ -57,12 +57,12 @@ long long expr_runtime_get_version(void *expr_runtime);
* @retval the num of hit object_id * @retval the num of hit object_id
*/ */
int expr_runtime_scan(struct expr_runtime *expr_rt, int thread_id, const char *data, int expr_runtime_scan(struct expr_runtime *expr_rt, int thread_id, const char *data,
size_t data_len, const char *attribute_name, struct maat_state *state); size_t data_len, const char *field_name, struct maat_state *state);
struct expr_runtime_stream *expr_runtime_stream_open(struct expr_runtime *expr_rt, int thread_id); struct expr_runtime_stream *expr_runtime_stream_open(struct expr_runtime *expr_rt, int thread_id);
int expr_runtime_stream_scan(struct expr_runtime_stream *expr_rt_stream, const char *data, int expr_runtime_stream_scan(struct expr_runtime_stream *expr_rt_stream, const char *data,
size_t data_len, const char *attribute_name, struct maat_state *state); size_t data_len, const char *field_name, struct maat_state *state);
void expr_runtime_stream_close(struct expr_runtime_stream *expr_rt_stream); void expr_runtime_stream_close(struct expr_runtime_stream *expr_rt_stream);

2
src/inc_internal/maat_flag.h
View File

@@ -48,7 +48,7 @@ long long flag_runtime_rule_count(void *flag_runtime);
* @retval the num of hit object_id * @retval the num of hit object_id
*/ */
int flag_runtime_scan(struct flag_runtime *flag_rt, int thread_id, long long flag, int flag_runtime_scan(struct flag_runtime *flag_rt, int thread_id, long long flag,
const char *attribute_name, struct maat_state *state); const char *field_name, struct maat_state *state);
void flag_runtime_perf_stat(struct flag_runtime *flag_rt, struct timespec *start, void flag_runtime_perf_stat(struct flag_runtime *flag_rt, struct timespec *start,
struct timespec *end, int thread_id); struct timespec *end, int thread_id);

2
src/inc_internal/maat_interval.h
View File

@@ -49,7 +49,7 @@ long long interval_runtime_rule_count(void *interval_runtime);
* @retval the num of hit object_id * @retval the num of hit object_id
*/ */
int interval_runtime_scan(struct interval_runtime *interval_rt, int thread_id, int interval_runtime_scan(struct interval_runtime *interval_rt, int thread_id,
long long integer, const char *attribute_name, struct maat_state *state); long long integer, const char *field_name, struct maat_state *state);
void interval_runtime_perf_stat(struct interval_runtime *interval_rt, void interval_runtime_perf_stat(struct interval_runtime *interval_rt,
struct timespec *start, struct timespec *end, struct timespec *start, struct timespec *end,

2
src/inc_internal/maat_ip.h
View File

@@ -42,7 +42,7 @@ long long ip_runtime_ipv6_rule_count(void *ip_runtime);
/* ip runtime scan API */ /* ip runtime scan API */
int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type, int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type,
uint8_t *ip_addr, int port, const char *attribute_name, struct maat_state *state); uint8_t *ip_addr, int port, const char *field_name, struct maat_state *state);
void ip_runtime_perf_stat(struct ip_runtime *ip_rt, struct timespec *start, void ip_runtime_perf_stat(struct ip_runtime *ip_rt, struct timespec *start,
struct timespec *end, int thread_id); struct timespec *end, int thread_id);

20
src/inc_internal/maat_rule.h
View File

@@ -71,10 +71,10 @@ void rule_compile_state_free(struct rule_compile_state *rule_compile_state,
struct maat *maat_instance, int thread_id); struct maat *maat_instance, int thread_id);
int rule_compile_state_update(struct rule_compile_state *rule_compile_state, struct maat *maat_inst, int rule_compile_state_update(struct rule_compile_state *rule_compile_state, struct maat *maat_inst,
const char *attribute_name, int custom_rule_tbl_id, int Nth_scan, const char *field_name, int custom_rule_tbl_id, int Nth_scan,
struct maat_item *hit_items, size_t n_hit_item); struct maat_item *hit_items, size_t n_hit_item);
void rule_compile_state_not_logic_update(struct maat *maat_inst, struct rule_compile_state *rule_compile_state, const char *attribute_name, int Nth_scan); void rule_compile_state_not_logic_update(struct maat *maat_inst, struct rule_compile_state *rule_compile_state, const char *field_name, int Nth_scan);
size_t rule_compile_state_get_internal_hit_paths(struct rule_compile_state *rule_compile_state, size_t rule_compile_state_get_internal_hit_paths(struct rule_compile_state *rule_compile_state,
struct rule_runtime *rule_rt, struct rule_runtime *rule_rt,
@@ -82,24 +82,24 @@ size_t rule_compile_state_get_internal_hit_paths(struct rule_compile_state *rule
struct maat_hit_path *hit_path_array, struct maat_hit_path *hit_path_array,
size_t array_size); size_t array_size);
size_t rule_compile_state_get_direct_hit_items(struct maat * maat_inst, struct rule_compile_state *rule_compile_state, const char *attribute_name, size_t rule_compile_state_get_direct_hit_items(struct maat * maat_inst, struct rule_compile_state *rule_compile_state, const char *field_name,
uuid_t item_array[], uuid_t direct_object_array[], size_t array_size); uuid_t item_array[], uuid_t direct_object_array[], size_t array_size);
size_t rule_compile_state_get_direct_hit_item_cnt(struct maat * maat_inst, struct rule_compile_state *rule_compile_state, const char *attribute_name); size_t rule_compile_state_get_direct_hit_item_cnt(struct maat * maat_inst, struct rule_compile_state *rule_compile_state, const char *field_name);
size_t rule_compile_state_get_indirect_hit_objects(struct maat *maat_inst, struct rule_compile_state *rule_compile_state, size_t rule_compile_state_get_indirect_hit_objects(struct maat *maat_inst, struct rule_compile_state *rule_compile_state,
const char *attribute_name, uuid_t object_array[], size_t array_size); const char *field_name, uuid_t object_array[], size_t array_size);
size_t rule_compile_state_get_indirect_hit_object_cnt(struct maat *maat_inst, struct rule_compile_state *rule_compile_state, const char *attribute_name); size_t rule_compile_state_get_indirect_hit_object_cnt(struct maat *maat_inst, struct rule_compile_state *rule_compile_state, const char *field_name);
size_t rule_compile_state_get_hit_objects(struct maat *maat_inst, struct rule_compile_state *rule_compile_state, const char *attribute_name, size_t rule_compile_state_get_hit_objects(struct maat *maat_inst, struct rule_compile_state *rule_compile_state, const char *field_name,
uuid_t object_array[], size_t array_size); uuid_t object_array[], size_t array_size);
size_t rule_compile_state_get_hit_object_cnt(struct maat *maat_inst, struct rule_compile_state *rule_compile_state, const char *attribute_name); size_t rule_compile_state_get_hit_object_cnt(struct maat *maat_inst, struct rule_compile_state *rule_compile_state, const char *field_name);
size_t rule_compile_state_get_attribute_names(struct rule_compile_state *rule_compile_state, const char *attribute_name_array[], size_t array_size); size_t rule_compile_state_get_field_names(struct rule_compile_state *rule_compile_state, const char *field_name_array[], size_t array_size);
size_t rule_compile_state_get_attribute_cnt(struct rule_compile_state *rule_compile_state); size_t rule_compile_state_get_field_cnt(struct rule_compile_state *rule_compile_state);
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif

