diff --git a/src/inc_internal/maat_group.h b/src/inc_internal/maat_group.h index b693d33..ae87fd3 100644 --- a/src/inc_internal/maat_group.h +++ b/src/inc_internal/maat_group.h @@ -23,6 +23,7 @@ extern "C" #include "maat_table.h" struct maat_group; +struct group2group_runtime; /* group2group schema API */ void *group2group_schema_new(cJSON *json, struct table_manager *tbl_mgr, @@ -35,8 +36,8 @@ void *group2group_runtime_new(void *g2g_schema, int max_thread_num, struct log_handle *logger); void group2group_runtime_free(void *g2g_runtime); -void maat_group_ref_inc(struct maat_group *group); -void maat_group_ref_dec(struct maat_group *group); +void maat_group_ref_inc(struct group2group_runtime *g2g_rt, struct maat_group *group); +void maat_group_ref_dec(struct group2group_runtime *g2g_rt, struct maat_group *group); struct maat_group *group2group_runtime_add_group(void *g2g_runtime, long long group_id); void group2group_runtime_remove_group(void *g2g_runtime, struct maat_group *group); diff --git a/src/maat_api.c b/src/maat_api.c index 6d6399f..60eae45 100644 --- a/src/maat_api.c +++ b/src/maat_api.c @@ -265,7 +265,6 @@ void maat_read_full_config(struct maat *maat_instance) log_error(maat_instance->logger, MODULE_MAAT_API, "[%s:%d] Maat re-initiate with JSON file %s failed: %s", __FUNCTION__, __LINE__, maat_instance->json_ctx.json_file, err_str); - return -1; } config_monitor_traverse(maat_instance->maat_version, diff --git a/src/maat_compile.c b/src/maat_compile.c index b0fd4f7..20e08c0 100644 --- a/src/maat_compile.c +++ b/src/maat_compile.c @@ -1777,7 +1777,7 @@ int group2compile_runtime_update(void *g2c_runtime, void *g2c_schema, if (g2c_item->not_flag) { g2c_rt->not_flag_group--; } - maat_group_ref_dec(group); + maat_group_ref_dec(g2g_rt, group); g2c_rt->rule_num--; } } else { @@ -1792,7 +1792,7 @@ int group2compile_runtime_update(void *g2c_runtime, void *g2c_schema, if (g2c_item->not_flag) { g2c_rt->not_flag_group++; } - maat_group_ref_inc(group); + maat_group_ref_inc(g2g_rt, group); g2c_rt->rule_num++; } } diff --git a/src/maat_group.c b/src/maat_group.c index 2719b6d..c4f6546 100644 --- a/src/maat_group.c +++ b/src/maat_group.c @@ -62,6 +62,7 @@ struct group2group_runtime { long long version; long long rule_num; + int updating_flag; pthread_rwlock_t rwlock; struct maat_garbage_bin *ref_garbage_bin; struct log_handle *logger; @@ -194,14 +195,20 @@ void group2group_runtime_free(void *g2g_runtime) FREE(g2g_rt); } -void maat_group_ref_inc(struct maat_group *group) +void maat_group_ref_inc(struct group2group_runtime *g2g_rt, struct maat_group *group) { + pthread_rwlock_wrlock(&(g2g_rt->rwlock)); + g2g_rt->updating_flag = 1; group->ref_by_compile_cnt++; + pthread_rwlock_unlock(&(g2g_rt->rwlock)); } -void maat_group_ref_dec(struct maat_group *group) +void maat_group_ref_dec(struct group2group_runtime *g2g_rt, struct maat_group *group) { + pthread_rwlock_wrlock(&(g2g_rt->rwlock)); + g2g_rt->updating_flag = 1; group->ref_by_compile_cnt--; + pthread_rwlock_unlock(&(g2g_rt->rwlock)); } struct group2group_item * @@ -273,6 +280,7 @@ struct maat_group *_group2group_runtime_add_group(void *g2g_runtime, long long g HASH_ADD(hh_group_id, group_topo->hash_group_by_id, group_id, sizeof(group->group_id), group); HASH_ADD(hh_vertex_id, group_topo->hash_group_by_vertex, vertex_id, sizeof(group->vertex_id), group); + g2g_rt->updating_flag = 1; if (1 == lock_flag) { pthread_rwlock_unlock(&(g2g_rt->rwlock)); } @@ -322,6 +330,7 @@ void _group2group_runtime_remove_group(void *g2g_runtime, struct maat_group *gro HASH_DELETE(hh_vertex_id, group_topo->hash_group_by_vertex, group); group_vertex_free(group); + g2g_rt->updating_flag = 1; if (1 == lock_flag) { pthread_rwlock_unlock(&(g2g_rt->rwlock)); } @@ -412,6 +421,7 @@ int