gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[FEATURE]expr_matcher support dual engine(hyperscan & rulescan)

Browse Source
This commit is contained in:
刘文坛
2023-07-28 12:32:25 +00:00
parent c1d413e992
commit bcbb796a7d
55 changed files with 3745 additions and 81813 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/CMakeLists.txt
View File

@@ -23,13 +23,15 @@ include_directories(/opt/MESA/include/MESA/)
include_directories(${PROJECT_SOURCE_DIR}/include/)
include_directories(${PROJECT_SOURCE_DIR}/deps/)
include_directories(${PROJECT_SOURCE_DIR}/scanner)
include_directories(${PROJECT_SOURCE_DIR}/scanner/adapter_hs)
include_directories(${PROJECT_SOURCE_DIR}/scanner/fqdn_engine)
include_directories(${PROJECT_SOURCE_DIR}/scanner/bool_matcher)
include_directories(${PROJECT_SOURCE_DIR}/scanner/ip_matcher)
include_directories(${PROJECT_SOURCE_DIR}/scanner/flag_matcher)
include_directories(${PROJECT_SOURCE_DIR}/scanner/interval_matcher)
include_directories(${PROJECT_SOURCE_DIR}/src/inc_internal)
include_directories(${PROJECT_SOURCE_DIR}/scanner/expr_matcher)
include_directories(${PROJECT_SOURCE_DIR}/scanner/expr_matcher/adapter_hs)
include_directories(${PROJECT_SOURCE_DIR}/scanner/expr_matcher/adapter_rs)
# Static Library Output
add_library(maat_frame_static STATIC ${MAAT_SRC} ${LIB_SOURCE_FILES})

9
src/inc_internal/maat_expr.h
View File

@@ -52,14 +52,13 @@ long long expr_runtime_get_version(void *expr_runtime);
int expr_runtime_scan(struct expr_runtime *expr_rt, int thread_id, const char *data,
size_t data_len, int vtable_id, struct maat_state *state);
struct adapter_hs_stream *expr_runtime_stream_open(struct expr_runtime *expr_rt, int thread_id);
struct expr_matcher_stream *expr_runtime_stream_open(struct expr_runtime *expr_rt, int thread_id);
int expr_runtime_stream_scan(struct expr_runtime *expr_rt, struct adapter_hs_stream *s_handle,
const char *data, size_t data_len,
int vtable_id, struct maat_state *state);
int expr_runtime_stream_scan(struct expr_runtime *expr_rt, struct expr_matcher_stream *s_handle,
const char *data, size_t data_len, int vtable_id, struct maat_state *state);
void expr_runtime_stream_close(struct expr_runtime *expr_rt, int thread_id,
struct adapter_hs_stream *s_handle);
struct expr_matcher_stream *stream);
int expr_runtime_set_scan_district(struct expr_runtime *expr_rt, const char *district,
size_t district_len, long long *district_id);

1
src/inc_internal/maat_rule.h
View File

@@ -128,6 +128,7 @@ struct maat_options {
int rule_effect_interval_ms;
int rule_update_checking_interval_ms;
enum maat_expr_engine expr_engine;
enum data_source input_mode;
union {
struct source_iris_ctx iris_ctx;

6
src/inc_internal/maat_table.h
View File

@@ -19,6 +19,7 @@ extern "C"
#include <stddef.h>
#include <cJSON/cJSON.h>
#include "maat.h"
#include "log/log.h"
#include "maat_garbage_collection.h"
@@ -47,7 +48,8 @@ struct table_manager;
struct table_manager *
table_manager_create(const char *table_info_path, const char *accept_tags,
struct maat_garbage_bin *garbage_bin, struct log_handle *logger);
enum maat_expr_engine expr_engine, struct maat_garbage_bin *garbage_bin,
struct log_handle *logger);
int table_manager_runtime_create(struct table_manager *tbl_mgr, size_t max_thread_num,
struct maat_garbage_bin *garbage_bin);
@@ -67,6 +69,8 @@ int table_manager_get_group2group_table_id(struct table_manager *tbl_mgr);
int table_manager_get_valid_column(struct table_manager *tbl_mgr, int table_id);
enum maat_expr_engine table_manager_get_expr_engine(struct table_manager *tbl_mgr);
size_t table_manager_accept_tags_count(struct table_manager *tbl_mgr);
int table_manager_accept_tags_match(struct table_manager *tbl_mgr, const char *tags);