102
src/maat_api.c
View File

@@ -56,7 +56,7 @@ struct maat_stream {
struct log_handle *logger; struct log_handle *logger;
int thread_id; int thread_id;
int table_id; int table_id;
char attribute_name[MAX_ATTR_NAME_LEN]; char field_name[MAX_FIELD_NAME_LEN];
}; };
struct maat_options* maat_options_new(void) struct maat_options* maat_options_new(void)
@@ -1023,7 +1023,7 @@ int maat_bool_plugin_table_get_ex_data(struct maat *maat_inst, const char *table
static int static int
flag_scan(struct table_manager *tbl_mgr, int thread_id, long long flag, flag_scan(struct table_manager *tbl_mgr, int thread_id, long long flag,
int table_id, const char *attribute_name, struct maat_state *state) int table_id, const char *field_name, struct maat_state *state)
{ {
enum table_type table_type = enum table_type table_type =
table_manager_get_table_type(tbl_mgr, table_id); table_manager_get_table_type(tbl_mgr, table_id);
@@ -1040,7 +1040,7 @@ flag_scan(struct table_manager *tbl_mgr, int thread_id, long long flag,
flag_runtime_scan_times_inc((struct flag_runtime *)flag_rt, thread_id); flag_runtime_scan_times_inc((struct flag_runtime *)flag_rt, thread_id);
int object_hit_cnt = flag_runtime_scan((struct flag_runtime *)flag_rt, int object_hit_cnt = flag_runtime_scan((struct flag_runtime *)flag_rt,
thread_id, flag, attribute_name, state); thread_id, flag, field_name, state);
if (object_hit_cnt <= 0) { if (object_hit_cnt <= 0) {
return object_hit_cnt; return object_hit_cnt;
} }
@@ -1052,7 +1052,7 @@ flag_scan(struct table_manager *tbl_mgr, int thread_id, long long flag,
static int static int
interval_scan(struct table_manager *tbl_mgr, int thread_id, long long integer, interval_scan(struct table_manager *tbl_mgr, int thread_id, long long integer,
int table_id, const char *attribute_name, struct maat_state *state) int table_id, const char *field_name, struct maat_state *state)
{ {
enum table_type table_type = enum table_type table_type =
@@ -1070,7 +1070,7 @@ interval_scan(struct table_manager *tbl_mgr, int thread_id, long long integer,
interval_runtime_scan_times_inc((struct interval_runtime *)interval_rt, thread_id); interval_runtime_scan_times_inc((struct interval_runtime *)interval_rt, thread_id);
int object_hit_cnt = interval_runtime_scan((struct interval_runtime *)interval_rt, int object_hit_cnt = interval_runtime_scan((struct interval_runtime *)interval_rt,
thread_id, integer, attribute_name, state); thread_id, integer, field_name, state);
if (object_hit_cnt <= 0) { if (object_hit_cnt <= 0) {
return object_hit_cnt; return object_hit_cnt;
} }
@@ -1082,7 +1082,7 @@ interval_scan(struct table_manager *tbl_mgr, int thread_id, long long integer,
static int static int
ipv4_scan(struct table_manager *tbl_mgr, int thread_id, uint32_t ip_addr, ipv4_scan(struct table_manager *tbl_mgr, int thread_id, uint32_t ip_addr,
int port, int table_id, const char *attribute_name, struct maat_state *state) int port, int table_id, const char *field_name, struct maat_state *state)
{ {
enum table_type table_type = enum table_type table_type =
@@ -1099,7 +1099,7 @@ ipv4_scan(struct table_manager *tbl_mgr, int thread_id, uint32_t ip_addr,
ip_runtime_scan_times_inc(ip_rt, thread_id); ip_runtime_scan_times_inc(ip_rt, thread_id);
int object_hit_cnt = ip_runtime_scan((struct ip_runtime *)ip_rt, thread_id, IPv4, int object_hit_cnt = ip_runtime_scan((struct ip_runtime *)ip_rt, thread_id, IPv4,
(uint8_t *)&ip_addr, port, attribute_name, state); (uint8_t *)&ip_addr, port, field_name, state);
if (object_hit_cnt <= 0) { if (object_hit_cnt <= 0) {
return object_hit_cnt; return object_hit_cnt;
} }
@@ -1111,7 +1111,7 @@ ipv4_scan(struct table_manager *tbl_mgr, int thread_id, uint32_t ip_addr,
static int static int
ipv6_scan(struct table_manager *tbl_mgr, int thread_id, uint8_t *ip_addr, ipv6_scan(struct table_manager *tbl_mgr, int thread_id, uint8_t *ip_addr,
int port, int table_id, const char *attribute_name, struct maat_state *state) int port, int table_id, const char *field_name, struct maat_state *state)
{ {
enum table_type table_type = enum table_type table_type =
@@ -1128,7 +1128,7 @@ ipv6_scan(struct table_manager *tbl_mgr, int thread_id, uint8_t *ip_addr,
ip_runtime_scan_times_inc(ip_rt, thread_id); ip_runtime_scan_times_inc(ip_rt, thread_id);
int object_hit_cnt = ip_runtime_scan((struct ip_runtime *)ip_rt, thread_id, IPv6, int object_hit_cnt = ip_runtime_scan((struct ip_runtime *)ip_rt, thread_id, IPv6,
ip_addr, port, attribute_name, state); ip_addr, port, field_name, state);
if (object_hit_cnt <= 0) { if (object_hit_cnt <= 0) {
return object_hit_cnt; return object_hit_cnt;
} }
@@ -1141,7 +1141,7 @@ ipv6_scan(struct table_manager *tbl_mgr, int thread_id, uint8_t *ip_addr,
static int static int
string_scan(struct table_manager *tbl_mgr, int thread_id, string_scan(struct table_manager *tbl_mgr, int thread_id,
const char *data, size_t data_len, int table_id, const char *data, size_t data_len, int table_id,
const char *attribute_name, struct maat_state *state) const char *field_name, struct maat_state *state)
{ {
enum table_type table_type = enum table_type table_type =
table_manager_get_table_type(tbl_mgr, table_id); table_manager_get_table_type(tbl_mgr, table_id);
@@ -1160,7 +1160,7 @@ string_scan(struct table_manager *tbl_mgr, int thread_id,
int object_hit_cnt = expr_runtime_scan((struct expr_runtime *)expr_rt, int object_hit_cnt = expr_runtime_scan((struct expr_runtime *)expr_rt,
thread_id, data, data_len, thread_id, data, data_len,
attribute_name, state); field_name, state);
if (object_hit_cnt <= 0) { if (object_hit_cnt <= 0) {
return object_hit_cnt; return object_hit_cnt;
} }
@@ -1209,7 +1209,7 @@ int maat_state_need_compile(struct maat_state *state, const char *table_name)
return rule_runtime_need_compile(table_id, (struct rule_runtime *)rule_rt, state->rule_compile_state); return rule_runtime_need_compile(table_id, (struct rule_runtime *)rule_rt, state->rule_compile_state);
} }
int maat_scan_flag(struct maat *maat_inst, const char *table_name, const char *attribute_name, int maat_scan_flag(struct maat *maat_inst, const char *table_name, const char *field_name,
long long flag, struct maat_state *state) long long flag, struct maat_state *state)
{ {
if ((NULL == maat_inst) || (NULL == state) || (state->thread_id < 0)) { if ((NULL == maat_inst) || (NULL == state) || (state->thread_id < 0)) {
@@ -1245,7 +1245,7 @@ int maat_scan_flag(struct maat *maat_inst, const char *table_name, const char *a
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1); alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
int hit_object_cnt = flag_scan(maat_inst->tbl_mgr, state->thread_id, flag, int hit_object_cnt = flag_scan(maat_inst->tbl_mgr, state->thread_id, flag,
table_id, attribute_name, state); table_id, field_name, state);
if (hit_object_cnt < 0) { if (hit_object_cnt < 0) {
maat_inst->stat->scan_err_cnt++; maat_inst->stat->scan_err_cnt++;
goto ERROR; goto ERROR;
@@ -1274,7 +1274,7 @@ ERROR:
return MAAT_SCAN_ERR; return MAAT_SCAN_ERR;
} }
int maat_scan_integer(struct maat *maat_inst, const char *table_name, const char *attribute_name, int maat_scan_integer(struct maat *maat_inst, const char *table_name, const char *field_name,
long long integer, struct maat_state *state) long long integer, struct maat_state *state)
{ {
if ((NULL == maat_inst) || (NULL == state) || (state->thread_id < 0)) { if ((NULL == maat_inst) || (NULL == state) || (state->thread_id < 0)) {
@@ -1310,7 +1310,7 @@ int maat_scan_integer(struct maat *maat_inst, const char *table_name, const char
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1); alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
int hit_object_cnt = interval_scan(maat_inst->tbl_mgr, state->thread_id, integer, int hit_object_cnt = interval_scan(maat_inst->tbl_mgr, state->thread_id, integer,
table_id, attribute_name, state); table_id, field_name, state);
if (hit_object_cnt < 0) { if (hit_object_cnt < 0) {
maat_inst->stat->scan_err_cnt++; maat_inst->stat->scan_err_cnt++;
goto ERROR; goto ERROR;
@@ -1339,7 +1339,7 @@ ERROR:
return MAAT_SCAN_ERR; return MAAT_SCAN_ERR;
} }
int maat_scan_ipv4_port(struct maat *maat_inst, const char *table_name, const char *attribute_name, int maat_scan_ipv4_port(struct maat *maat_inst, const char *table_name, const char *field_name,
uint32_t ip_addr, int port, struct maat_state *state) uint32_t ip_addr, int port, struct maat_state *state)
{ {
if ((NULL == maat_inst) || (NULL == state) || (state->thread_id < 0)) { if ((NULL == maat_inst) || (NULL == state) || (state->thread_id < 0)) {
@@ -1375,7 +1375,7 @@ int maat_scan_ipv4_port(struct maat *maat_inst, const char *table_name, const ch
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1); alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
int hit_object_cnt = ipv4_scan(maat_inst->tbl_mgr, state->thread_id, ip_addr, port, int hit_object_cnt = ipv4_scan(maat_inst->tbl_mgr, state->thread_id, ip_addr, port,
table_id, attribute_name, state); table_id, field_name, state);
if (hit_object_cnt < 0) { if (hit_object_cnt < 0) {
maat_inst->stat->scan_err_cnt++; maat_inst->stat->scan_err_cnt++;
goto ERROR; goto ERROR;
@@ -1404,7 +1404,7 @@ ERROR:
return MAAT_SCAN_ERR; return MAAT_SCAN_ERR;
} }
int maat_scan_ipv6_port(struct maat *maat_inst, const char *table_name, const char *attribute_name, int maat_scan_ipv6_port(struct maat *maat_inst, const char *table_name, const char *field_name,
uint8_t *ip_addr, int port, struct maat_state *state) uint8_t *ip_addr, int port, struct maat_state *state)
{ {
if ((NULL == maat_inst) || (NULL == ip_addr) || (NULL == state) || (state->thread_id < 0)) { if ((NULL == maat_inst) || (NULL == ip_addr) || (NULL == state) || (state->thread_id < 0)) {
@@ -1440,7 +1440,7 @@ int maat_scan_ipv6_port(struct maat *maat_inst, const char *table_name, const ch
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1); alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
int hit_object_cnt = ipv6_scan(maat_inst->tbl_mgr, state->thread_id, ip_addr, port, int hit_object_cnt = ipv6_scan(maat_inst->tbl_mgr, state->thread_id, ip_addr, port,
table_id, attribute_name, state); table_id, field_name, state);
if (hit_object_cnt < 0) { if (hit_object_cnt < 0) {
maat_inst->stat->scan_err_cnt++; maat_inst->stat->scan_err_cnt++;
goto ERROR; goto ERROR;
@@ -1470,19 +1470,19 @@ ERROR:
} }
#define PORT_IGNORED -1 #define PORT_IGNORED -1
inline int maat_scan_ipv6(struct maat *instance, const char *table_name, const char *attribute_name, inline int maat_scan_ipv6(struct maat *instance, const char *table_name, const char *field_name,
uint8_t *ip_addr, struct maat_state *state) uint8_t *ip_addr, struct maat_state *state)
{ {
return maat_scan_ipv6_port(instance, table_name, attribute_name, ip_addr, PORT_IGNORED, state); return maat_scan_ipv6_port(instance, table_name, field_name, ip_addr, PORT_IGNORED, state);
} }
inline int maat_scan_ipv4(struct maat *instance, const char *table_name, const char *attribute_name, inline int maat_scan_ipv4(struct maat *instance, const char *table_name, const char *field_name,
uint32_t ip_addr, struct maat_state *state) uint32_t ip_addr, struct maat_state *state)
{ {