group2group_runtime_add_group_to_group(void *g2g_runtime, long long group_id ret = 0; } + g2g_rt->updating_flag = 1; pthread_rwlock_unlock(&(g2g_rt->rwlock)); return ret; } @@ -474,6 +484,7 @@ int group2group_runtime_remove_group_from_group(void *g2g_runtime, long long gro group->ref_by_super_group_cnt--; super_group->ref_by_sub_group_cnt--; + g2g_rt->updating_flag = 1; pthread_rwlock_unlock(&(g2g_rt->rwlock)); return 0; @@ -578,7 +589,7 @@ int group2group_runtime_build_top_groups(void *g2g_runtime, long long maat_rt_ve } igraph_vector_destroy(&group_topo->dfs_vids); g2g_rt->version = maat_rt_version; - + g2g_rt->updating_flag = 0; pthread_rwlock_unlock(&(g2g_rt->rwlock)); return 0; @@ -634,6 +645,10 @@ int group2group_runtime_commit(void *g2g_runtime, const char *table_name, long l } struct group2group_runtime *g2g_rt = (struct group2group_runtime *)g2g_runtime; + if (0 == g2g_rt->updating_flag) { + return 0; + } + int ret = group2group_runtime_build_top_groups(g2g_runtime, maat_rt_version); if (ret < 0) { log_error(g2g_rt->logger, MODULE_GROUP, diff --git a/src/rcu_hash.c b/src/rcu_hash.c index af32d90..5ae6c3e 100644 --- a/src/rcu_hash.c +++ b/src/rcu_hash.c @@ -50,7 +50,7 @@ struct rcu_hash_node { struct rcu_hash_table *htable; UT_hash_handle hh_a; - UT_hash_handle hh_b; + UT_hash_handle hh_b; }; void rcu_hash_garbage_queue_free(struct rcu_hash_garbage_q *garbage_q) diff --git a/test/maat_framework_gtest.cpp b/test/maat_framework_gtest.cpp index dddaf5c..4dbffa8 100644 --- a/test/maat_framework_gtest.cpp +++ b/test/maat_framework_gtest.cpp @@ -374,8 +374,6 @@ struct maat *MaatIris::_shared_maat_instance; struct log_handle *MaatIris::logger; TEST_F(MaatIris, basic) { - const char *app_id_table_name = "TSG_OBJ_APP_ID"; - const char *ip_table_name = "TSG_SECURITY_SOURCE_ADDR"; struct maat *maat_instance = MaatIris::_shared_maat_instance; struct log_handle *logger = MaatIris::logger; @@ -384,21 +382,36 @@ TEST_F(MaatIris, basic) { int thread_id = 0; struct maat_state *state = maat_state_new(maat_instance, thread_id); - int table_id = maat_get_table_id(maat_instance, app_id_table_name); - int ret = maat_scan_integer(maat_instance, table_id, 32, results, ARRAY_SIZE, &n_hit_result, state); - EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - - uint32_t ip_addr; - inet_pton(AF_INET, "192.168.64.25", &ip_addr); - uint16_t port = htons(100); + uint32_t sip_addr; + uint32_t dip_addr; + inet_pton(AF_INET, "192.168.64.25", &sip_addr); + inet_pton(AF_INET, "114.114.114.114", &dip_addr); + uint16_t sport = htons(58309); + uint16_t dport = htons(53); - table_id = maat_get_table_id(maat_instance, ip_table_name); + int table_id = maat_get_table_id(maat_instance, "TSG_SECURITY_SOURCE_ADDR"); ASSERT_GT(table_id, 0); - ret = maat_scan_ipv4(maat_instance, table_id, ip_addr, port, 6, + int ret = maat_scan_ipv4(maat_instance, table_id, sip_addr, sport, 6, + results, ARRAY_SIZE, &n_hit_result, state); + EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); + + ret = maat_scan_ipv4(maat_instance, table_id, dip_addr, dport, 6, + results, ARRAY_SIZE, &n_hit_result, state); + EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); + + table_id = maat_get_table_id(maat_instance, "TSG_SECURITY_DESTINATION_ADDR"); + ASSERT_GT(table_id, 0); + + ret = maat_scan_ipv4(maat_instance, table_id, sip_addr, sport, 6, + results, ARRAY_SIZE, &n_hit_result, state); + EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); + + ret = maat_scan_ipv4(maat_instance, table_id, dip_addr, dport, 6, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); - EXPECT_EQ(n_hit_result, 1); - EXPECT_EQ(results[0], 1054275); + + table_id = maat_get_table_id(maat_instance, "TSG_SECURITY_SOURCE_LOCATION"); + ASSERT_GT(table_id, 0); maat_state_free(state); }