[FEATURE]support enable/disable compile_NOT
This commit is contained in:
liuwentan
@@ -275,7 +275,9 @@ void maat_state_free(struct maat_state *state);
|
|||||||
int maat_state_set_scan_district(struct maat_state *state, int table_id,
|
int maat_state_set_scan_district(struct maat_state *state, int table_id,
|
||||||
const char *district, size_t district_len);
|
const char *district, size_t district_len);
|
||||||
|
|
||||||
int maat_state_set_last_scan(struct maat_state *state);
|
int maat_state_enable_compile_NOT(struct maat_state *state);
|
||||||
|
|
||||||
|
int maat_state_disable_compile_NOT(struct maat_state *state);
|
||||||
|
|
||||||
int maat_state_set_scan_compile_table(struct maat_state *state, int compile_table_id);
|
int maat_state_set_scan_compile_table(struct maat_state *state, int compile_table_id);
|
||||||
|
|
||||||
|
|||||||
@@ -187,10 +187,9 @@ struct maat {
|
|||||||
struct maat_stat *stat;
|
struct maat_stat *stat;
|
||||||
};
|
};
|
||||||
|
|
||||||
enum last_scan_flag {
|
enum compile_not_flag {
|
||||||
LAST_SCAN_UNSET,
|
COMPILE_NOT_UNSET,
|
||||||
LAST_SCAN_SET,
|
COMPILE_NOT_SET
|
||||||
LAST_SCAN_FINISHED
|
|
||||||
};
|
};
|
||||||
|
|
||||||
struct maat_state {
|
struct maat_state {
|
||||||
@@ -201,7 +200,7 @@ struct maat_state {
|
|||||||
uint16_t thread_id;
|
uint16_t thread_id;
|
||||||
int16_t compile_table_id;
|
int16_t compile_table_id;
|
||||||
uint8_t is_set_district;
|
uint8_t is_set_district;
|
||||||
uint8_t is_last_scan;
|
uint8_t compile_NOT_flag;
|
||||||
};
|
};
|
||||||
|
|
||||||
int my_scandir(const char *dir, struct dirent ***namelist,
|
int my_scandir(const char *dir, struct dirent ***namelist,
|
||||||
|
|||||||
@@ -916,8 +916,9 @@ int maat_bool_plugin_table_get_ex_data(struct maat *maat_inst, int table_id,
|
|||||||
|
|
||||||
static inline int scan_status_should_compile_NOT(struct maat_state *state)
|
static inline int scan_status_should_compile_NOT(struct maat_state *state)
|
||||||
{
|
{
|
||||||
if (state && (LAST_SCAN_SET == state->is_last_scan) && state->compile_state
|
if (state && (COMPILE_NOT_SET == state->compile_NOT_flag) &&
|
||||||
&& maat_compile_state_has_NOT_clause(state->compile_state)) {
|
state->compile_state &&
|
||||||
|
maat_compile_state_has_NOT_clause(state->compile_state)) {
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1127,11 +1128,6 @@ static size_t group_to_compile(struct maat *maat_inst, long long *results,
|
|||||||
|
|
||||||
size_t n_hit_compile = hit_group_to_compile(compile_rt, results, n_result, state);
|
size_t n_hit_compile = hit_group_to_compile(compile_rt, results, n_result, state);
|
||||||
|
|
||||||
assert(state->is_last_scan < LAST_SCAN_FINISHED);
|
|
||||||
if (LAST_SCAN_SET == state->is_last_scan) {
|
|
||||||
state->is_last_scan = LAST_SCAN_FINISHED;
|
|
||||||
}
|
|
||||||
|
|
||||||
return n_hit_compile;
|
return n_hit_compile;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1738,7 +1734,7 @@ struct maat_state *maat_state_new(struct maat *maat_inst, int thread_id)
|
|||||||
|
|
||||||
state->maat_inst = maat_inst;
|
state->maat_inst = maat_inst;
|
||||||
state->is_set_district = DISTRICT_FLAG_UNSET;
|
state->is_set_district = DISTRICT_FLAG_UNSET;