return maat_scan_ipv4_port(instance, table_name, attribute_name, ip_addr, PORT_IGNORED, state); return maat_scan_ipv4_port(instance, table_name, field_name, ip_addr, PORT_IGNORED, state);
} }
int maat_scan_string(struct maat *maat_inst, const char *table_name, const char *attribute_name, int maat_scan_string(struct maat *maat_inst, const char *table_name, const char *field_name,
const char *data, size_t data_len, struct maat_state *state) const char *data, size_t data_len, struct maat_state *state)
{ {
if ((NULL == maat_inst) || (NULL == data) || (0 == data_len) || (NULL == state) || if ((NULL == maat_inst) || (NULL == data) || (0 == data_len) || (NULL == state) ||
@@ -1519,7 +1519,7 @@ int maat_scan_string(struct maat *maat_inst, const char *table_name, const char
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1); alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
int hit_object_cnt = string_scan(maat_inst->tbl_mgr, state->thread_id, data, int hit_object_cnt = string_scan(maat_inst->tbl_mgr, state->thread_id, data,
data_len, table_id, attribute_name, state); data_len, table_id, field_name, state);
if (hit_object_cnt < 0) { if (hit_object_cnt < 0) {
maat_inst->stat->scan_err_cnt++; maat_inst->stat->scan_err_cnt++;
goto ERROR; goto ERROR;
@@ -1548,7 +1548,7 @@ ERROR:
return MAAT_SCAN_ERR; return MAAT_SCAN_ERR;
} }
static void maat_state_add_hit_object(struct maat_state *state, const char *attribute_name, static void maat_state_add_hit_object(struct maat_state *state, const char *field_name,
uuid_t object_uuid_array[], uuid_t item_uuid_array[], size_t array_size) uuid_t object_uuid_array[], uuid_t item_uuid_array[], size_t array_size)
{ {
struct maat *maat_inst = state->maat_inst; struct maat *maat_inst = state->maat_inst;
@@ -1570,12 +1570,12 @@ static void maat_state_add_hit_object(struct maat_state *state, const char *attr
uuid_copy(hit_items[i].object_uuid, object_uuid_array[i]); uuid_copy(hit_items[i].object_uuid, object_uuid_array[i]);
} }
rule_compile_state_update(state->rule_compile_state, maat_inst, attribute_name, rule_compile_state_update(state->rule_compile_state, maat_inst, field_name,
state->rule_table_id, state->Nth_scan, state->rule_table_id, state->Nth_scan,
hit_items, n_hit_item); hit_items, n_hit_item);
} }
int maat_scan_object(struct maat *maat_inst, const char *table_name, const char *attribute_name, int maat_scan_object(struct maat *maat_inst, const char *table_name, const char *field_name,
uuid_t object_uuid_array[], uuid_t item_uuid_array[], size_t array_size, struct maat_state *state) uuid_t object_uuid_array[], uuid_t item_uuid_array[], size_t array_size, struct maat_state *state)
{ {
if ((NULL == maat_inst) || (array_size == 0) || (NULL == state) || if ((NULL == maat_inst) || (array_size == 0) || (NULL == state) ||
@@ -1600,14 +1600,14 @@ int maat_scan_object(struct maat *maat_inst, const char *table_name, const char
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1); alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
maat_state_add_hit_object(state, attribute_name, object_uuid_array, item_uuid_array, array_size); maat_state_add_hit_object(state, field_name, object_uuid_array, item_uuid_array, array_size);
maat_runtime_ref_dec(maat_inst->maat_rt, state->thread_id); maat_runtime_ref_dec(maat_inst->maat_rt, state->thread_id);
return MAAT_SCAN_OK; return MAAT_SCAN_OK;
} }
int maat_scan_not_logic(struct maat *maat_inst, const char *table_name, const char *attribute_name, struct maat_state *state) int maat_scan_not_logic(struct maat *maat_inst, const char *table_name, const char *field_name, struct maat_state *state)
{ {
if ((NULL == maat_inst) || (NULL == state) || (state->thread_id < 0)) { if ((NULL == maat_inst) || (NULL == state) || (state->thread_id < 0)) {
return -1; return -1;
@@ -1626,14 +1626,14 @@ int maat_scan_not_logic(struct maat *maat_inst, const char *table_name, const ch
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1); alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
rule_compile_state_not_logic_update(maat_inst, state->rule_compile_state, attribute_name, state->Nth_scan); rule_compile_state_not_logic_update(maat_inst, state->rule_compile_state, field_name, state->Nth_scan);
maat_runtime_ref_dec(maat_inst->maat_rt, state->thread_id); maat_runtime_ref_dec(maat_inst->maat_rt, state->thread_id);
return MAAT_SCAN_OK; return MAAT_SCAN_OK;
} }
struct maat_stream *maat_stream_new(struct maat *maat_inst, const char *table_name, const char *attribute_name, struct maat_state *state) struct maat_stream *maat_stream_new(struct maat *maat_inst, const char *table_name, const char *field_name, struct maat_state *state)
{ {
if ((NULL == maat_inst) || (NULL == state) || (state->thread_id < 0)) { if ((NULL == maat_inst) || (NULL == state) || (state->thread_id < 0)) {
return NULL; return NULL;
@@ -1644,7 +1644,7 @@ struct maat_stream *maat_stream_new(struct maat *maat_inst, const char *table_na
stream->last_full_version = maat_inst->last_full_version; stream->last_full_version = maat_inst->last_full_version;
stream->thread_id = state->thread_id; stream->thread_id = state->thread_id;
stream->table_id = table_manager_get_table_id(maat_inst->tbl_mgr, table_name); stream->table_id = table_manager_get_table_id(maat_inst->tbl_mgr, table_name);
snprintf(stream->attribute_name, sizeof(stream->attribute_name), "%s", attribute_name); snprintf(stream->field_name, sizeof(stream->field_name), "%s", field_name);
stream->logger = maat_inst->logger; stream->logger = maat_inst->logger;
enum table_type table_type = TABLE_TYPE_INVALID; enum table_type table_type = TABLE_TYPE_INVALID;
@@ -1703,7 +1703,7 @@ static int expr_stream_scan(struct maat_stream *stream, const char *data,
data_len); data_len);
int object_hit_cnt = expr_runtime_stream_scan(stream->expr_rt_stream, data, int object_hit_cnt = expr_runtime_stream_scan(stream->expr_rt_stream, data,
data_len, stream->attribute_name, state); data_len, stream->field_name, state);
if (object_hit_cnt <= 0) { if (object_hit_cnt <= 0) {
return object_hit_cnt; return object_hit_cnt;
} }
@@ -1907,7 +1907,7 @@ size_t maat_state_get_scan_count(struct maat_state *state)
return state->Nth_scan; return state->Nth_scan;
} }
size_t maat_state_get_hit_items(struct maat_state *state, const char *attribute_name, size_t maat_state_get_hit_items(struct maat_state *state, const char *field_name,
uuid_t item_array[], uuid_t direct_object_array[], uuid_t item_array[], uuid_t direct_object_array[],
size_t array_size) size_t array_size)
{ {
@@ -1919,19 +1919,19 @@ size_t maat_state_get_hit_items(struct maat_state *state, const char *attribute_
return 0; return 0;
} }
return rule_compile_state_get_direct_hit_items(state->maat_inst, state->rule_compile_state, attribute_name, item_array, direct_object_array, array_size); return rule_compile_state_get_direct_hit_items(state->maat_inst, state->rule_compile_state, field_name, item_array, direct_object_array, array_size);
} }
size_t maat_state_get_hit_item_cnt(struct maat_state *state, const char *attribute_name) size_t maat_state_get_hit_item_cnt(struct maat_state *state, const char *field_name)
{ {
if (NULL == state || NULL == state->rule_compile_state) { if (NULL == state || NULL == state->rule_compile_state) {
return 0; return 0;
} }
return rule_compile_state_get_direct_hit_item_cnt(state->maat_inst, state->rule_compile_state, attribute_name); return rule_compile_state_get_direct_hit_item_cnt(state->maat_inst, state->rule_compile_state, field_name);
} }
size_t maat_state_get_indirect_hit_objects(struct maat_state *state, const char *attribute_name, size_t maat_state_get_indirect_hit_objects(struct maat_state *state, const char *field_name,
uuid_t object_array[], size_t array_size) uuid_t object_array[], size_t array_size)
{ {
if (NULL == state || NULL == object_array || 0 == array_size) { if (NULL == state || NULL == object_array || 0 == array_size) {
@@ -1942,19 +1942,19 @@ size_t maat_state_get_indirect_hit_objects(struct maat_state *state, const char
return 0; return 0;
} }
return rule_compile_state_get_indirect_hit_objects(state->maat_inst, state->rule_compile_state, attribute_name, object_array, array_size); return rule_compile_state_get_indirect_hit_objects(state->maat_inst, state->rule_compile_state, field_name, object_array, array_size);
} }
size_t maat_state_get_indirect_hit_object_cnt(struct maat_state *state, const char *attribute_name) size_t maat_state_get_indirect_hit_object_cnt(struct maat_state *state, const char *field_name)
{ {
if (NULL == state || NULL == state->rule_compile_state) { if (NULL == state || NULL == state->rule_compile_state) {
return 0; return 0;
} }
return rule_compile_state_get_indirect_hit_object_cnt(state->maat_inst, state->rule_compile_state, attribute_name); return rule_compile_state_get_indirect_hit_object_cnt(state->maat_inst, state->rule_compile_state, field_name);
} }
size_t maat_state_get_hit_objects(struct maat_state *state, const char *attribute_name, uuid_t object_array[], size_t array_size) size_t maat_state_get_hit_objects(struct maat_state *state, const char *field_name, uuid_t object_array[], size_t array_size)
{ {
if (NULL == state || NULL == object_array || 0 == array_size) { if (NULL == state || NULL == object_array || 0 == array_size) {
return 0; return 0;
@@ -1964,21 +1964,21 @@ size_t maat_state_get_hit_objects(struct maat_state *state, const char *attribut
return 0; return 0;
} }
return rule_compile_state_get_hit_objects(state->maat_inst, state->rule_compile_state, attribute_name, object_array, array_size); return rule_compile_state_get_hit_objects(state->maat_inst, state->rule_compile_state, field_name, object_array, array_size);
} }
size_t maat_state_get_hit_object_cnt(struct maat_state *state, const char *attribute_name) size_t maat_state_get_hit_object_cnt(struct maat_state *state, const char *field_name)
{ {
if (NULL == state || NULL == state->rule_compile_state) { if (NULL == state || NULL == state->rule_compile_state) {
return 0; return 0;
} }
return rule_compile_state_get_hit_object_cnt(state->maat_inst, state->rule_compile_state, attribute_name); return rule_compile_state_get_hit_object_cnt(state->maat_inst, state->rule_compile_state, field_name);
} }
size_t maat_state_get_attribute_names(struct maat_state *state, const char *attribute_names[], size_t array_size) size_t maat_state_get_field_names(struct maat_state *state, const char *field_names[], size_t array_size)
{ {
if (NULL == state || NULL == attribute_names || 0 == array_size) { if (NULL == state || NULL == field_names || 0 == array_size) {
return 0; return 0;
} }
@@ -1986,14 +1986,14 @@ size_t maat_state_get_attribute_names(struct maat_state *state, const char *attr
return 0; return 0;
} }
return rule_compile_state_get_attribute_names(state->rule_compile_state, attribute_names, array_size); return rule_compile_state_get_field_names(state->rule_compile_state, field_names, array_size);
} }
size_t maat_state_get_attribute_cnt(struct maat_state *state) size_t maat_state_get_field_cnt(struct maat_state *state)
{ {
if (NULL == state || NULL == state->rule_compile_state) { if (NULL == state || NULL == state->rule_compile_state) {
return 0; return 0;
} }
return rule_compile_state_get_attribute_cnt(state->rule_compile_state); return rule_compile_state_get_field_cnt(state->rule_compile_state);
} }