50
src/maat_api.c
View File

@@ -51,7 +51,7 @@ enum district_flag {
struct maat_stream {
struct maat *ref_maat_inst;
struct adapter_hs_stream *handle; //each physical table open one stream
struct expr_matcher_stream *handle; //each physical table open one stream
long long last_full_version;
long long expr_rt_version;
struct log_handle *logger;
@@ -70,6 +70,7 @@ struct maat_options* maat_options_new(void)
options->rule_update_checking_interval_ms = 1 * 1000;
options->gc_timeout_ms = 10 * 1000;
options->input_mode = DATA_SOURCE_NONE;
options->expr_engine = MAAT_EXPR_ENGINE_HS;
options->log_level = 0;
return options;
@@ -254,6 +255,19 @@ int maat_options_set_stat_file(struct maat_options *opts, const char *stat_filen
return 0;
}
int maat_options_set_expr_engine(struct maat_options *opts,
enum maat_expr_engine expr_engine)
{
if (NULL == opts ||
(expr_engine != MAAT_EXPR_ENGINE_HS && expr_engine != MAAT_EXPR_ENGINE_RS)) {
return -1;
}
opts->expr_engine = expr_engine;
return 0;
}
int maat_options_set_logger(struct maat_options *opts, const char *log_path,
enum log_level level)
{
@@ -357,7 +371,8 @@ struct maat *maat_new(struct maat_options *opts, const char *table_info_path)
pthread_mutex_init(&(maat_inst->background_update_mutex), NULL);
maat_inst->tbl_mgr = table_manager_create(table_info_path, maat_inst->opts.accept_tags,
maat_inst->garbage_bin, maat_inst->logger);
maat_inst->opts.expr_engine, maat_inst->garbage_bin,
maat_inst->logger);
if (NULL == maat_inst->tbl_mgr) {
goto failed;
}
@@ -410,12 +425,7 @@ int maat_helper_verify_regex_expression(const char *regex_expr)
return 0;
}
int ret = adapter_hs_verify_regex_expression(regex_expr, NULL);
if (ret < 0) {
return 0;
} else {
return 1;
}
return expr_matcher_verify_regex_expression(regex_expr, NULL);
}
int maat_get_table_id(struct maat *maat_inst, const char *table_name)
@@ -1168,9 +1178,7 @@ int maat_scan_flag(struct maat *maat_inst, int table_id,
return MAAT_SCAN_ERR;
}
maat_runtime_ref_inc(maat_rt, state->thread_id);
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
int hit_group_cnt = flag_scan(maat_inst->tbl_mgr, state->thread_id, flag,
phy_table_id, vtable_id, state);
if (hit_group_cnt < 0) {
@@ -1178,6 +1186,8 @@ int maat_scan_flag(struct maat *maat_inst, int table_id,
return MAAT_SCAN_ERR;
}
maat_runtime_ref_inc(maat_rt, state->thread_id);
size_t sum_hit_compile_cnt = 0;
if (hit_group_cnt > 0 || scan_status_should_compile_NOT(state)) {
sum_hit_compile_cnt = group_to_compile(maat_inst, results, n_result, state);
@@ -1257,9 +1267,7 @@ int maat_scan_integer(struct maat *maat_inst, int table_id,
return MAAT_SCAN_ERR;
}
maat_runtime_ref_inc(maat_rt, state->thread_id);
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
int hit_group_cnt = interval_scan(maat_inst->tbl_mgr, state->thread_id, integer,
phy_table_id, vtable_id, state);
if (hit_group_cnt < 0) {
@@ -1267,6 +1275,8 @@ int maat_scan_integer(struct maat *maat_inst, int table_id,
return MAAT_SCAN_ERR;
}
maat_runtime_ref_inc(maat_rt, state->thread_id);
size_t sum_hit_compile_cnt = 0;
if (hit_group_cnt > 0 || scan_status_should_compile_NOT(state)) {
sum_hit_compile_cnt = group_to_compile(maat_inst, results, n_result, state);
@@ -1346,9 +1356,7 @@ int maat_scan_ipv4(struct maat *maat_inst, int table_id, uint32_t ip_addr,
return MAAT_SCAN_ERR;
}
maat_runtime_ref_inc(maat_rt, state->thread_id);
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
int hit_group_cnt = ipv4_scan(maat_inst->tbl_mgr, state->thread_id, ip_addr,
port, protocol, phy_table_id, vtable_id, state);
if (hit_group_cnt < 0) {
@@ -1356,6 +1364,8 @@ int maat_scan_ipv4(struct maat *maat_inst, int table_id, uint32_t ip_addr,
return MAAT_SCAN_ERR;
}
maat_runtime_ref_inc(maat_rt, state->thread_id);
size_t sum_hit_compile_cnt = 0;
if (hit_group_cnt > 0 || scan_status_should_compile_NOT(state)) {
sum_hit_compile_cnt = group_to_compile(maat_inst, results, n_result, state);
@@ -1436,9 +1446,7 @@ int maat_scan_ipv6(struct maat *maat_inst, int table_id,
return MAAT_SCAN_ERR;
}
maat_runtime_ref_inc(maat_rt, state->thread_id);
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
int hit_group_cnt = ipv6_scan(maat_inst->tbl_mgr, state->thread_id, ip_addr,
port, protocol, phy_table_id, vtable_id, state);
if (hit_group_cnt < 0) {
@@ -1446,6 +1454,8 @@ int maat_scan_ipv6(struct maat *maat_inst, int table_id,
return MAAT_SCAN_ERR;
}
maat_runtime_ref_inc(maat_rt, state->thread_id);
size_t sum_hit_compile_cnt = 0;
if (hit_group_cnt > 0 || scan_status_should_compile_NOT(state)) {
sum_hit_compile_cnt = group_to_compile(maat_inst, results, n_result, state);
@@ -1525,9 +1535,7 @@ int maat_scan_string(struct maat *maat_inst, int table_id, const char *data,
return MAAT_SCAN_ERR;
}
maat_runtime_ref_inc(maat_rt, state->thread_id);
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
int hit_group_cnt = string_scan(maat_inst->tbl_mgr, state->thread_id, data,
data_len, phy_table_id, vtable_id, state);
if (hit_group_cnt < 0) {
@@ -1535,6 +1543,8 @@ int maat_scan_string(struct maat *maat_inst, int table_id, const char *data,
return MAAT_SCAN_ERR;
}
maat_runtime_ref_inc(maat_rt, state->thread_id);
size_t sum_hit_compile_cnt = 0;
if (hit_group_cnt > 0 || scan_status_should_compile_NOT(state)) {
sum_hit_compile_cnt = group_to_compile(maat_inst, results, n_result, state);
@@ -1609,8 +1619,8 @@ struct maat_stream *maat_stream_new(struct maat *maat_inst, int table_id,
stream->expr_rt_version = expr_runtime_get_version(expr_rt);
maat_runtime_ref_inc(maat_inst->maat_rt, state->thread_id);
struct adapter_hs_stream *handle = expr_runtime_stream_open((struct expr_runtime *)expr_rt,
state->thread_id);
struct expr_matcher_stream *handle = expr_runtime_stream_open((struct expr_runtime *)expr_rt,
state->thread_id);
if (NULL == handle) {
goto error;
}

