增加hit path功能的单元测试用例。

inc/Maat_rule.h

@@ -184,34 +184,22 @@ int Maat_table_callback_register(Maat_feather_t feather,short table_id,
 									void* u_para);
 
 #define MAX_HIT_REGION_NUM_PER_GROUP 	128
-struct Maat_hit_group_id_t
-{
-	int compile_id;
-	int group_id;
-	size_t n_hit_region;
-	int region_id[MAX_HIT_REGION_NUM_PER_GROUP];
-};
+
 struct Maat_hit_path_t
 {
-	int Nth_scan;//Maat_stream_scan_**_start is a individual scan.
+	int Nth_scan;
 	int region_id;
 	int sub_group_id;
 	int top_group_id;
-	int virtual_table_id;
+	int virtual_table_id; // 0 is not a virtual table.
 	int compile_id;
 };
-struct Maat_hit_compile_id_t
-{
-	int config_id;
-	size_t n_hit_group;
-	struct Maat_hit_group_id_t *group_ids;
-};
 enum MAAT_SCAN_OPT
 {
 	MAAT_SET_SCAN_DISTRICT=1,		//VALUE is a const char*, SIZE= strlen(string). DEFAULT: no default.
 	MAAT_SET_SCAN_LAST_REGION,		//VALUE is NULL, SIZE=0. This option indicates that the follow scan is the last region of current scan combination.
 	MAAT_GET_SCAN_HIT_PATH			//VALUE is struct Maat_hit_path_t*, an array of struct Maat_hit_path_t, SIZE= sizeof(struct Maat_hit_path_t)*N,
-									//Maat_get_scan_status returns actual filled number.
+									//Maat_get_scan_status returns actual got number.
 };
 //return 0 if success, return -1 when failed;
 int Maat_set_scan_status(Maat_feather_t feather, scan_status_t* mid, enum MAAT_SCAN_OPT type, const void* value, int size);