6
src/maat_config_monitor.c
View File

@@ -348,10 +348,10 @@ void convert_maat_json_rule(cJSON **json_root, unsigned char *json_buff)
/* /*
"rules": [ "items":[ "rules": [ "items":[
{ { { {
"uuid": "201", "table_name": "ATTR_APP_ID", "uuid": "201", "table_name": "FIELD_APP_ID",
"conditions": [ "table_content": { "conditions": [ "table_content": {
{ "uuid": "1", { "uuid": "1",
"attribute_name": "ATTR_APP_ID", "object_uuid": "1", "field_name": "FIELD_APP_ID", "object_uuid": "1",
"objects": [ "interval": "4001" "objects": [ "interval": "4001"
{ {
"items":[ --------------> } "items":[ --------------> }
@@ -363,7 +363,7 @@ void convert_maat_json_rule(cJSON **json_root, unsigned char *json_buff)
] "uuid": "201", ] "uuid": "201",
} "conditions": [ } "conditions": [
], { ], {
"misc": "blah, blah" "attribute_name": "ATTR_APP_ID", "misc": "blah, blah" "field_name": "FIELD_APP_ID",
} "object_uuids": ["1"] } "object_uuids": ["1"]
] } ] }
] ]

8
src/maat_expr.c
View File

@@ -813,7 +813,7 @@ long long expr_runtime_get_version(void *expr_runtime)
int expr_runtime_scan(struct expr_runtime *expr_rt, int thread_id, int expr_runtime_scan(struct expr_runtime *expr_rt, int thread_id,
const char *data, size_t data_len, const char *data, size_t data_len,
const char *attribute_name, struct maat_state *state) const char *field_name, struct maat_state *state)
{ {
if (0 == expr_rt->rule_num) { if (0 == expr_rt->rule_num) {
//empty expr table //empty expr table
@@ -872,7 +872,7 @@ next:
state->thread_id, 1); state->thread_id, 1);
} }
return rule_compile_state_update(state->rule_compile_state, state->maat_inst, attribute_name, return rule_compile_state_update(state->rule_compile_state, state->maat_inst, field_name,
state->rule_table_id, state->Nth_scan, state->rule_table_id, state->Nth_scan,
hit_maat_items, real_hit_item_num); hit_maat_items, real_hit_item_num);
} }
@@ -898,7 +898,7 @@ expr_runtime_stream_open(struct expr_runtime *expr_rt, int thread_id)
int expr_runtime_stream_scan(struct expr_runtime_stream *expr_rt_stream, int expr_runtime_stream_scan(struct expr_runtime_stream *expr_rt_stream,
const char *data, size_t data_len, const char *data, size_t data_len,
const char *attribute_name, struct maat_state *state) const char *field_name, struct maat_state *state)
{ {
struct expr_runtime *expr_rt = expr_rt_stream->ref_expr_rt; struct expr_runtime *expr_rt = expr_rt_stream->ref_expr_rt;
@@ -960,7 +960,7 @@ next:
state->thread_id, 1); state->thread_id, 1);
} }
return rule_compile_state_update(state->rule_compile_state, state->maat_inst, attribute_name, return rule_compile_state_update(state->rule_compile_state, state->maat_inst, field_name,
state->rule_table_id, state->Nth_scan, state->rule_table_id, state->Nth_scan,
hit_maat_items, real_hit_item_cnt); hit_maat_items, real_hit_item_cnt);
} }

4
src/maat_flag.c
View File

@@ -401,7 +401,7 @@ long long flag_runtime_rule_count(void *flag_runtime)
} }
int flag_runtime_scan(struct flag_runtime *flag_rt, int thread_id, int flag_runtime_scan(struct flag_runtime *flag_rt, int thread_id,
long long flag, const char *attribute_name, struct maat_state *state) long long flag, const char *field_name, struct maat_state *state)
{ {
if (0 == flag_rt->rule_num) { if (0 == flag_rt->rule_num) {
//empty flag table //empty flag table
@@ -453,7 +453,7 @@ next:
state->thread_id, 1); state->thread_id, 1);
} }
return rule_compile_state_update(state->rule_compile_state, state->maat_inst, attribute_name, return rule_compile_state_update(state->rule_compile_state, state->maat_inst, field_name,
state->rule_table_id, state->Nth_scan, state->rule_table_id, state->Nth_scan,
hit_maat_items, real_hit_item_cnt); hit_maat_items, real_hit_item_cnt);
} }

4
src/maat_interval.c
View File

@@ -409,7 +409,7 @@ long long interval_runtime_rule_count(void *interval_runtime)
} }
int interval_runtime_scan(struct interval_runtime *interval_rt, int thread_id, int interval_runtime_scan(struct interval_runtime *interval_rt, int thread_id,
long long integer, const char *attribute_name, struct maat_state *state) long long integer, const char *field_name, struct maat_state *state)
{ {
if (0 == interval_rt->rule_num) { if (0 == interval_rt->rule_num) {
//empty interval table //empty interval table
@@ -461,7 +461,7 @@ next:
state->thread_id, 1); state->thread_id, 1);
} }
return rule_compile_state_update(state->rule_compile_state, state->maat_inst, attribute_name, return rule_compile_state_update(state->rule_compile_state, state->maat_inst, field_name,
state->rule_table_id, state->Nth_scan, state->rule_table_id, state->Nth_scan,
hit_maat_items, real_hit_item_cnt); hit_maat_items, real_hit_item_cnt);
} }

4
src/maat_ip.c
View File

@@ -475,7 +475,7 @@ long long ip_runtime_ipv6_rule_count(void *ip_runtime)
} }
int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type, int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type,
uint8_t *ip_addr, int port, const char *attribute_name, struct maat_state *state) uint8_t *ip_addr, int port, const char *field_name, struct maat_state *state)
{ {
if (0 == ip_rt->rule_num) { if (0 == ip_rt->rule_num) {
//empty ip table //empty ip table
@@ -548,7 +548,7 @@ next:
state->thread_id, 1); state->thread_id, 1);
} }
return rule_compile_state_update(state->rule_compile_state, state->maat_inst, attribute_name, return rule_compile_state_update(state->rule_compile_state, state->maat_inst, field_name,
state->rule_table_id, state->Nth_scan, state->rule_table_id, state->Nth_scan,
hit_maat_items, real_hit_item_cnt); hit_maat_items, real_hit_item_cnt);
} }