8
src/maat_bool_plugin.c
View File

@@ -476,6 +476,10 @@ int bool_plugin_runtime_commit(void *bool_plugin_runtime, const char *table_name
"update %zu bool_plugin rules", __FUNCTION__, __LINE__,
table_name, rule_cnt);
ret = -1;
} else {
log_info(bool_plugin_rt->logger, MODULE_BOOL_PLUGIN,
"table[%s] commit %zu bool_plugin rules and rebuild bool_matcher"
" completed, version:%lld", table_name, rule_cnt, maat_rt_version);
}
}
@@ -488,10 +492,6 @@ int bool_plugin_runtime_commit(void *bool_plugin_runtime, const char *table_name
bool_plugin_rt->rule_num = rule_cnt;
log_info(bool_plugin_rt->logger, MODULE_BOOL_PLUGIN,
"table[%s] commit %zu bool_plugin rules and rebuild bool_matcher completed"
", version:%lld", table_name, rule_cnt, maat_rt_version);
if (rules != NULL) {
FREE(rules);
}

1
src/maat_config_monitor.c
View File

@@ -151,7 +151,6 @@ static int cm_read_table_file(struct cm_table_info_t *index,
size_t file_offset = 0;
char line[MAX_CONFIG_LINE] = {0};
read_nxt_line_from_buff(file_buff, file_sz, &file_offset, line, sizeof(line));
int cfg_num = 0;
sscanf(line, "%d\n", &cfg_num);