src/entry/Maat_api.cpp

@@ -194,32 +194,7 @@ struct scan_region_hit_wraper
 	int virtual_table_id;
 	int is_last_region;
 };
-void scan_region_hit_wraper_build_with_rulescan(struct scan_region_hit_wraper* region_hit, scan_result_t* rulescan_rslt, size_t n_rslt, int is_last_region, int virual_table_id, int Nth_scan)
-{
-	memset(region_hit, 0, sizeof(struct scan_region_hit_wraper));
-	region_hit->elem_array=rulescan_rslt;
-	region_hit->n_elem=n_rslt;
-	region_hit->elem_size=sizeof(scan_result_t);
-	region_hit->expr_id_offset=offsetof(scan_result_t, expr_id);
-	region_hit->group_offset=offsetof(scan_result_t, tag);
-	region_hit->is_last_region=is_last_region;
-	region_hit->virtual_table_id=virual_table_id;
-	region_hit->Nth_scan=Nth_scan;
-	return;
-}
-void scan_region_hit_wraper_build_with_GIE(struct scan_region_hit_wraper* region_hit, GIE_result_t* GIE_rslt, size_t n_rslt, int is_last_region, int virual_table_id, int Nth_scan)
-{
-	memset(region_hit, 0, sizeof(struct scan_region_hit_wraper));
-	region_hit->elem_array=GIE_rslt;
-	region_hit->n_elem=n_rslt;
-	region_hit->elem_size=sizeof(GIE_result_t);
-	region_hit->expr_id_offset=offsetof(GIE_result_t, id);
-	region_hit->group_offset=offsetof(GIE_result_t, tag);
-	region_hit->is_last_region=is_last_region;
-	region_hit->virtual_table_id=virual_table_id;
-	region_hit->Nth_scan=Nth_scan;
-	return;
-}
+
 struct scan_hit_status* scan_hit_status_new(void)
 {
 	struct scan_hit_status* inner_mid=NULL;
@@ -241,9 +216,16 @@ void scan_hit_status_free(struct scan_hit_status* p)
 	free(p->all_hit_group_array);
 	p->all_hit_group_array=NULL;
 	free(p);
-	
 }
-
+void hit_path_init(struct Maat_hit_path_t* hit_path)
+{
+	hit_path->Nth_scan=-1;
+	hit_path->region_id=-1;
+	hit_path->sub_group_id=-1;
+	hit_path->top_group_id=-1;
+	hit_path->virtual_table_id=-1;
+	hit_path->compile_id=-1;
+}
 void scan_hit_status_update_by_group(struct scan_hit_status* hit_status, struct Maat_group_inner* group_rule, int region_id, int virtual_table_id, int Nth_scan, int Nth_region_result)
 {
 	size_t i=0;
@@ -253,9 +235,9 @@ void scan_hit_status_update_by_group(struct scan_hit_status* hit_status, struct
 	for(i=0; i<group_rule->top_group_cnt; i++)
 	{
 		hit_path=ALLOC(struct Maat_hit_path_inner, 1);
+		hit_path_init(&(hit_path->path));
 		hit_path->Nth_hit_region=Nth_region_result;
 		hit_path->path.Nth_scan=Nth_scan;
-		hit_path->path.compile_id=-1;
 		hit_path->path.region_id=region_id;
 		hit_path->path.sub_group_id=group_rule->group_id;
 		hit_path->path.top_group_id=group_rule->top_groups[i];
@@ -312,26 +294,54 @@ size_t scan_hit_status_read_group_ids(const struct scan_hit_status* hit_status,
 	return hit_status->all_hit_group_cnt;
 }
 //Maybe select?
-size_t scan_hit_status_read_hit_path_inner(const struct scan_hit_status* hit_status, int Nth_scan,int compile_id, 
+size_t scan_hit_status_select_hit_path_inner(const struct scan_hit_status* hit_status, struct Maat_hit_path_t* condition, 
 															struct Maat_hit_path_inner* hit_paths, size_t n_path)
 {
 	struct Maat_hit_path_inner* p=NULL;
 	size_t i=0;
 	TAILQ_FOREACH(p, &hit_status->hit_path_qhead, entries)
 	{
-		if(p->path.Nth_scan!=Nth_scan||p->path.compile_id!=compile_id)
+		if((condition->compile_id==p->path.compile_id||condition->compile_id<0)
+			&& (condition->Nth_scan==p->path.Nth_scan||condition->Nth_scan<0)
+			&& (condition->region_id=p->path.region_id||condition->region_id<0))
 		{
-			continue;
-		}
 			if(i<n_path)
 			{
 				hit_paths[i]=*p;
 				i++;
 			}
 		}
+
+	}
 	return i;
 
 }
+void scan_region_hit_wraper_build_with_rulescan(struct scan_region_hit_wraper* region_hit, scan_result_t* rulescan_rslt, size_t n_rslt, int is_last_region, int virtual_table_id, int Nth_scan)
+{
+	memset(region_hit, 0, sizeof(struct scan_region_hit_wraper));
+	region_hit->elem_array=rulescan_rslt;
+	region_hit->n_elem=n_rslt;
+	region_hit->elem_size=sizeof(scan_result_t);
+	region_hit->expr_id_offset=offsetof(scan_result_t, expr_id);
+	region_hit->group_offset=offsetof(scan_result_t, tag);
+	region_hit->is_last_region=is_last_region;
+	region_hit->virtual_table_id=virtual_table_id;
+	region_hit->Nth_scan=Nth_scan;
+	return;
+}
+void scan_region_hit_wraper_build_with_GIE(struct scan_region_hit_wraper* region_hit, GIE_result_t* GIE_rslt, size_t n_rslt, int is_last_region, int virtual_table_id, int Nth_scan)
+{
+	memset(region_hit, 0, sizeof(struct scan_region_hit_wraper));
+	region_hit->elem_array=GIE_rslt;
+	region_hit->n_elem=n_rslt;
+	region_hit->elem_size=sizeof(GIE_result_t);
+	region_hit->expr_id_offset=offsetof(GIE_result_t, id);
+	region_hit->group_offset=offsetof(GIE_result_t, tag);
+	region_hit->is_last_region=is_last_region;
+	region_hit->virtual_table_id=virtual_table_id;
+	region_hit->Nth_scan=Nth_scan;
+	return;
+}
 
 int region_compile(_Maat_feather_t*feather, struct scan_hit_status *_mid, const struct scan_region_hit_wraper* region_hit_wraper, struct Maat_rule_t* result, int size,int thread_num)
 {
@@ -539,6 +549,7 @@ int fill_region_hit_detail(const char* scan_buff, const scan_hit_status* _mid,
 
 
 	struct Maat_hit_path_inner hit_paths[MAX_SCANNER_HIT_NUM];
+	struct Maat_hit_path_t condition;
 	size_t hit_path_cnt=0;
 	int Nth_hit_region=0;
 	