144
src/maat_rule.c
View File

@@ -50,7 +50,7 @@ struct rule_item {
struct condition_query_key { struct condition_query_key {
uuid_t object_uuid; uuid_t object_uuid;
char attribute_name[MAX_ATTR_NAME_LEN]; char field_name[MAX_FIELD_NAME_LEN];
int negate_option; int negate_option;
}; };
@@ -61,15 +61,15 @@ struct condition_id_kv {
}; };
struct table_condition { struct table_condition {
char attribute_name[MAX_ATTR_NAME_LEN]; char field_name[MAX_FIELD_NAME_LEN];
int actual_condition_num; int actual_condition_num;
UT_array *condition_ids; UT_array *condition_ids;
UT_array *object_ids; UT_array *object_ids;
UT_hash_handle hh; UT_hash_handle hh;
}; };
struct attribute_hit_object_collection { struct field_hit_object_collection {
char attribute_name[MAX_ATTR_NAME_LEN]; char field_name[MAX_FIELD_NAME_LEN];
UT_array *direct_items; UT_array *direct_items;
UT_array *indirect_object_uuids;//TODO: change it to graph? UT_array *indirect_object_uuids;//TODO: change it to graph?
UT_array *all_object_uuids; UT_array *all_object_uuids;
@@ -97,7 +97,7 @@ struct rule_runtime {
struct condition_id_kv *not_condition_id_kv_hash; //store NOT_condition_ids(negate_option == 1) struct condition_id_kv *not_condition_id_kv_hash; //store NOT_condition_ids(negate_option == 1)
struct bool_expr_match *expr_match_buff; struct bool_expr_match *expr_match_buff;
struct maat_garbage_bin *ref_garbage_bin; struct maat_garbage_bin *ref_garbage_bin;
struct table_condition *tbl_not_condition_hash; //each attribute's negate condition number <= MAX_NOT_CONDITION_NUM struct table_condition *tbl_not_condition_hash; //each field's negate condition number <= MAX_NOT_CONDITION_NUM
struct log_handle *logger; struct log_handle *logger;
time_t version; time_t version;
@@ -108,7 +108,7 @@ struct rule_runtime {
struct condition_literal { struct condition_literal {
uuid_t object_uuids[MAX_OBJECT_CNT]; uuid_t object_uuids[MAX_OBJECT_CNT];
int object_cnt; int object_cnt;
char attribute_name[MAX_ATTR_NAME_LEN]; char field_name[MAX_FIELD_NAME_LEN];
}; };
struct rule_condition { struct rule_condition {
@@ -139,7 +139,7 @@ struct internal_hit_path {
uuid_t object_uuid; uuid_t object_uuid;
int Nth_scan; int Nth_scan;
int negate_option; // 1 means negate condition int negate_option; // 1 means negate condition
char attribute_name[MAX_ATTR_NAME_LEN]; char field_name[MAX_FIELD_NAME_LEN];
}; };
struct rule_compile_state { struct rule_compile_state {
@@ -148,7 +148,7 @@ struct rule_compile_state {
UT_array *internal_hit_paths; UT_array *internal_hit_paths;
UT_array *all_hit_conditions; UT_array *all_hit_conditions;
UT_array *exclude_not_conditions; UT_array *exclude_not_conditions;
struct attribute_hit_object_collection *attr_hit_objects_hashtbl; struct field_hit_object_collection *attr_hit_objects_hashtbl;
struct rule_compile_runtime_state *rule_runtime_state_hash; struct rule_compile_runtime_state *rule_runtime_state_hash;
}; };
@@ -195,11 +195,11 @@ static void maat_rule_free(struct maat_rule *rule)
} }
static int validate_table_not_condition(struct rule_runtime *rule_rt, static int validate_table_not_condition(struct rule_runtime *rule_rt,
struct table_manager *tbl_mgr, const char *attribute_name, struct table_manager *tbl_mgr, const char *field_name,
enum maat_operation op, struct log_handle *logger) enum maat_operation op, struct log_handle *logger)
{ {
struct table_condition *not_condition = NULL; struct table_condition *not_condition = NULL;
HASH_FIND_STR(rule_rt->tbl_not_condition_hash, attribute_name, not_condition); HASH_FIND_STR(rule_rt->tbl_not_condition_hash, field_name, not_condition);
if (MAAT_OP_DEL == op) { if (MAAT_OP_DEL == op) {
//delete //delete
@@ -212,14 +212,14 @@ static int validate_table_not_condition(struct rule_runtime *rule_rt,
//add //add
if (NULL == not_condition) { if (NULL == not_condition) {
not_condition = ALLOC(struct table_condition, 1); not_condition = ALLOC(struct table_condition, 1);
snprintf(not_condition->attribute_name, sizeof(not_condition->attribute_name), "%s", attribute_name); snprintf(not_condition->field_name, sizeof(not_condition->field_name), "%s", field_name);
not_condition->actual_condition_num++; not_condition->actual_condition_num++;
HASH_ADD_STR(rule_rt->tbl_not_condition_hash, attribute_name, not_condition); HASH_ADD_STR(rule_rt->tbl_not_condition_hash, field_name, not_condition);
} else { } else {
if (not_condition->actual_condition_num >= MAX_NOT_CONDITION_NUM) { if (not_condition->actual_condition_num >= MAX_NOT_CONDITION_NUM) {
log_fatal(logger, MODULE_RULE, log_fatal(logger, MODULE_RULE,
"[%s:%d]attribute:<%s> negate condition num exceed maximum:%d", "[%s:%d]field:<%s> negate condition num exceed maximum:%d",
__FUNCTION__, __LINE__, attribute_name, MAX_NOT_CONDITION_NUM); __FUNCTION__, __LINE__, field_name, MAX_NOT_CONDITION_NUM);
return -1; return -1;
} }
not_condition->actual_condition_num++; not_condition->actual_condition_num++;
@@ -297,24 +297,24 @@ static struct maat_rule *maat_rule_new(struct rule_runtime *rule_rt, struct rule
struct condition_literal tmp_literal; struct condition_literal tmp_literal;
memset(&tmp_literal, 0, sizeof(tmp_literal)); memset(&tmp_literal, 0, sizeof(tmp_literal));
tmp_obj = cJSON_GetObjectItem(literal_obj, "attribute_name"); tmp_obj = cJSON_GetObjectItem(literal_obj, "field_name");
if (tmp_obj == NULL || tmp_obj->type != cJSON_String) { if (tmp_obj == NULL || tmp_obj->type != cJSON_String) {
log_fatal(rule_rt->logger, MODULE_RULE, log_fatal(rule_rt->logger, MODULE_RULE,
"[%s:%d] table: <%s> has no attribute_name or not string format", "[%s:%d] table: <%s> has no field_name or not string format",
__FUNCTION__, __LINE__, table_name); __FUNCTION__, __LINE__, table_name);
goto error; goto error;
} }
if (strlen(tmp_obj->valuestring) >= sizeof(tmp_literal.attribute_name)) { if (strlen(tmp_obj->valuestring) >= sizeof(tmp_literal.field_name)) {
log_fatal(logger, MODULE_RULE, log_fatal(logger, MODULE_RULE,
"[%s:%d] table: <%s> attribute_name:%s length exceed maximum:%d", "[%s:%d] table: <%s> field_name:%s length exceed maximum:%d",
__FUNCTION__, __LINE__, table_name, tmp_obj->valuestring, sizeof(tmp_literal.attribute_name)); __FUNCTION__, __LINE__, table_name, tmp_obj->valuestring, sizeof(tmp_literal.field_name));
goto error; goto error;
} }
snprintf(tmp_literal.attribute_name, sizeof(tmp_literal.attribute_name), "%s", tmp_obj->valuestring); snprintf(tmp_literal.field_name, sizeof(tmp_literal.field_name), "%s", tmp_obj->valuestring);
if (condition->negate_option == CONDITION_NEGATE_OPTION_SET) { if (condition->negate_option == CONDITION_NEGATE_OPTION_SET) {
int ret = validate_table_not_condition(rule_rt, schema->ref_tbl_mgr, tmp_literal.attribute_name, MAAT_OP_ADD, logger); int ret = validate_table_not_condition(rule_rt, schema->ref_tbl_mgr, tmp_literal.field_name, MAAT_OP_ADD, logger);
if (ret < 0) { if (ret < 0) {
log_fatal(logger, MODULE_RULE, log_fatal(logger, MODULE_RULE,
"[%s:%d] table: <%s> validate negate_option failed, line: %s", "[%s:%d] table: <%s> validate negate_option failed, line: %s",
@@ -728,7 +728,7 @@ build_condition_id_kv_hash(struct rule_runtime *rule_rt, int negate_option)
memset(&key, 0, sizeof(key)); memset(&key, 0, sizeof(key));
memcpy(key.attribute_name, tmp_literal->attribute_name, sizeof(key.attribute_name)); memcpy(key.field_name, tmp_literal->field_name, sizeof(key.field_name));
key.negate_option = condition->negate_option; key.negate_option = condition->negate_option;
uuid_copy(key.object_uuid, tmp_literal->object_uuids[k]); uuid_copy(key.object_uuid, tmp_literal->object_uuids[k]);
@@ -820,7 +820,7 @@ void rule_compile_state_reset(struct rule_compile_state *rule_compile_state)
utarray_clear(rule_compile_state->all_hit_conditions); utarray_clear(rule_compile_state->all_hit_conditions);
utarray_clear(rule_compile_state->exclude_not_conditions); utarray_clear(rule_compile_state->exclude_not_conditions);
struct attribute_hit_object_collection *attr_hit_obj = NULL, *tmp_hit_attr_obj = NULL; struct field_hit_object_collection *attr_hit_obj = NULL, *tmp_hit_attr_obj = NULL;
HASH_ITER(hh, rule_compile_state->attr_hit_objects_hashtbl, attr_hit_obj, tmp_hit_attr_obj) { HASH_ITER(hh, rule_compile_state->attr_hit_objects_hashtbl, attr_hit_obj, tmp_hit_attr_obj) {
if (attr_hit_obj->direct_items != NULL) { if (attr_hit_obj->direct_items != NULL) {
utarray_clear(attr_hit_obj->direct_items); utarray_clear(attr_hit_obj->direct_items);
@@ -876,7 +876,7 @@ void rule_compile_state_free(struct rule_compile_state *rule_compile_state,
rule_compile_state->exclude_not_conditions = NULL; rule_compile_state->exclude_not_conditions = NULL;
} }
struct attribute_hit_object_collection *attr_hit_obj = NULL, *tmp_hit_attr_obj = NULL; struct field_hit_object_collection *attr_hit_obj = NULL, *tmp_hit_attr_obj = NULL;
HASH_ITER(hh, rule_compile_state->attr_hit_objects_hashtbl, attr_hit_obj, tmp_hit_attr_obj) { HASH_ITER(hh, rule_compile_state->attr_hit_objects_hashtbl, attr_hit_obj, tmp_hit_attr_obj) {
if (attr_hit_obj->direct_items != NULL) { if (attr_hit_obj->direct_items != NULL) {
free_bytes += utarray_size(attr_hit_obj->direct_items) * sizeof(struct maat_item); free_bytes += utarray_size(attr_hit_obj->direct_items) * sizeof(struct maat_item);
@@ -897,7 +897,7 @@ void rule_compile_state_free(struct rule_compile_state *rule_compile_state,
} }
HASH_DEL(rule_compile_state->attr_hit_objects_hashtbl, attr_hit_obj); HASH_DEL(rule_compile_state->attr_hit_objects_hashtbl, attr_hit_obj);
free_bytes += sizeof(struct attribute_hit_object_collection); free_bytes += sizeof(struct field_hit_object_collection);
FREE(attr_hit_obj); FREE(attr_hit_obj);
} }
@@ -918,7 +918,7 @@ void rule_compile_state_free(struct rule_compile_state *rule_compile_state,
static void static void
rule_compile_state_add_internal_hit_path(struct rule_compile_state *rule_compile_state, rule_compile_state_add_internal_hit_path(struct rule_compile_state *rule_compile_state,
uuid_t item_uuid, uuid_t object_uuid, uuid_t item_uuid, uuid_t object_uuid,
const char *attribute_name, int negate_option, int Nth_scan) const char *field_name, int negate_option, int Nth_scan)
{ {
if (NULL == rule_compile_state) { if (NULL == rule_compile_state) {
return; return;
@@ -928,7 +928,7 @@ rule_compile_state_add_internal_hit_path(struct rule_compile_state *rule_compile
uuid_copy(new_path.item_uuid, item_uuid); uuid_copy(new_path.item_uuid, item_uuid);
new_path.Nth_scan = Nth_scan; new_path.Nth_scan = Nth_scan;
uuid_copy(new_path.object_uuid, object_uuid); uuid_copy(new_path.object_uuid, object_uuid);
snprintf(new_path.attribute_name, sizeof(new_path.attribute_name), "%s", attribute_name); snprintf(new_path.field_name, sizeof(new_path.field_name), "%s", field_name);
new_path.negate_option = negate_option; new_path.negate_option = negate_option;