|
||||||
state->is_last_scan = LAST_SCAN_UNSET;
|
state->compile_NOT_flag = COMPILE_NOT_UNSET;
|
||||||
state->district_id = DISTRICT_ANY;
|
state->district_id = DISTRICT_ANY;
|
||||||
state->thread_id = thread_id;
|
state->thread_id = thread_id;
|
||||||
|
|
||||||
@@ -1756,7 +1752,7 @@ void maat_state_reset(struct maat_state *state)
|
|||||||
|
|
||||||
state->compile_table_id = 0;
|
state->compile_table_id = 0;
|
||||||
state->is_set_district = DISTRICT_FLAG_UNSET;
|
state->is_set_district = DISTRICT_FLAG_UNSET;
|
||||||
state->is_last_scan = LAST_SCAN_UNSET;
|
state->compile_NOT_flag = COMPILE_NOT_UNSET;
|
||||||
state->district_id = DISTRICT_ANY;
|
state->district_id = DISTRICT_ANY;
|
||||||
state->scan_cnt = 0;
|
state->scan_cnt = 0;
|
||||||
|
|
||||||
@@ -1862,7 +1858,7 @@ int maat_state_set_scan_district(struct maat_state *state, int table_id,
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int maat_state_set_last_scan(struct maat_state *state)
|
int maat_state_enable_compile_NOT(struct maat_state *state)
|
||||||
{
|
{
|
||||||
if (NULL == state) {
|
if (NULL == state) {
|
||||||
return -1;
|
return -1;
|
||||||
@@ -1875,8 +1871,19 @@ int maat_state_set_last_scan(struct maat_state *state)
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
assert(state->is_last_scan == LAST_SCAN_UNSET);
|
assert(state->compile_NOT_flag == COMPILE_NOT_UNSET);
|
||||||
state->is_last_scan = LAST_SCAN_SET;
|
state->compile_NOT_flag = COMPILE_NOT_SET;
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
int maat_state_disable_compile_NOT(struct maat_state *state)
|
||||||
|
{
|
||||||
|
if (NULL == state) {
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
state->compile_NOT_flag = COMPILE_NOT_UNSET;
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1083,10 +1083,9 @@ static size_t compile_state_if_new_hit_compile(struct maat_compile_state *compil
|
|||||||
return r_in_c_cnt;
|
return r_in_c_cnt;
|
||||||
}
|
}
|
||||||
|
|
||||||
static size_t maat_compile_bool_matcher_match(struct compile_runtime *compile_rt,
|
size_t maat_compile_bool_matcher_match(struct compile_runtime *compile_rt, int compile_not_flag,
|
||||||
int is_last_scan, int thread_id,
|
struct maat_compile_state *compile_state, int thread_id,
|
||||||
struct maat_compile_state *compile_state,
|
void **user_data_array, size_t ud_array_size)
|
||||||
void **user_data_array, size_t ud_array_size)
|
|
||||||
{
|
{
|
||||||
size_t ud_result_cnt = 0;
|
size_t ud_result_cnt = 0;
|
||||||
struct maat_compile *compile = NULL;
|
struct maat_compile *compile = NULL;
|
||||||
@@ -1127,7 +1126,7 @@ static size_t maat_compile_bool_matcher_match(struct compile_runtime *compile_rt
|
|||||||
|
|
||||||
size_t n_new_hit_compile = compile_state_if_new_hit_compile(compile_state, compile);
|
size_t n_new_hit_compile = compile_state_if_new_hit_compile(compile_state, compile);
|
||||||
int this_scan_hit_item_flag = compile_state->this_scan_hit_item_flag;
|
int this_scan_hit_item_flag = compile_state->this_scan_hit_item_flag;
|
||||||
if ((compile->not_clause_cnt > 0) && (LAST_SCAN_UNSET == is_last_scan)) {
|
if ((compile->not_clause_cnt > 0) && (COMPILE_NOT_UNSET == compile_not_flag)) {
|
||||||