125
src/maat_expr.c
View File

@@ -60,7 +60,7 @@ struct expr_item {
long long group_id;
char keywords[MAX_KEYWORDS_STR];
enum expr_type expr_type;
enum hs_match_mode match_mode;
enum expr_match_mode match_mode;
int is_hexbin;
int is_case_sensitive;
void *user_data;
@@ -68,7 +68,7 @@ struct expr_item {
};
struct expr_runtime {
struct adapter_hs *hs;
struct expr_matcher *matcher;
struct rcu_hash_table *item_hash; // <item_id, struct expr_item>
long long version; //expr_rt version
@@ -79,6 +79,7 @@ struct expr_runtime {
struct log_handle *logger;
struct maat_garbage_bin *ref_garbage_bin;
enum maat_expr_engine expr_engine;
int district_num;
struct maat_kv_store *district_map;
struct maat_kv_store *tmp_district_map;
@@ -114,22 +115,22 @@ static enum expr_type int_to_expr_type(int expr_type)
return type;
}
static enum hs_match_mode int_to_match_mode(int match_method)
static enum expr_match_mode int_to_match_mode(int match_method)
{
enum hs_match_mode mode = HS_MATCH_MODE_INVALID;
enum expr_match_mode mode = EXPR_MATCH_MODE_INVALID;
switch (match_method) {
case 0:
mode = HS_MATCH_MODE_SUB;
mode = EXPR_MATCH_MODE_SUB;
break;
case 1:
mode = HS_MATCH_MODE_SUFFIX;
mode = EXPR_MATCH_MODE_SUFFIX;
break;
case 2:
mode = HS_MATCH_MODE_PREFIX;
mode = EXPR_MATCH_MODE_PREFIX;
break;
case 3:
mode = HS_MATCH_MODE_EXACTLY;
mode = EXPR_MATCH_MODE_EXACTLY;
break;
default:
break;
@@ -234,8 +235,8 @@ expr_item_new(struct expr_schema *expr_schema, const char *table_name,
__FUNCTION__, __LINE__, table_name, line);
goto error;
} else if (expr_item->expr_type == EXPR_TYPE_REGEX) {
ret = adapter_hs_verify_regex_expression(expr_item->keywords, expr_rt->logger);
if (ret < 0) {
ret = expr_matcher_verify_regex_expression(expr_item->keywords, expr_rt->logger);
if (0 == ret) {
log_error(expr_rt->logger, MODULE_EXPR,
"[%s:%d] expr table:<%s> regex expression(item_id:%lld):%s illegal,"
" will be dropped", __FUNCTION__, __LINE__, table_name,
@@ -277,7 +278,7 @@ expr_item_new(struct expr_schema *expr_schema, const char *table_name,
match_method_type = atoi(line + column_offset);
expr_item->match_mode = int_to_match_mode(match_method_type);
if (expr_item->match_mode == HS_MATCH_MODE_INVALID) {
if (expr_item->match_mode == EXPR_MATCH_MODE_INVALID) {
log_error(expr_rt->logger, MODULE_EXPR,
"[%s:%d] expr table:<%s> has invalid match_method in line:%s",
__FUNCTION__, __LINE__, table_name, line);
@@ -472,12 +473,14 @@ void *expr_runtime_new(void *expr_schema, size_t max_thread_num,
return NULL;
}
struct expr_schema *schema = (struct expr_schema *)expr_schema;
struct expr_runtime *expr_rt = ALLOC(struct expr_runtime, 1);
expr_rt->item_hash = rcu_hash_new(expr_item_free_cb, NULL, 0);
expr_rt->n_worker_thread = max_thread_num;
expr_rt->ref_garbage_bin = garbage_bin;
expr_rt->logger = logger;
expr_rt->expr_engine = table_manager_get_expr_engine(schema->ref_tbl_mgr);
expr_rt->district_map = maat_kv_store_new();
expr_rt->hit_cnt = alignment_int64_array_alloc(max_thread_num);
@@ -495,9 +498,9 @@ void expr_runtime_free(void *expr_runtime)
}
struct expr_runtime *expr_rt = (struct expr_runtime *)expr_runtime;
if (expr_rt->hs != NULL) {
adapter_hs_free(expr_rt->hs);
expr_rt->hs = NULL;
if (expr_rt->matcher != NULL) {
expr_matcher_free(expr_rt->matcher);
expr_rt->matcher = NULL;
}
if (expr_rt->item_hash != NULL) {
@@ -558,18 +561,18 @@ static int expr_runtime_update_row(struct expr_runtime *expr_rt, char *key,
return 0;
}
static enum hs_pattern_type expr_type2pattern_type(enum expr_type expr_type)
static enum expr_pattern_type expr_type2pattern_type(enum expr_type expr_type)
{
enum hs_pattern_type pattern_type;