@@ -546,7 +557,10 @@ int fill_region_hit_detail(const char* scan_buff, const scan_hit_status* _mid,
 	for(i=0; i<compile_cnt&&i<detail_num; i++)
 	{
 		hit_detail[i].config_id=compile[i].config_id;
-		hit_path_cnt=scan_hit_status_read_hit_path_inner(_mid, Nth_scan, compile[i].config_id, hit_paths, MAX_SCANNER_HIT_NUM);
+		hit_path_init(&condition);
+		condition.Nth_scan=Nth_scan;
+		condition.compile_id=compile[i].config_id;
+		hit_path_cnt=scan_hit_status_select_hit_path_inner(_mid, &condition, hit_paths, MAX_SCANNER_HIT_NUM);
 		for(j=0; j<hit_path_cnt && j<MAAT_MAX_HIT_RULE_NUM; j++)
 		{		
 			Nth_hit_region=hit_paths[j].Nth_hit_region;
@@ -896,7 +910,7 @@ int Maat_set_feather_opt(Maat_feather_t feather,enum MAAT_INIT_OPT type,const vo
 			_feather->backgroud_update_enabled=1;
 			pthread_mutex_lock((&_feather->background_update_mutex));
 			MESA_handle_runtime_log(_feather->logger,RLOG_LV_INFO,maat_module ,
-							"Maat load version from %lld, stops backgroud update."
+							"Maat load version from %lld, backgroud update stopped."
 							,_feather->load_version_from);
 			break;
 		case MAAT_OPT_ACCEPT_TAGS:
@@ -1479,8 +1493,8 @@ int Maat_scan_intval(Maat_feather_t feather,int table_id
 	_mid=grab_mid(mid, _feather, thread_num, 0);
 	_mid->scan_cnt++;
 
-	int virutal_table_id=0;
-	p_table=Maat_table_get_by_id(_feather->table_mgr, table_id, TABLE_TYPE_INTERVAL, &virutal_table_id);
+	int virtual_table_id=0;
+	p_table=Maat_table_get_by_id(_feather->table_mgr, table_id, TABLE_TYPE_INTERVAL, &virtual_table_id);
 	if(p_table==NULL)
 	{
 		_feather->scan_err_cnt++;
@@ -1521,7 +1535,7 @@ int Maat_scan_intval(Maat_feather_t feather,int table_id
 		_mid=grab_mid(mid, _feather, thread_num, 1);
 		struct scan_region_hit_wraper region_hit_wraper;
 		scan_region_hit_wraper_build_with_rulescan(&region_hit_wraper, region_result, region_ret,
-											_mid->is_last_region, virutal_table_id, _mid->scan_cnt);
+											_mid->is_last_region, virtual_table_id, _mid->scan_cnt);
 		compile_ret=region_compile(_feather,_mid->inner,
 									&region_hit_wraper,
 									result, rule_num,
@@ -1846,11 +1860,7 @@ int Maat_stream_scan_string_detail(stream_para_t* stream_para
 		clock_gettime(CLOCK_MONOTONIC, &start);
 	}
 	_mid=grab_mid(mid, sp->feather, sp->thread_num, 0);
-	if(sp->Nth_scan==0)
-	{
 	_mid->scan_cnt++;
-		sp->Nth_scan=_mid->scan_cnt;
-	}
 	if(data==NULL||data_len<=0||scanner==NULL)
 	{
 		return 0;
@@ -1956,7 +1966,7 @@ int Maat_stream_scan_string_detail(stream_para_t* stream_para
 		_mid=grab_mid(mid, sp->feather,sp->thread_num, 1);
 		struct scan_region_hit_wraper region_hit_wraper;
 		scan_region_hit_wraper_build_with_rulescan(&region_hit_wraper, region_result, hit_region_cnt, 
-										_mid->is_last_region, sp->virtual_table_id, sp->Nth_scan);
+										_mid->is_last_region, sp->virtual_table_id, _mid->scan_cnt);
 