compile_state->not_clause_hit_flag = 1;
|
compile_state->not_clause_hit_flag = 1;
|
||||||
} else if (compile->user_data) {
|
} else if (compile->user_data) {
|
||||||
if (n_new_hit_compile > 0 || 0 == this_scan_hit_item_flag) {
|
if (n_new_hit_compile > 0 || 0 == this_scan_hit_item_flag) {
|
||||||
@@ -2053,12 +2052,12 @@ int compile_runtime_match(struct compile_runtime *compile_rt, long long *compile
|
|||||||
size_t compile_ids_size, struct maat_state *state)
|
size_t compile_ids_size, struct maat_state *state)
|
||||||
{
|
{
|
||||||
struct maat_compile_state *compile_state = state->compile_state;
|
struct maat_compile_state *compile_state = state->compile_state;
|
||||||
int is_last_scan = state->is_last_scan;
|
int compile_NOT_flag = state->compile_NOT_flag;
|
||||||
struct compile_item *compile_items[compile_ids_size];
|
struct compile_item *compile_items[compile_ids_size];
|
||||||
|
|
||||||
// all hit clause_id -> compile_id
|
// all hit clause_id -> compile_id
|
||||||
size_t bool_match_ret = maat_compile_bool_matcher_match(compile_rt, is_last_scan,
|
size_t bool_match_ret = maat_compile_bool_matcher_match(compile_rt, compile_NOT_flag,
|
||||||
state->thread_id, compile_state,
|
compile_state, state->thread_id,
|
||||||
(void **)compile_items,
|
(void **)compile_items,
|
||||||
compile_ids_size);
|
compile_ids_size);
|
||||||
if (bool_match_ret > 0) {
|
if (bool_match_ret > 0) {
|
||||||
|
|||||||
@@ -1732,6 +1732,7 @@ TEST_F(MaatRsStringScan, Expr8) {
|
|||||||
int n_read = 0;
|
int n_read = 0;
|
||||||
n_read = maat_state_get_hit_paths(state, hit_path, HIT_PATH_SIZE);
|
n_read = maat_state_get_hit_paths(state, hit_path, HIT_PATH_SIZE);
|
||||||
EXPECT_NE(n_read, 0);
|
EXPECT_NE(n_read, 0);
|
||||||
|
|
||||||
maat_state_free(state);
|
maat_state_free(state);
|
||||||
state = NULL;
|
state = NULL;
|
||||||
}
|
}
|
||||||
@@ -2800,7 +2801,7 @@ TEST_F(NOTLogic, OneRegion) {
|
|||||||
int table_id = maat_get_table_id(maat_inst, table_name);
|
int table_id = maat_get_table_id(maat_inst, table_name);
|
||||||
ASSERT_GT(table_id, 0);
|
ASSERT_GT(table_id, 0);
|
||||||
|
|
||||||
maat_state_set_last_scan(state);
|
maat_state_enable_compile_NOT(state);
|
||||||
int ret = maat_scan_string(maat_inst, table_id, string_should_hit, strlen(string_should_hit),
|
int ret = maat_scan_string(maat_inst, table_id, string_should_hit, strlen(string_should_hit),
|
||||||
results, ARRAY_SIZE, &n_hit_result, state);
|
results, ARRAY_SIZE, &n_hit_result, state);
|
||||||
|
|
||||||
@@ -2809,7 +2810,6 @@ TEST_F(NOTLogic, OneRegion) {
|
|||||||
EXPECT_EQ(results[0], 143);
|
EXPECT_EQ(results[0], 143);
|
||||||
maat_state_reset(state);
|
maat_state_reset(state);
|
||||||
|
|
||||||
maat_state_set_last_scan(state);
|
|
||||||
ret = maat_scan_string(maat_inst, table_id, string_should_not_hit, strlen(string_should_not_hit),
|
ret = maat_scan_string(maat_inst, table_id, string_should_not_hit, strlen(string_should_not_hit),
|
||||||
results, ARRAY_SIZE, &n_hit_result, state);
|
results, ARRAY_SIZE, &n_hit_result, state);
|
||||||
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
|
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
|
||||||
@@ -2839,7 +2839,7 @@ TEST_F(NOTLogic, ScanNotAtLast) {