enum expr_pattern_type pattern_type = EXPR_PATTERN_TYPE_STR;
switch (expr_type) {
case EXPR_TYPE_STRING:
case EXPR_TYPE_AND:
case EXPR_TYPE_OFFSET:
pattern_type = HS_PATTERN_TYPE_STR;
pattern_type = EXPR_PATTERN_TYPE_STR;
break;
case EXPR_TYPE_REGEX:
pattern_type = HS_PATTERN_TYPE_REG;
pattern_type = EXPR_PATTERN_TYPE_REG;
break;
default:
break;
@@ -686,12 +689,12 @@ static int expr_item_to_expr_rule(struct expr_item *expr_item,
}
sub_expr_cnt = i;
break;
case EXPR_TYPE_STRING:
case EXPR_TYPE_STRING: //AND/OFFSET/STRING type expression use \b to represent blank(' ')
sub_expr_cnt = 1;
sub_key_array[0] = expr_item->keywords;
sub_key_array[0] = str_unescape(sub_key_array[0]);
break;
case EXPR_TYPE_REGEX:
case EXPR_TYPE_REGEX: //only regex type expression use \s to represent blank(' ')
sub_expr_cnt = 1;
sub_key_array[0] = expr_item->keywords;
break;
@@ -710,15 +713,15 @@ static int expr_item_to_expr_rule(struct expr_item *expr_item,
if (TRUE == expr_item->is_case_sensitive) {
// insensitive
expr_rule->patterns[i].case_sensitive = HS_CASE_SENSITIVE;
expr_rule->patterns[i].case_sensitive = EXPR_CASE_SENSITIVE;
} else {
expr_rule->patterns[i].case_sensitive = HS_CASE_INSENSITIVE;
expr_rule->patterns[i].case_sensitive = EXPR_CASE_INSENSITIVE;
}
expr_rule->patterns[i].pattern_type = expr_type2pattern_type(expr_item->expr_type);
expr_rule->patterns[i].type = expr_type2pattern_type(expr_item->expr_type);
if (TRUE == expr_item->is_hexbin &&
expr_rule->patterns[i].pattern_type != HS_PATTERN_TYPE_REG) {
expr_rule->patterns[i].type != EXPR_PATTERN_TYPE_REG) {
region_str_len = strlen(sub_key_array[i]) * 8 + 1;
region_string = ALLOC(char, region_str_len);
region_str_len = hex2bin(sub_key_array[i], strlen(sub_key_array[i]),
@@ -738,13 +741,13 @@ static int expr_item_to_expr_rule(struct expr_item *expr_item,
}
expr_rule->patterns[i].match_mode = expr_item->match_mode;
if (expr_rule->patterns[i].match_mode == HS_MATCH_MODE_SUB) {
if (expr_rule->patterns[i].match_mode == EXPR_MATCH_MODE_SUB) {
expr_rule->patterns[i].start_offset = key_left_offset[i];
expr_rule->patterns[i].end_offset = key_right_offset[i];
}
}
expr_rule->expr_id = expr_item->item_id;
expr_rule->user_tag = expr_item->user_data;
expr_rule->tag = expr_item->user_data;
expr_rule->n_patterns = sub_expr_cnt;
return 0;
@@ -810,10 +813,10 @@ int expr_runtime_update(void *expr_runtime, void *expr_schema,
return 0;
}
static void garbage_adapter_hs_free(void *adapter_hs, void *arg)
static void garbage_expr_matcher_free(void *expr_matcher, void *arg)
{
struct adapter_hs *hs = (struct adapter_hs *)adapter_hs;
adapter_hs_free(hs);
struct expr_matcher *matcher = (struct expr_matcher *)expr_matcher;
expr_matcher_free(matcher);
}
int expr_runtime_commit(void *expr_runtime, const char *table_name,
@@ -864,38 +867,42 @@ int expr_runtime_commit(void *expr_runtime, const char *table_name,
}
}
struct adapter_hs *new_adapter_hs = NULL;
struct adapter_hs *old_adapter_hs = NULL;
struct expr_matcher *new_matcher = NULL;
struct expr_matcher *old_matcher = NULL;
if (rule_cnt > 0) {
new_adapter_hs = adapter_hs_new(rules, real_rule_cnt, expr_rt->n_worker_thread,
expr_rt->logger);
if (NULL == new_adapter_hs) {
enum expr_engine_type engine_type = EXPR_ENGINE_TYPE_HS;
if (expr_rt->expr_engine == MAAT_EXPR_ENGINE_RS) {
engine_type = EXPR_ENGINE_TYPE_RS;
}
new_matcher = expr_matcher_new(rules, real_rule_cnt, engine_type,
expr_rt->n_worker_thread, expr_rt->logger);
if (NULL == new_matcher) {
log_error(expr_rt->logger, MODULE_EXPR,
"[%s:%d] table[%s] rebuild adapter_hs engine failed when update"