 		compile_ret=region_compile(sp->feather,_mid->inner,
 							&region_hit_wraper,
@@ -1974,7 +1984,7 @@ int Maat_stream_scan_string_detail(stream_para_t* stream_para
 				*detail_ret=fill_region_hit_detail(sp->scan_buff, _mid->inner,
 												region_result, hit_region_cnt,
 												result, compile_ret,
-												sp->Nth_scan,
+												_mid->scan_cnt,
 												hit_detail, detail_num, scanner);
 			}
 			else
@@ -1982,7 +1992,7 @@ int Maat_stream_scan_string_detail(stream_para_t* stream_para
 				*detail_ret=fill_region_hit_detail(data, _mid->inner,
 												region_result, hit_region_cnt,
 												result, compile_ret,
-												sp->Nth_scan,
+												_mid->scan_cnt,
 												hit_detail, detail_num, scanner);
 			}
 		}
@@ -2142,11 +2152,7 @@ int Maat_stream_scan_digest(stream_para_t * stream_para, const char * data, int
 		clock_gettime(CLOCK_MONOTONIC,&start);
 	}
 	_mid=grab_mid(mid, sp->feather, sp->thread_num, 0);
-	if(sp->Nth_scan==0)
-	{
 	_mid->scan_cnt++;
-		sp->Nth_scan=_mid->scan_cnt;
-	}
 
 	if(data==NULL||data_len<=0)
 	{
@@ -2206,7 +2212,7 @@ int Maat_stream_scan_digest(stream_para_t * stream_para, const char * data, int
 		_mid=grab_mid(mid,sp->feather, sp->thread_num,1);
 		struct scan_region_hit_wraper region_hit_wraper;
 		scan_region_hit_wraper_build_with_GIE(&region_hit_wraper, region_result, hit_region_cnt, 
-											_mid->is_last_region, sp->virtual_table_id, sp->Nth_scan);
+											_mid->is_last_region, sp->virtual_table_id, _mid->scan_cnt);
 		compile_ret=region_compile(sp->feather,_mid->inner,
 								&region_hit_wraper,
 								result, rule_num,
@@ -2328,8 +2334,13 @@ int Maat_get_scan_status(Maat_feather_t feather, scan_status_t* mid, enum MAAT_S
 	struct _Maat_feather_t* _feather=(_Maat_feather_t*)feather;
 	struct _OUTER_scan_status_t* _mid=NULL;
 	struct Maat_hit_path_t* paths;
+	struct Maat_hit_path_t condition;
+	struct Maat_hit_path_inner *path_inner;
+	size_t n_read=0, i=0;
+	int ret=0;
 	_mid=grab_mid(mid, _feather, 0, 0);
-	if(_mid==NULL||_mid->inner==NULL)
+
+	if(_mid->inner==NULL)
 	{
 		return 0;
 	}
@@ -2341,11 +2352,21 @@ int Maat_get_scan_status(Maat_feather_t feather, scan_status_t* mid, enum MAAT_S
 				return -1;
 			}
 			paths=(struct Maat_hit_path_t*)value;
+			n_read=size/sizeof(struct Maat_hit_path_t);
+			path_inner=ALLOC(struct Maat_hit_path_inner, n_read);
+			hit_path_init(&condition);
+			n_read=scan_hit_status_select_hit_path_inner(_mid->inner, &condition, path_inner, n_read);
+			for(i=0; i<n_read; i++)
+			{
+				paths[i]=path_inner[i].path;
+			}
+			free(path_inner);
+			ret=n_read;
 			break;
 		default:
 			return -1;
 	}
-	return 0;
+	return ret;
 }
 
 int Maat_read_state(Maat_feather_t feather, enum MAAT_STATE_OPT  type, void* value, int size)

src/entry/Maat_rule.cpp

@@ -33,7 +33,7 @@
 #include "stream_fuzzy_hash.h"
 #include "gram_index_engine.h"
 