utarray_push_back(rule_compile_state->internal_hit_paths, &new_path); utarray_push_back(rule_compile_state->internal_hit_paths, &new_path);
@@ -947,7 +947,7 @@ static int maat_rule_has_condition_query_key(struct maat_rule *rule,
for (size_t j = 0; j < utarray_len(condition->literals); j++) { for (size_t j = 0; j < utarray_len(condition->literals); j++) {
tmp_literal = (struct condition_literal *)utarray_eltptr(condition->literals, j); tmp_literal = (struct condition_literal *)utarray_eltptr(condition->literals, j);
if (strcmp(tmp_literal->attribute_name, key->attribute_name) != 0) { if (strcmp(tmp_literal->field_name, key->field_name) != 0) {
continue; continue;
} }
@@ -969,7 +969,7 @@ static int maat_rule_has_condition_query_key(struct maat_rule *rule,
static size_t static size_t
maat_rule_get_hit_condition_index(struct maat_rule *rule, maat_rule_get_hit_condition_index(struct maat_rule *rule,
const char *attribute_name, uuid_t *hit_object_uuid, const char *field_name, uuid_t *hit_object_uuid,
int *condition_idx_array, size_t array_size) int *condition_idx_array, size_t array_size)
{ {
size_t hit_condition_cnt = 0; size_t hit_condition_cnt = 0;
@@ -985,7 +985,7 @@ maat_rule_get_hit_condition_index(struct maat_rule *rule,
for (size_t j = 0; j < utarray_len(tmp_condition->literals); j++) { for (size_t j = 0; j < utarray_len(tmp_condition->literals); j++) {
tmp_literal = (struct condition_literal *)utarray_eltptr(tmp_condition->literals, j); tmp_literal = (struct condition_literal *)utarray_eltptr(tmp_condition->literals, j);
if (strcmp(tmp_literal->attribute_name, attribute_name) != 0) { if (strcmp(tmp_literal->field_name, field_name) != 0) {
continue; continue;
} }
@@ -1017,7 +1017,7 @@ maat_rule_is_hit_path_existed(const struct maat_hit_path *hit_paths,
static void populate_hit_path_with_rule(struct maat_hit_path *hit_path_array, static void populate_hit_path_with_rule(struct maat_hit_path *hit_path_array,
size_t array_idx, size_t n_hit_path, size_t array_idx, size_t n_hit_path,
size_t *n_new_hit_path, const char *attribute_name, size_t *n_new_hit_path, const char *field_name,
struct maat_rule *rule) struct maat_rule *rule)
{ {
size_t i = 0; size_t i = 0;
@@ -1035,7 +1035,7 @@ static void populate_hit_path_with_rule(struct maat_hit_path *hit_path_array,
uuid_copy(hit_path_array[idx].rule_uuid, rule->rule_uuid); uuid_copy(hit_path_array[idx].rule_uuid, rule->rule_uuid);
// find out which condition in rule hit // find out which condition in rule hit
n_condition_index = n_condition_index =
maat_rule_get_hit_condition_index(rule, attribute_name, maat_rule_get_hit_condition_index(rule, field_name,
&hit_path_array[idx].top_object_uuid, &hit_path_array[idx].top_object_uuid,
condition_index_array, condition_index_array,
MAX_ITEMS_PER_BOOL_EXPR); MAX_ITEMS_PER_BOOL_EXPR);
@@ -1056,7 +1056,7 @@ static void populate_hit_path_with_rule(struct maat_hit_path *hit_path_array,
hit_path_array[n_hit_path + new_hit_path_cnt] = tmp_path; hit_path_array[n_hit_path + new_hit_path_cnt] = tmp_path;
new_hit_path_cnt++; new_hit_path_cnt++;
n_condition_index = n_condition_index =
maat_rule_get_hit_condition_index(rule, attribute_name, &tmp_path.top_object_uuid, maat_rule_get_hit_condition_index(rule, field_name, &tmp_path.top_object_uuid,
condition_index_array, MAX_ITEMS_PER_BOOL_EXPR); condition_index_array, MAX_ITEMS_PER_BOOL_EXPR);
hit_path_array[n_hit_path + new_hit_path_cnt - 1].condition_index = condition_index_array[0]; hit_path_array[n_hit_path + new_hit_path_cnt - 1].condition_index = condition_index_array[0];
if (n_condition_index > 1) { if (n_condition_index > 1) {
@@ -1106,11 +1106,11 @@ size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id,
uuid_copy(key.object_uuid, hit_path_array[j].top_object_uuid); uuid_copy(key.object_uuid, hit_path_array[j].top_object_uuid);
} }
memcpy(key.attribute_name, hit_path_array[j].attribute_name, sizeof(key.attribute_name)); memcpy(key.field_name, hit_path_array[j].field_name, sizeof(key.field_name));
key.negate_option = hit_path_array[j].negate_option; key.negate_option = hit_path_array[j].negate_option;
if (maat_rule_has_condition_query_key(rule, &key)) { if (maat_rule_has_condition_query_key(rule, &key)) {
populate_hit_path_with_rule(hit_path_array, j, n_hit_path, populate_hit_path_with_rule(hit_path_array, j, n_hit_path,
&n_new_hit_path, key.attribute_name, rule); &n_new_hit_path, key.field_name, rule);
} }
} }
} }
@@ -1121,7 +1121,7 @@ size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id,
static void static void
rule_compile_state_add_direct_hit_objects(struct rule_compile_state *rule_compile_state, rule_compile_state_add_direct_hit_objects(struct rule_compile_state *rule_compile_state,
struct maat_item *hit_items, struct maat_item *hit_items,
size_t n_hit_items, struct attribute_hit_object_collection * attr_hit_obj_coll) size_t n_hit_items, struct field_hit_object_collection * attr_hit_obj_coll)
{ {
if (NULL == rule_compile_state || NULL == hit_items) { if (NULL == rule_compile_state || NULL == hit_items) {
return; return;
@@ -1135,7 +1135,7 @@ rule_compile_state_add_direct_hit_objects(struct rule_compile_state *rule_compil
static void static void
rule_compile_state_add_indirect_hit_objects(struct rule_compile_state *rule_compile_state, rule_compile_state_add_indirect_hit_objects(struct rule_compile_state *rule_compile_state,
uuid_t *object_uuids, size_t n_object_uuids, uuid_t *object_uuids, size_t n_object_uuids,
struct attribute_hit_object_collection * attr_hit_obj_coll) struct field_hit_object_collection * attr_hit_obj_coll)
{ {
if (NULL == rule_compile_state || NULL == object_uuids) { if (NULL == rule_compile_state || NULL == object_uuids) {
return; return;
@@ -1315,7 +1315,7 @@ static void rule_runtime_del_rule(struct rule_runtime *rule_rt,
if (condition->in_use && condition->negate_option == CONDITION_NEGATE_OPTION_SET) { if (condition->in_use && condition->negate_option == CONDITION_NEGATE_OPTION_SET) {
for (size_t j = 0; j < utarray_len(condition->literals); j++) { for (size_t j = 0; j < utarray_len(condition->literals); j++) {
struct condition_literal *literal = (struct condition_literal *)utarray_eltptr(condition->literals, j); struct condition_literal *literal = (struct condition_literal *)utarray_eltptr(condition->literals, j);
validate_table_not_condition(rule_rt, schema->ref_tbl_mgr, literal->attribute_name, MAAT_OP_DEL, logger); validate_table_not_condition(rule_rt, schema->ref_tbl_mgr, literal->field_name, MAAT_OP_DEL, logger);
} }
} }
} }
@@ -1534,11 +1534,11 @@ int rule_runtime_match(int table_id, struct rule_runtime *rule_rt, uuid_t *rule_
rule_compile_rt_state->rule_rt_version = rule_rt->version; rule_compile_rt_state->rule_rt_version = rule_rt->version;
} }
struct attribute_hit_object_collection *attr_hit_obj_coll = NULL, *tmp = NULL; struct field_hit_object_collection *attr_hit_obj_coll = NULL, *tmp = NULL;
HASH_ITER(hh, rule_compile_state->attr_hit_objects_hashtbl, attr_hit_obj_coll, tmp) { HASH_ITER(hh, rule_compile_state->attr_hit_objects_hashtbl, attr_hit_obj_coll, tmp) {
struct condition_query_key key; struct condition_query_key key;
memset(&key, 0, sizeof(key)); memset(&key, 0, sizeof(key));
snprintf(key.attribute_name, sizeof(key.attribute_name), "%s", attr_hit_obj_coll->attribute_name); snprintf(key.field_name, sizeof(key.field_name), "%s", attr_hit_obj_coll->field_name);
for (int i = 0; i < utarray_len(attr_hit_obj_coll->all_object_uuids); i++) { for (int i = 0; i < utarray_len(attr_hit_obj_coll->all_object_uuids); i++) {
uuid_t *object_uuid = utarray_eltptr(attr_hit_obj_coll->all_object_uuids, i); uuid_t *object_uuid = utarray_eltptr(attr_hit_obj_coll->all_object_uuids, i);
@@ -1568,7 +1568,7 @@ int rule_runtime_match(int table_id, struct rule_runtime *rule_rt, uuid_t *rule_
//not conditions //not conditions
struct condition_id_kv *condition_id_kv = NULL, *tmp_condition_id_kv = NULL; struct condition_id_kv *condition_id_kv = NULL, *tmp_condition_id_kv = NULL;
HASH_ITER(hh, rule_rt->not_condition_id_kv_hash, condition_id_kv, tmp_condition_id_kv) { HASH_ITER(hh, rule_rt->not_condition_id_kv_hash, condition_id_kv, tmp_condition_id_kv) {
HASH_FIND_STR(rule_compile_state->attr_hit_objects_hashtbl, condition_id_kv->key.attribute_name, attr_hit_obj_coll); HASH_FIND_STR(rule_compile_state->attr_hit_objects_hashtbl, condition_id_kv->key.field_name, attr_hit_obj_coll);
if (attr_hit_obj_coll == NULL || attr_hit_obj_coll->need_negate_condition == 0) { if (attr_hit_obj_coll == NULL || attr_hit_obj_coll->need_negate_condition == 0) {
continue; continue;
} }
@@ -1584,7 +1584,7 @@ int rule_runtime_match(int table_id, struct rule_runtime *rule_rt, uuid_t *rule_
uuid_clear(null_uuid); uuid_clear(null_uuid);
rule_compile_state_add_internal_hit_path(rule_compile_state, null_uuid, rule_compile_state_add_internal_hit_path(rule_compile_state, null_uuid,
condition_id_kv->key.object_uuid, condition_id_kv->key.object_uuid,
condition_id_kv->key.attribute_name, 1, condition_id_kv->key.field_name, 1,
attr_hit_obj_coll->Nth_scan); attr_hit_obj_coll->Nth_scan);
} }
} }
@@ -1635,28 +1635,28 @@ int rule_runtime_need_compile(int table_id, struct rule_runtime *rule_rt, struct
return 0; return 0;
} }
static struct attribute_hit_object_collection * rule_compile_state_get_attr_hit_obj_coll(struct maat *maat_inst, struct rule_compile_state *rule_compile_state, static struct field_hit_object_collection * rule_compile_state_get_attr_hit_obj_coll(struct maat *maat_inst, struct rule_compile_state *rule_compile_state,
const char *attribute_name) const char *field_name)
{ {
struct attribute_hit_object_collection *attr_hit_obj_coll = NULL; struct field_hit_object_collection *attr_hit_obj_coll = NULL;
HASH_FIND_STR(rule_compile_state->attr_hit_objects_hashtbl, attribute_name, attr_hit_obj_coll); HASH_FIND_STR(rule_compile_state->attr_hit_objects_hashtbl, field_name, attr_hit_obj_coll);
if (attr_hit_obj_coll == NULL) { if (attr_hit_obj_coll == NULL) {
attr_hit_obj_coll = ALLOC(struct attribute_hit_object_collection, 1); attr_hit_obj_coll = ALLOC(struct field_hit_object_collection, 1);
snprintf(attr_hit_obj_coll->attribute_name, sizeof(attr_hit_obj_coll->attribute_name), "%s", attribute_name); snprintf(attr_hit_obj_coll->field_name, sizeof(attr_hit_obj_coll->field_name), "%s", field_name);
utarray_new(attr_hit_obj_coll->all_object_uuids, &ut_object_uuid_icd); utarray_new(attr_hit_obj_coll->all_object_uuids, &ut_object_uuid_icd);
if (1 == maat_inst->opts.hit_object_on) { if (1 == maat_inst->opts.hit_object_on) {
utarray_new(attr_hit_obj_coll->direct_items, &ut_maat_item_icd); utarray_new(attr_hit_obj_coll->direct_items, &ut_maat_item_icd);
utarray_new(attr_hit_obj_coll->indirect_object_uuids, &ut_object_uuid_icd); utarray_new(attr_hit_obj_coll->indirect_object_uuids, &ut_object_uuid_icd);