"[%s:%d] table[%s] rebuild expr_matcher failed when update"
" %zu expr rules", __FUNCTION__, __LINE__, table_name, real_rule_cnt);
ret = -1;
} else {
log_info(expr_rt->logger, MODULE_EXPR,
"table[%s] has %zu rules, commit %zu expr rules(regex rules:%zu) "
"and rebuild adapter_hs completed, version:%lld", table_name, rule_cnt,
real_rule_cnt, real_regex_rule_cnt, maat_rt_version);
}
}
old_adapter_hs = expr_rt->hs;
expr_rt->hs = new_adapter_hs;
old_matcher = expr_rt->matcher;
expr_rt->matcher = new_matcher;
rcu_hash_commit(expr_rt->item_hash);
if (old_adapter_hs != NULL) {
maat_garbage_bagging(expr_rt->ref_garbage_bin, old_adapter_hs, NULL,
garbage_adapter_hs_free);
if (old_matcher != NULL) {
maat_garbage_bagging(expr_rt->ref_garbage_bin, old_matcher, NULL, garbage_expr_matcher_free);
}
expr_rt->rule_num = real_rule_cnt;
expr_rt->regex_rule_num = real_regex_rule_cnt;
expr_rt->version = maat_rt_version;
log_info(expr_rt->logger, MODULE_EXPR,
"table[%s] has %zu rules, commit %zu expr rules(regex rules:%zu) "
"and rebuild adapter_hs completed, version:%lld", table_name, rule_cnt,
real_rule_cnt, real_regex_rule_cnt, expr_rt->version);
if (rules != NULL) {
for (i = 0; i < rule_cnt; i++) {
expr_rule_reset(&rules[i]);
@@ -949,15 +956,14 @@ int expr_runtime_scan(struct expr_runtime *expr_rt, int thread_id,
return 0;
}
if (NULL == expr_rt->hs) {
if (NULL == expr_rt->matcher) {
return 0;
}
size_t n_hit_item = 0;
struct hs_scan_result hit_results[MAX_SCANNER_HIT_ITEM_NUM];
int ret = adapter_hs_scan(expr_rt->hs, thread_id, data, data_len,
hit_results, MAX_SCANNER_HIT_ITEM_NUM,
&n_hit_item);
struct expr_scan_result hit_results[MAX_SCANNER_HIT_ITEM_NUM];
int ret = expr_matcher_match(expr_rt->matcher, thread_id, data, data_len,
hit_results, MAX_SCANNER_HIT_ITEM_NUM, &n_hit_item);
if (ret < 0) {
return -1;
}
@@ -1000,14 +1006,15 @@ int expr_runtime_scan(struct expr_runtime *expr_rt, int thread_id,
return real_hit_item_cnt;
}
struct adapter_hs_stream *
struct expr_matcher_stream *
expr_runtime_stream_open(struct expr_runtime *expr_rt, int thread_id)
{
if (NULL == expr_rt || thread_id < 0) {
return NULL;
}
struct adapter_hs_stream *stream = adapter_hs_stream_open(expr_rt->hs, thread_id);
struct expr_matcher_stream *stream = expr_matcher_stream_open(expr_rt->matcher,
thread_id);
if (NULL == stream) {
return NULL;
}
@@ -1016,7 +1023,7 @@ expr_runtime_stream_open(struct expr_runtime *expr_rt, int thread_id)
}
int expr_runtime_stream_scan(struct expr_runtime *expr_rt,
struct adapter_hs_stream *s_handle,
struct expr_matcher_stream *s_handle,
const char *data, size_t data_len,
int vtable_id, struct maat_state *state)
{
@@ -1026,10 +1033,10 @@ int expr_runtime_stream_scan(struct expr_runtime *expr_rt,
}
size_t n_hit_item = 0;
struct hs_scan_result hit_results[MAX_SCANNER_HIT_ITEM_NUM];
struct expr_scan_result hit_results[MAX_SCANNER_HIT_ITEM_NUM];
int ret = adapter_hs_scan_stream(s_handle, data, data_len, hit_results,
MAX_SCANNER_HIT_ITEM_NUM, &n_hit_item);
int ret = expr_matcher_stream_match(s_handle, data, data_len, hit_results,
MAX_SCANNER_HIT_ITEM_NUM, &n_hit_item);
if (ret < 0) {
return -1;
}
@@ -1067,13 +1074,13 @@ int expr_runtime_stream_scan(struct expr_runtime *expr_rt,
}
void expr_runtime_stream_close(struct expr_runtime *expr_rt, int thread_id,
struct adapter_hs_stream *s_handle)
struct expr_matcher_stream *stream)
{
if (NULL == expr_rt || thread_id < 0 || NULL == s_handle) {
if (NULL == expr_rt || thread_id < 0 || NULL == stream) {
return;
}
adapter_hs_stream_close(s_handle);
expr_matcher_stream_close(stream);
}
void expr_runtime_hit_inc(struct expr_runtime *expr_rt, int thread_id)