-int MAAT_FRAME_VERSION_2_8_20200204=1;
+int MAAT_FRAME_VERSION_2_8_20200211=1;
 
 int is_valid_table_name(const char* str)
 {

src/inc_internal/Maat_rule_internal.h

@@ -215,7 +215,6 @@ struct _stream_para_t
 {
 	struct _Maat_feather_t* feather;
 	const struct Maat_table_desc* p_real_table;
-	int Nth_scan;
 	int virtual_table_id;
 	int version;
 	int thread_num;

test/test_maatframe.cpp

@@ -54,7 +54,17 @@ void wait_for_cmd_effective(Maat_feather_t feather, long long version_before)
 	}
 //	printf("wait for %lld ms\n", wating_us/1000);
 }
-
+void ipv4_addr_set(struct ipaddr *ipv4_addr, struct stream_tuple4_v4* v4_addr,
+						const char* src_ip, unsigned short sport, const char* dest_ip, unsigned short dport)
+{
+	ipv4_addr->addrtype=ADDR_TYPE_IPV4;
+	inet_pton(AF_INET, src_ip, &(v4_addr->saddr));
+	v4_addr->source=htons(sport);
+	inet_pton(AF_INET, dest_ip, &(v4_addr->daddr));
+	v4_addr->dest=htons(dport);
+	ipv4_addr->v4=v4_addr;
+	return;
+}
 void scan_with_old_or_new_cfg(Maat_feather_t feather, int is_old)
 {
 	const char* hit_old_data="Hello world! I'm eve.";
@@ -515,12 +525,7 @@ TEST(IPScan, IPv4_mask)
 	scan_status_t mid=NULL;
 	struct ipaddr ipv4_addr;
 	struct stream_tuple4_v4 v4_addr;
-	ipv4_addr.addrtype=ADDR_TYPE_IPV4;
-	inet_pton(AF_INET,"10.0.6.205",&(v4_addr.saddr));
-	v4_addr.source=htons(50001);
-	inet_pton(AF_INET,"10.0.6.201",&(v4_addr.daddr));
-	v4_addr.dest=htons(80);
-	ipv4_addr.v4=&v4_addr;
+	ipv4_addr_set(&ipv4_addr, &v4_addr, "10.0.6.205", 50001, "10.0.6.201", 80);
 
 	const char* scan_data="http://www.cyberessays.com/search_results.php?action=search&query=yulingjing,abckkk,1234567";
 	table_id=Maat_table_register(g_feather,"HTTP_URL");
@@ -2828,6 +2833,258 @@ TEST_F(MaatCmdTest, PluginEXData)
 