} }
HASH_ADD_STR(rule_compile_state->attr_hit_objects_hashtbl, attribute_name, attr_hit_obj_coll); HASH_ADD_STR(rule_compile_state->attr_hit_objects_hashtbl, field_name, attr_hit_obj_coll);
} }
return attr_hit_obj_coll; return attr_hit_obj_coll;
} }
static int rule_compile_state_add_hit_objects(struct rule_compile_state *rule_compile_state, static int rule_compile_state_add_hit_objects(struct rule_compile_state *rule_compile_state,
struct attribute_hit_object_collection * attr_hit_obj_coll, struct field_hit_object_collection * attr_hit_obj_coll,
uuid_t object_uuids[], size_t n_object_uuids) uuid_t object_uuids[], size_t n_object_uuids)
{ {
int object_uuid_idx_array[n_object_uuids]; int object_uuid_idx_array[n_object_uuids];
@@ -1686,7 +1686,7 @@ static int rule_compile_state_add_hit_objects(struct rule_compile_state *rule_co
} }
int rule_compile_state_update(struct rule_compile_state *rule_compile_state, struct maat *maat_inst, int rule_compile_state_update(struct rule_compile_state *rule_compile_state, struct maat *maat_inst,
const char *attribute_name, int custom_rule_tbl_id, int Nth_scan, const char *field_name, int custom_rule_tbl_id, int Nth_scan,
struct maat_item *hit_items, size_t n_hit_item) struct maat_item *hit_items, size_t n_hit_item)
{ {
size_t i = 0, j = 0; size_t i = 0, j = 0;
@@ -1707,13 +1707,13 @@ int rule_compile_state_update(struct rule_compile_state *rule_compile_state, str
hit_cnt, super_object_uuids, hit_cnt, super_object_uuids,
MAX_HIT_OBJECT_NUM); MAX_HIT_OBJECT_NUM);
struct attribute_hit_object_collection * attr_hit_obj_coll = rule_compile_state_get_attr_hit_obj_coll(maat_inst, rule_compile_state, attribute_name); struct field_hit_object_collection * attr_hit_obj_coll = rule_compile_state_get_attr_hit_obj_coll(maat_inst, rule_compile_state, field_name);
assert(attr_hit_obj_coll != NULL); assert(attr_hit_obj_coll != NULL);
if (1 == maat_inst->opts.hit_path_on && hit_cnt > 0) { if (1 == maat_inst->opts.hit_path_on && hit_cnt > 0) {
for (i = 0; i < hit_cnt; i++) { for (i = 0; i < hit_cnt; i++) {
rule_compile_state_add_internal_hit_path(rule_compile_state, hit_items[i].item_uuid, rule_compile_state_add_internal_hit_path(rule_compile_state, hit_items[i].item_uuid,
hit_items[i].object_uuid, attribute_name, 0, Nth_scan); hit_items[i].object_uuid, field_name, 0, Nth_scan);
} }
} }
@@ -1737,13 +1737,13 @@ int rule_compile_state_update(struct rule_compile_state *rule_compile_state, str
return hit_cnt; return hit_cnt;
} }
void rule_compile_state_not_logic_update(struct maat *maat_inst, struct rule_compile_state *rule_compile_state, const char *attribute_name, int Nth_scan) void rule_compile_state_not_logic_update(struct maat *maat_inst, struct rule_compile_state *rule_compile_state, const char *field_name, int Nth_scan)
{ {
if (NULL == maat_inst || NULL == rule_compile_state) { if (NULL == maat_inst || NULL == rule_compile_state) {
return; return;
} }
struct attribute_hit_object_collection *attr_hit_obj_coll = rule_compile_state_get_attr_hit_obj_coll(maat_inst, rule_compile_state, attribute_name); struct field_hit_object_collection *attr_hit_obj_coll = rule_compile_state_get_attr_hit_obj_coll(maat_inst, rule_compile_state, field_name);
assert(attr_hit_obj_coll != NULL); assert(attr_hit_obj_coll != NULL);
attr_hit_obj_coll->need_negate_condition = 1; attr_hit_obj_coll->need_negate_condition = 1;
@@ -1759,9 +1759,9 @@ void rule_compile_state_not_logic_update(struct maat *maat_inst, struct rule_com
} }
size_t rule_compile_state_get_indirect_hit_objects(struct maat *maat_inst, struct rule_compile_state *rule_compile_state, size_t rule_compile_state_get_indirect_hit_objects(struct maat *maat_inst, struct rule_compile_state *rule_compile_state,
const char *attribute_name, uuid_t object_array[], size_t array_size) const char *field_name, uuid_t object_array[], size_t array_size)
{ {
struct attribute_hit_object_collection *attr_hit_obj_coll = rule_compile_state_get_attr_hit_obj_coll(maat_inst, rule_compile_state, attribute_name); struct field_hit_object_collection *attr_hit_obj_coll = rule_compile_state_get_attr_hit_obj_coll(maat_inst, rule_compile_state, field_name);
assert(attr_hit_obj_coll != NULL); assert(attr_hit_obj_coll != NULL);
size_t i = 0; size_t i = 0;
@@ -1774,20 +1774,20 @@ size_t rule_compile_state_get_indirect_hit_objects(struct maat *maat_inst, struc
return i; return i;
} }
size_t rule_compile_state_get_indirect_hit_object_cnt(struct maat *maat_inst, struct rule_compile_state *rule_compile_state, const char *attribute_name) size_t rule_compile_state_get_indirect_hit_object_cnt(struct maat *maat_inst, struct rule_compile_state *rule_compile_state, const char *field_name)
{ {
struct attribute_hit_object_collection *attr_hit_obj_coll = rule_compile_state_get_attr_hit_obj_coll(maat_inst, rule_compile_state, attribute_name); struct field_hit_object_collection *attr_hit_obj_coll = rule_compile_state_get_attr_hit_obj_coll(maat_inst, rule_compile_state, field_name);
assert(attr_hit_obj_coll != NULL); assert(attr_hit_obj_coll != NULL);
return utarray_len(attr_hit_obj_coll->indirect_object_uuids); return utarray_len(attr_hit_obj_coll->indirect_object_uuids);
} }
size_t rule_compile_state_get_direct_hit_items(struct maat * maat_inst, struct rule_compile_state *rule_compile_state, const char *attribute_name, size_t rule_compile_state_get_direct_hit_items(struct maat * maat_inst, struct rule_compile_state *rule_compile_state, const char *field_name,
uuid_t item_array[], uuid_t direct_object_array[], size_t array_size) uuid_t item_array[], uuid_t direct_object_array[], size_t array_size)
{ {
size_t i = 0; size_t i = 0;
struct attribute_hit_object_collection *attr_hit_obj_coll = rule_compile_state_get_attr_hit_obj_coll(maat_inst, rule_compile_state, attribute_name); struct field_hit_object_collection *attr_hit_obj_coll = rule_compile_state_get_attr_hit_obj_coll(maat_inst, rule_compile_state, field_name);
assert(attr_hit_obj_coll != NULL); assert(attr_hit_obj_coll != NULL);
for (i = 0; i < utarray_len(attr_hit_obj_coll->direct_items) && i < array_size; i++) { for (i = 0; i < utarray_len(attr_hit_obj_coll->direct_items) && i < array_size; i++) {
@@ -1800,18 +1800,18 @@ size_t rule_compile_state_get_direct_hit_items(struct maat * maat_inst, struct r
return i; return i;
} }
size_t rule_compile_state_get_direct_hit_item_cnt(struct maat * maat_inst, struct rule_compile_state *rule_compile_state, const char *attribute_name) size_t rule_compile_state_get_direct_hit_item_cnt(struct maat * maat_inst, struct rule_compile_state *rule_compile_state, const char *field_name)
{ {
struct attribute_hit_object_collection *attr_hit_obj_coll = rule_compile_state_get_attr_hit_obj_coll(maat_inst, rule_compile_state, attribute_name); struct field_hit_object_collection *attr_hit_obj_coll = rule_compile_state_get_attr_hit_obj_coll(maat_inst, rule_compile_state, field_name);
assert(attr_hit_obj_coll != NULL); assert(attr_hit_obj_coll != NULL);
return utarray_len(attr_hit_obj_coll->direct_items); return utarray_len(attr_hit_obj_coll->direct_items);
} }
size_t rule_compile_state_get_hit_objects(struct maat *maat_inst, struct rule_compile_state *rule_compile_state, const char *attribute_name, size_t rule_compile_state_get_hit_objects(struct maat *maat_inst, struct rule_compile_state *rule_compile_state, const char *field_name,
uuid_t object_array[], size_t array_size) uuid_t object_array[], size_t array_size)
{ {
struct attribute_hit_object_collection *attr_hit_obj_coll = rule_compile_state_get_attr_hit_obj_coll(maat_inst, rule_compile_state, attribute_name); struct field_hit_object_collection *attr_hit_obj_coll = rule_compile_state_get_attr_hit_obj_coll(maat_inst, rule_compile_state, field_name);
assert(attr_hit_obj_coll != NULL); assert(attr_hit_obj_coll != NULL);
size_t i = 0; size_t i = 0;
@@ -1822,20 +1822,20 @@ size_t rule_compile_state_get_hit_objects(struct maat *maat_inst, struct rule_co
return i; return i;
} }
size_t rule_compile_state_get_hit_object_cnt(struct maat *maat_inst, struct rule_compile_state *rule_compile_state, const char *attribute_name) size_t rule_compile_state_get_hit_object_cnt(struct maat *maat_inst, struct rule_compile_state *rule_compile_state, const char *field_name)
{ {
struct attribute_hit_object_collection *attr_hit_obj_coll = rule_compile_state_get_attr_hit_obj_coll(maat_inst, rule_compile_state, attribute_name); struct field_hit_object_collection *attr_hit_obj_coll = rule_compile_state_get_attr_hit_obj_coll(maat_inst, rule_compile_state, field_name);
assert(attr_hit_obj_coll != NULL); assert(attr_hit_obj_coll != NULL);
return utarray_len(attr_hit_obj_coll->all_object_uuids); return utarray_len(attr_hit_obj_coll->all_object_uuids);
} }
size_t rule_compile_state_get_attribute_names(struct rule_compile_state *rule_compile_state, const char *attribute_name_array[], size_t array_size) size_t rule_compile_state_get_field_names(struct rule_compile_state *rule_compile_state, const char *field_name_array[], size_t array_size)
{ {
size_t i = 0; size_t i = 0;
struct attribute_hit_object_collection *attr_hit_obj_coll = NULL, *tmp = NULL; struct field_hit_object_collection *attr_hit_obj_coll = NULL, *tmp = NULL;
HASH_ITER(hh, rule_compile_state->attr_hit_objects_hashtbl, attr_hit_obj_coll, tmp) { HASH_ITER(hh, rule_compile_state->attr_hit_objects_hashtbl, attr_hit_obj_coll, tmp) {
attribute_name_array[i] = attr_hit_obj_coll->attribute_name; field_name_array[i] = attr_hit_obj_coll->field_name;
i++; i++;
if (i >= array_size) { if (i >= array_size) {
break; break;
@@ -1845,7 +1845,7 @@ size_t rule_compile_state_get_attribute_names(struct rule_compile_state *rule_co
return i; return i;
} }
size_t rule_compile_state_get_attribute_cnt(struct rule_compile_state *rule_compile_state) size_t rule_compile_state_get_field_cnt(struct rule_compile_state *rule_compile_state)
{ {
return HASH_COUNT(rule_compile_state->attr_hit_objects_hashtbl); return HASH_COUNT(rule_compile_state->attr_hit_objects_hashtbl);
} }
@@ -1898,7 +1898,7 @@ size_t rule_compile_state_get_internal_hit_paths(struct rule_compile_state *rule
uuid_copy(tmp_path.sub_object_uuid, internal_path->object_uuid); uuid_copy(tmp_path.sub_object_uuid, internal_path->object_uuid);
uuid_copy(tmp_path.top_object_uuid, *p); uuid_copy(tmp_path.top_object_uuid, *p);
memcpy(tmp_path.attribute_name, internal_path->attribute_name, sizeof(tmp_path.attribute_name)); memcpy(tmp_path.field_name, internal_path->field_name, sizeof(tmp_path.field_name));
tmp_path.negate_option = internal_path->negate_option; tmp_path.negate_option = internal_path->negate_option;
tmp_path.condition_index = -1; tmp_path.condition_index = -1;
uuid_clear(tmp_path.rule_uuid); uuid_clear(tmp_path.rule_uuid);