8
src/maat_flag.c
View File

@@ -497,6 +497,10 @@ int flag_runtime_commit(void *flag_runtime, const char *table_name,
"when update %zu flag rules", __FUNCTION__, __LINE__,
table_name, rule_cnt);
ret = -1;
} else {
log_info(flag_rt->logger, MODULE_FLAG,
"table[%s] commit %zu flag rules and rebuild flag_matcher completed,"
" version:%lld", table_name, rule_cnt, maat_rt_version);
}
}
@@ -511,10 +515,6 @@ int flag_runtime_commit(void *flag_runtime, const char *table_name,
flag_rt->rule_num = rule_cnt;
log_info(flag_rt->logger, MODULE_FLAG,
"table[%s] commit %zu flag rules and rebuild flag_matcher completed,"
" version:%lld", table_name, rule_cnt, maat_rt_version);
if (rules != NULL) {
FREE(rules);
}

8
src/maat_fqdn_plugin.c
View File

@@ -481,6 +481,10 @@ int fqdn_plugin_runtime_commit(void *fqdn_plugin_runtime, const char *table_name
" %zu fqdn_plugin rules", __FUNCTION__, __LINE__, table_name,
rule_cnt);
ret = -1;
} else {
log_info(fqdn_plugin_rt->logger, MODULE_FQDN_PLUGIN,
"table[%s] commit %zu fqdn_plugin rules and rebuild FQDN engine"
" completed, version:%lld", table_name, rule_cnt, maat_rt_version);
}
}
@@ -493,10 +497,6 @@ int fqdn_plugin_runtime_commit(void *fqdn_plugin_runtime, const char *table_name
fqdn_plugin_rt->rule_num = rule_cnt;
log_info(fqdn_plugin_rt->logger, MODULE_FQDN_PLUGIN,
"table[%s] commit %zu fqdn_plugin rules and rebuild FQDN engine completed"
", version:%lld", table_name, rule_cnt, maat_rt_version);
if (rules != NULL) {
FREE(rules);
}

8
src/maat_interval.c
View File

@@ -498,6 +498,10 @@ int interval_runtime_commit(void *interval_runtime, const char *table_name,
"when update %zu interval rules", __FUNCTION__, __LINE__,
table_name, rule_cnt);
ret = -1;
} else {
log_info(interval_rt->logger, MODULE_INTERVAL,
"table[%s] commit %zu interval rules and rebuild interval_matcher "
"completed, version:%lld", table_name, rule_cnt, maat_rt_version);
}
}
@@ -511,10 +515,6 @@ int interval_runtime_commit(void *interval_runtime, const char *table_name,
}
interval_rt->rule_num = rule_cnt;
log_info(interval_rt->logger, MODULE_INTERVAL,
"table[%s] commit %zu interval rules and rebuild interval_matcher "
"completed, version:%lld", table_name, rule_cnt, maat_rt_version);
if (rules != NULL) {
FREE(rules);