 	return;
 }
+#define TEST_HIT_PATH
+TEST_F(MaatCmdTest,    HitPath)
+{
+	Maat_feather_t feather=MaatCmdTest::_shared_feather;
+	const char* group_table_name="GROUP";
+	const char* compile_table_name="COMPILE";
+	const char* table_http_sig="HTTP_SIGNATURE";
+	const char* table_ip="IP_CONFIG";
+	const char* table_keywords="KEYWORDS_TABLE";
+
+	struct Maat_rule_t compile1;
+	struct Maat_group_t group1, group2, group21, group3, group4;
+	struct Maat_region_t region1, region2, region3, region4;
+
+	memset(&compile1, 0, sizeof(compile1));
+	compile1.config_id=(int)Maat_cmd_incrby(feather, "TEST_SEQ", 1);
+	Maat_command_raw_set_compile(feather, MAAT_OP_ADD, &compile1, compile_table_name, NULL, 2);
+
+	
+	//group1->compile1
+	memset(&group1, 0, sizeof(group1));
+	group1.group_id=Maat_cmd_get_new_group_id(feather);
+	group1.table_name=group_table_name;
+	group1.virtual_table_name="HTTP_REQUEST_HEADER";
+	group1.parent_id=compile1.config_id;
+	group1.parent_type=PARENT_TYPE_COMPILE;
+	Maat_command_raw_set_group(feather, MAAT_OP_ADD, &group1);
+
+
+	/*region1->group1->compile1
+	*/
+	memset(&region1, 0, sizeof(region1));
+	region1.region_id=Maat_cmd_get_new_region_id(feather);
+	region1.region_type=REGION_EXPR;
+	region1.table_name=table_http_sig;
+	region1.expr_rule.district="URL";
+	region1.expr_rule.keywords="graph_theory";
+	region1.expr_rule.expr_type=EXPR_TYPE_STRING;
+	Maat_command_raw_set_region(feather, MAAT_OP_ADD, &region1, group1.group_id);
+
+	/*
+		region1->group1->compile1
+						/
+				group21/
+	*/
+	memset(&group21, 0, sizeof(group21));
+	group21.group_id=Maat_cmd_get_new_group_id(feather);
+	group21.table_name=group_table_name;
+	group21.virtual_table_name="HTTP_RESPONSE_HEADER";
+	group21.parent_id=compile1.config_id;
+	group21.parent_type=PARENT_TYPE_COMPILE;
+	Maat_command_raw_set_group(feather, MAAT_OP_ADD, &group21);
+
+	/*
+		region1->group1->compile1
+						/
+		group2->group21/
+	*/
+
+	memset(&group2, 0, sizeof(group2));
+	group2.group_id=Maat_cmd_get_new_group_id(feather);
+	group2.table_name=group_table_name;
+	group2.parent_id=group21.group_id;
+	group2.parent_type=PARENT_TYPE_GROUP;
+	Maat_command_raw_set_group(feather, MAAT_OP_ADD, &group2);
+
+
+	/*
+			region1->group1->compile1
+							 /
+	region2->group2->group21/
+	*/
+
+	memset(&region2, 0, sizeof(region2));
+	region2.region_id=Maat_cmd_get_new_region_id(feather);
+	region2.region_type=REGION_EXPR;
+	region2.table_name=table_http_sig;
+	region2.expr_rule.district="Cookie";
+	region2.expr_rule.keywords="time=2020-02-11";
+	region2.expr_rule.expr_type=EXPR_TYPE_STRING;
+	Maat_command_raw_set_region(feather, MAAT_OP_ADD, &region2, group2.group_id);
+
+	//region3->group3, group3 is not referenced by any compile.
+	memset(&region3, 0, sizeof(region3));
+	region3.region_id=Maat_cmd_get_new_region_id(feather);
+	region3.region_type=REGION_IP;
+	region3.table_name=table_ip;
+	region3.ip_rule.addr_type=ADDR_TYPE_IPv4;
+	region3.ip_rule.direction=ADDR_DIR_DOUBLE;
+	region3.ip_rule.src_ip="220.181.38.148";
+	region3.ip_rule.mask_src_ip="255.255.255.254";
+	region3.ip_rule.src_port=53331;
+	region3.ip_rule.mask_src_port=0;//means any port should hit.
+	
+	region3.ip_rule.dst_ip="47.93.59.84";