6
src/maat_table.c
View File

@@ -42,12 +42,6 @@ struct maat_table {
void *updating_runtime; void *updating_runtime;
}; };
struct maat_attribute {
int table_id;
int attr_id;
char attr_name[MAX_NAME_STR_LEN + 1];
};
struct table_manager { struct table_manager {
struct maat_table *tbl[MAX_TABLE_NUM]; struct maat_table *tbl[MAX_TABLE_NUM];
size_t n_table; size_t n_table;

4
test/benchmark/benchmark_gtest.cpp
View File

@@ -136,7 +136,7 @@ void generate_rule_sample(const char *table_name, int sample_count)
fclose(fp); fclose(fp);
} }
void generate_object2rule_sample(const char *table_name, const char *attribute_name, void generate_object2rule_sample(const char *table_name, const char *field_name,
int sample_count) int sample_count)
{ {
FILE *fp = fopen(table_name, "w+"); FILE *fp = fopen(table_name, "w+");
@@ -148,7 +148,7 @@ void generate_object2rule_sample(const char *table_name, const char *attribute_n
fprintf(fp, "%d\n", sample_count); fprintf(fp, "%d\n", sample_count);
for (int i = 0; i < sample_count; i++) { for (int i = 0; i < sample_count; i++) {
fprintf(fp, "%d\t%d\t0\t%s\t1\t1\n", i+1, 100+i, attribute_name); fprintf(fp, "%d\t%d\t0\t%s\t1\t1\n", i+1, 100+i, field_name);
} }
fclose(fp); fclose(fp);

2
test/benchmark/benchmark_table_info.conf
View File

@@ -573,7 +573,7 @@
"object_id":1, "object_id":1,
"rule_id":2, "rule_id":2,
"negate_option":3, "negate_option":3,
"attribute_name":4, "field_name":4,
"condition_index":5 "condition_index":5
} }
}, },

2
test/json_update/corrupted.json
View File

@@ -13,7 +13,7 @@
"and_conditions": [ "and_conditions": [
{ {
"object_name": "Untitled", "object_name": "Untitled",
"attribute_name": "HTTP_URL", "field_name": "HTTP_URL",
"objects": [ "objects": [
{ {
"items": [ "items": [

2
test/json_update/new.json
View File

@@ -12,7 +12,7 @@
"is_valid": "yes", "is_valid": "yes",
"and_conditions": [ "and_conditions": [
{ {
"attribute_name": "HTTP_URL", "field_name": "HTTP_URL",
"objects": [ "objects": [
{ {
"items": [ "items": [

2
test/json_update/old.json
View File

@@ -12,7 +12,7 @@
"is_valid": "yes", "is_valid": "yes",
"and_conditions": [ "and_conditions": [
{ {
"attribute_name": "HTTP_URL", "field_name": "HTTP_URL",
"objects": [ "objects": [
{ {
"items": [ "items": [

1510
test/maat_framework_gtest.cpp
View File

File diff suppressed because it is too large Load Diff

326
test/maat_json.json
View File

File diff suppressed because it is too large Load Diff

4
test/table_info.json
View File

@@ -68,7 +68,7 @@
"table_id":11, "table_id":11,
"table_name":"KEYWORDS_TABLE", "table_name":"KEYWORDS_TABLE",
"table_type":"expr", "table_type":"expr",
"schema_tag": "{\"http_response_keywords\": \"attribute\"}" "schema_tag": "{\"http_response_keywords\": \"field\"}"
}, },
{ {
"table_id":12, "table_id":12,
@@ -155,7 +155,7 @@
"table_id":24, "table_id":24,
"table_name":"IP_PLUS_CONFIG", "table_name":"IP_PLUS_CONFIG",
"table_type":"ip", "table_type":"ip",
"schema_tag": "{\"attribute_ip_plus_table\": \"attribute\"}" "schema_tag": "{\"field_ip_plus_table\": \"field\"}"
}, },
{ {
"table_id":29, "table_id":29,

2
test/test_utils.cpp
View File

@@ -155,7 +155,7 @@ int rule_table_set_line(struct maat *maat_inst, const char *table_name,
cJSON_AddItemToArray(object_uuids_array, cJSON_CreateString(and_conditions[i].or_conditions[j].object_uuids_str[k])); cJSON_AddItemToArray(object_uuids_array, cJSON_CreateString(and_conditions[i].or_conditions[j].object_uuids_str[k]));
} }
cJSON_AddItemToObject(or_condition, "object_uuids", object_uuids_array); cJSON_AddItemToObject(or_condition, "object_uuids", object_uuids_array);
cJSON_AddStringToObject(or_condition, "attribute_name", and_conditions[i].or_conditions[j].attribute_name); cJSON_AddStringToObject(or_condition, "field_name", and_conditions[i].or_conditions[j].field_name);
cJSON_AddItemToArray(or_conditions_array, or_condition); cJSON_AddItemToArray(or_conditions_array, or_condition);
} }

2
test/test_utils.h
View File

@@ -8,7 +8,7 @@
struct maat_cmd_or_condition { struct maat_cmd_or_condition {
const char *object_uuids_str[8]; const char *object_uuids_str[8];
int object_num; int object_num;
const char *attribute_name; const char *field_name;
}; };
struct maat_cmd_and_condition { struct maat_cmd_and_condition {