8
src/maat_ip.c
View File

@@ -612,6 +612,10 @@ int ip_runtime_commit(void *ip_runtime, const char *table_name,
"when update %zu ip rules", __FUNCTION__, __LINE__,
table_name, rule_cnt);
ret = -1;
} else {
log_info(ip_rt->logger, MODULE_IP,
"table[%s] commit %zu ip rules and rebuild ip_matcher completed"
", version:%lld", table_name, rule_cnt, maat_rt_version);
}
new_intval_matcher = interval_matcher_new(intval_rules, rule_cnt);
@@ -642,10 +646,6 @@ int ip_runtime_commit(void *ip_runtime, const char *table_name,
ip_rt->rule_num = rule_cnt;
log_info(ip_rt->logger, MODULE_IP,
"table[%s] commit %zu ip rules and rebuild ip_matcher completed"
", version:%lld", table_name, rule_cnt, maat_rt_version);
if (rules != NULL) {
FREE(rules);
}

8
src/maat_ip_plugin.c
View File

@@ -520,6 +520,10 @@ int ip_plugin_runtime_commit(void *ip_plugin_runtime, const char *table_name,
"[%s:%d] ip_plugin table[%s] rebuild ip_matcher failed when "
"update %zu rules", __FUNCTION__, __LINE__, table_name, rule_cnt);
ret = -1;
} else {
log_info(ip_plugin_rt->logger, MODULE_IP_PLUGIN,
"table[%s] commit %zu ip_plugin rules and rebuild ip_matcher "
"completed, version:%lld", table_name, rule_cnt, maat_rt_version);
}
}
@@ -532,10 +536,6 @@ int ip_plugin_runtime_commit(void *ip_plugin_runtime, const char *table_name,
ip_plugin_rt->rule_num = rule_cnt;
log_info(ip_plugin_rt->logger, MODULE_IP_PLUGIN,
"table[%s] commit %zu ip_plugin rules and rebuild ip_matcher "
"completed, version:%lld", table_name, rule_cnt, maat_rt_version);
if (rules != NULL) {
FREE(rules);
}

14
src/maat_table.c
View File

@@ -47,6 +47,7 @@ struct table_manager {
struct rule_tag *accept_tags;
size_t n_accept_tag;
enum maat_expr_engine expr_engine;
int default_compile_table_id;
int g2g_table_id;
struct maat_kv_store *tablename2id_map;
@@ -661,7 +662,8 @@ static int register_tablename2id(cJSON *json, struct maat_kv_store *tablename2id
struct table_manager *
table_manager_create(const char *table_info_path, const char *accept_tags,
struct maat_garbage_bin *garbage_bin, struct log_handle *logger)
enum maat_expr_engine expr_engine, struct maat_garbage_bin *garbage_bin,
struct log_handle *logger)
{
if (NULL == table_info_path) {
return NULL;
@@ -702,6 +704,7 @@ table_manager_create(const char *table_info_path, const char *accept_tags,
tbl_mgr->n_accept_tag = parse_accept_tag(accept_tags, &tbl_mgr->accept_tags, logger);
tbl_mgr->logger = logger;
tbl_mgr->tablename2id_map = maat_kv_store_new();
tbl_mgr->expr_engine = expr_engine;
tbl_mgr->ref_garbage_bin = garbage_bin;
for (int i = 0; i < json_array_size; i++) {
@@ -1018,6 +1021,15 @@ int table_manager_get_valid_column(struct table_manager *tbl_mgr, int table_id)
return tbl_mgr->tbl[table_id]->valid_column;
}
enum maat_expr_engine table_manager_get_expr_engine(struct table_manager *tbl_mgr)
{
if (NULL == tbl_mgr) {
return MAAT_EXPR_ENGINE_HS;
}
return tbl_mgr->expr_engine;
}
size_t table_manager_accept_tags_count(struct table_manager *tbl_mgr)
{
if (NULL == tbl_mgr) {