+	region3.ip_rule.mask_dst_ip="255.255.255.255";
+	region3.ip_rule.dst_port=80;
+	region3.ip_rule.mask_dst_port=65535;
+	region3.ip_rule.protocol=0;//means any protocol should hit.
+
+	group3.group_id=Maat_cmd_get_new_group_id(feather);
+	Maat_command_raw_set_region(feather, MAAT_OP_ADD, &region3, group3.group_id);
+
+	char temp[1024]={0};
+	//region4->group4, group4 is not referenced by any compile.
+	memset(&region4, 0, sizeof(region4));
+	region4.region_id=Maat_cmd_get_new_region_id(feather);
+	region4.region_type=REGION_EXPR;
+	region4.table_name=table_keywords;
+	region4.expr_rule.district=NULL;
+	region4.expr_rule.keywords= Maat_str_escape(temp, sizeof(temp), "a finite or infinite");
+	region4.expr_rule.expr_type=EXPR_TYPE_STRING;
+	
+	group4.group_id=Maat_cmd_get_new_group_id(feather);
+	Maat_command_raw_set_region(feather, MAAT_OP_ADD, &region4, group4.group_id);
+
+
+	sleep(1);
+
+	int ret=0, table_id=0;
+	const char* http_url="en.wikipedia.org/wiki/Path_(graph_theory)";
+	const char* http_resp_hdr_cookie="laptop=thinkpad X1 extrem;time=2020-02-11T15:34:00;main[XWJOKE]=hoho; Hm_lvt_bbac0322e6ee13093f98d5c4b5a10912=1578874808;";
+
+	struct ipaddr ipv4_addr;
+	struct stream_tuple4_v4 v4_addr;
+	ipv4_addr_set(&ipv4_addr, &v4_addr, "220.181.38.148", 17272, "47.93.59.84", 80);
+	
+
+	struct Maat_rule_t result[4];
+	memset(result, 0, sizeof(result));
+
+	scan_status_t mid=NULL;
+	int path_idx=0, Nth_scan=0;
+
+	table_id=Maat_table_register(feather, "HTTP_REQUEST_HEADER");	
+	ASSERT_GT(table_id, 0);
+	
+	ret=Maat_set_scan_status(feather, &mid, MAAT_SET_SCAN_DISTRICT, "URL", strlen("URL"));
+	ASSERT_EQ(ret, 0);
+
+	Nth_scan++;
+	ret=Maat_full_scan_string(feather, table_id, CHARSET_GBK, http_url, strlen(http_url), 
+						result, NULL, 4, &mid, 0);
+
+	EXPECT_EQ(ret, -2);
+	
+	struct Maat_hit_path_t hit_path[128];
+	int n_read=0;
+	n_read=Maat_get_scan_status(feather, &mid, MAAT_GET_SCAN_HIT_PATH, hit_path, sizeof(hit_path));
+	EXPECT_EQ(n_read, 1);
+	ASSERT_EQ(path_idx, 0);
+	EXPECT_EQ(hit_path[path_idx].Nth_scan, Nth_scan);
+	EXPECT_EQ(hit_path[path_idx].region_id, region1.region_id);
+	EXPECT_EQ(hit_path[path_idx].sub_group_id, group1.group_id);
+	EXPECT_EQ(hit_path[path_idx].top_group_id, group1.group_id);
+	EXPECT_EQ(hit_path[path_idx].virtual_table_id, table_id);
+	EXPECT_EQ(hit_path[path_idx].compile_id, -1);
+	
+
+	table_id=Maat_table_register(feather, "HTTP_RESPONSE_HEADER");
+	ASSERT_GT(table_id, 0);
+
+	ret=Maat_set_scan_status(feather, &mid, MAAT_SET_SCAN_DISTRICT, "Cookie", strlen("Cookie"));
+	ASSERT_EQ(ret, 0);
+
+	Nth_scan++;
+	ret=Maat_full_scan_string(feather, table_id, CHARSET_UTF8, http_resp_hdr_cookie, strlen(http_resp_hdr_cookie), 
+						result, NULL, 4, &mid, 0);
+
+	EXPECT_EQ(ret, 1);
+	EXPECT_EQ(result[0].config_id, compile1.config_id);	
+
+	n_read=Maat_get_scan_status(feather, &mid, MAAT_GET_SCAN_HIT_PATH, hit_path, sizeof(hit_path));
+	EXPECT_EQ(n_read, 2);
+	EXPECT_EQ(hit_path[path_idx].Nth_scan, Nth_scan-1);
+	EXPECT_EQ(hit_path[path_idx].region_id, region1.region_id);
+	EXPECT_EQ(hit_path[path_idx].sub_group_id, group1.group_id);
+	EXPECT_EQ(hit_path[path_idx].top_group_id, group1.group_id);
+	//virtual_table_id was compared in previous.
+	EXPECT_EQ(hit_path[path_idx].compile_id, compile1.config_id);
+
+	path_idx++;
+	ASSERT_EQ(path_idx, 1);
+	EXPECT_EQ(hit_path[path_idx].Nth_scan, Nth_scan);
+	EXPECT_EQ(hit_path[path_idx].region_id, region2.region_id);
+	EXPECT_EQ(hit_path[path_idx].sub_group_id, group2.group_id);
+	EXPECT_EQ(hit_path[path_idx].top_group_id, group21.group_id);
+	EXPECT_EQ(hit_path[path_idx].virtual_table_id, table_id);
+	EXPECT_EQ(hit_path[path_idx].compile_id, compile1.config_id);
+
+	const char* keywords1="In graph theory, a path in a graph is a finite or infinite \
+sequence of edges which joins a sequence of vertices which, by most definitions,\
+are all distinct (and since the vertices are distinct, so are the edges). ";
+	const char* keywords2="A directed path in a directed graph is a finite or infinite\
+sequence of edges which joins a sequence of distinct vertices, but with the added restriction\
+that the edges be all directed in the same direction.";
+	table_id=Maat_table_register(feather, table_keywords);
+	ASSERT_GT(table_id, 0);
+	stream_para_t stream_para;
+	stream_para=Maat_stream_scan_string_start(feather, table_id, 0);
+	Nth_scan++;
+	ret=Maat_stream_scan_string(&stream_para, CHARSET_UTF8, keywords1, strlen(keywords1), result, NULL, 4, &mid);
+	EXPECT_EQ(ret, -2);
+	n_read=Maat_get_scan_status(feather, &mid, MAAT_GET_SCAN_HIT_PATH, hit_path, sizeof(hit_path));
+	EXPECT_EQ(n_read, 3);
+	path_idx++;
+	ASSERT_EQ(path_idx, 2);
+	EXPECT_EQ(hit_path[path_idx].Nth_scan, Nth_scan);
+	EXPECT_EQ(hit_path[path_idx].region_id, region4.region_id);
+	EXPECT_EQ(hit_path[path_idx].sub_group_id, group4.group_id);
+	EXPECT_EQ(hit_path[path_idx].top_group_id, group4.group_id);
+	EXPECT_EQ(hit_path[path_idx].virtual_table_id, 0);
+	EXPECT_EQ(hit_path[path_idx].compile_id, -1);	
+	
+	table_id=Maat_table_register(feather, table_ip);
+	ASSERT_GT(table_id, 0);
+
+	Nth_scan++;
+	ret=Maat_scan_proto_addr(feather, table_id, &ipv4_addr, 6, result, 4, &mid, 0);
+	EXPECT_EQ(ret, -2);
+
+	n_read=Maat_get_scan_status(feather, &mid, MAAT_GET_SCAN_HIT_PATH, hit_path, sizeof(hit_path));
+	EXPECT_EQ(n_read, 4);
+	path_idx++;
+	ASSERT_EQ(path_idx, 3);
+	EXPECT_EQ(hit_path[path_idx].Nth_scan, Nth_scan);
+	EXPECT_EQ(hit_path[path_idx].region_id, region3.region_id);
+	EXPECT_EQ(hit_path[path_idx].sub_group_id, group3.group_id);
+	EXPECT_EQ(hit_path[path_idx].top_group_id, group3.group_id);
+	EXPECT_EQ(hit_path[path_idx].virtual_table_id, 0);
+	EXPECT_EQ(hit_path[path_idx].compile_id, -1);
+
+	Nth_scan++;
+	ret=Maat_stream_scan_string(&stream_para, CHARSET_UTF8, keywords2, strlen(keywords2), result, NULL, 4, &mid);
+	EXPECT_EQ(ret, -2);
+	n_read=Maat_get_scan_status(feather, &mid, MAAT_GET_SCAN_HIT_PATH, hit_path, sizeof(hit_path));
+	EXPECT_EQ(n_read, 5);
+	path_idx++;
+	ASSERT_EQ(path_idx, 4);
+	EXPECT_EQ(hit_path[path_idx].Nth_scan, Nth_scan);
+	EXPECT_EQ(hit_path[path_idx].region_id, region4.region_id);
+	EXPECT_EQ(hit_path[path_idx].sub_group_id, group4.group_id);
+	EXPECT_EQ(hit_path[path_idx].top_group_id, group4.group_id);
+	EXPECT_EQ(hit_path[path_idx].virtual_table_id, 0);
+	EXPECT_EQ(hit_path[path_idx].compile_id, -1);
+	Maat_stream_scan_string_end(&stream_para);
+
+	Maat_clean_status(&mid);
+
+	return;
+
+}
 
 int main(int argc, char ** argv)
 {