|
|||||||
int not_hit_table_id = maat_get_table_id(maat_inst, not_hit_table_name);
|
int not_hit_table_id = maat_get_table_id(maat_inst, not_hit_table_name);
|
||||||
ASSERT_GT(not_hit_table_id, 0);
|
ASSERT_GT(not_hit_table_id, 0);
|
||||||
|
|
||||||
maat_state_set_last_scan(state);
|
maat_state_enable_compile_NOT(state);
|
||||||
ret = maat_scan_string(maat_inst, not_hit_table_id, string_should_not_hit, strlen(string_should_not_hit),
|
ret = maat_scan_string(maat_inst, not_hit_table_id, string_should_not_hit, strlen(string_should_not_hit),
|
||||||
results, ARRAY_SIZE, &n_hit_result, state);
|
results, ARRAY_SIZE, &n_hit_result, state);
|
||||||
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
|
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
|
||||||
@@ -2868,7 +2868,7 @@ TEST_F(NOTLogic, ScanIrrelavantAtLast) {
|
|||||||
int not_hit_table_id = maat_get_table_id(maat_inst, not_hit_table_name);
|
int not_hit_table_id = maat_get_table_id(maat_inst, not_hit_table_name);
|
||||||
ASSERT_GT(hit_table_id, 0);
|
ASSERT_GT(hit_table_id, 0);
|
||||||
|
|
||||||
maat_state_set_last_scan(state);
|
maat_state_enable_compile_NOT(state);
|
||||||
ret = maat_scan_string(maat_inst, not_hit_table_id, string_irrelevant, strlen(string_irrelevant),
|
ret = maat_scan_string(maat_inst, not_hit_table_id, string_irrelevant, strlen(string_irrelevant),
|
||||||
results, ARRAY_SIZE, &n_hit_result, state);
|
results, ARRAY_SIZE, &n_hit_result, state);
|
||||||
EXPECT_EQ(ret, MAAT_SCAN_HIT);
|
EXPECT_EQ(ret, MAAT_SCAN_HIT);
|
||||||
@@ -2913,7 +2913,7 @@ TEST_F(NOTLogic, ScanHitAtLastEmptyExpr) {
|
|||||||
int empty_table_id = maat_get_table_id(maat_inst, empty_table_name);
|
int empty_table_id = maat_get_table_id(maat_inst, empty_table_name);
|
||||||
ASSERT_GT(empty_table_id, 0);
|
ASSERT_GT(empty_table_id, 0);
|
||||||
|
|
||||||
maat_state_set_last_scan(state);
|
maat_state_enable_compile_NOT(state);
|
||||||
ret = maat_scan_string(maat_inst, empty_table_id, string_match_no_region,
|
ret = maat_scan_string(maat_inst, empty_table_id, string_match_no_region,
|
||||||
strlen(string_match_no_region), results, ARRAY_SIZE,
|
strlen(string_match_no_region), results, ARRAY_SIZE,
|
||||||
&n_hit_result, state);
|
&n_hit_result, state);
|
||||||
@@ -2958,7 +2958,7 @@ TEST_F(NOTLogic, ScanHitAtLastEmptyInteger) {
|
|||||||
int empty_table_id = maat_get_table_id(maat_inst, empty_table_name);
|
int empty_table_id = maat_get_table_id(maat_inst, empty_table_name);
|
||||||
ASSERT_GT(empty_table_id, 0);
|
ASSERT_GT(empty_table_id, 0);
|
||||||
|
|
||||||
maat_state_set_last_scan(state);
|
maat_state_enable_compile_NOT(state);
|
||||||
ret = maat_scan_integer(maat_inst, empty_table_id, 2015,
|
ret = maat_scan_integer(maat_inst, empty_table_id, 2015,
|
||||||
results, ARRAY_SIZE, &n_hit_result, state);
|
results, ARRAY_SIZE, &n_hit_result, state);
|
||||||
EXPECT_EQ(ret, MAAT_SCAN_HIT);
|
EXPECT_EQ(ret, MAAT_SCAN_HIT);
|
||||||
@@ -2993,7 +2993,7 @@ TEST_F(NOTLogic, ScanNotIP) {
|
|||||||
int not_hit_table_id = maat_get_table_id(maat_inst, not_hit_table_name);
|
int not_hit_table_id = maat_get_table_id(maat_inst, not_hit_table_name);
|
||||||
ASSERT_GT(not_hit_table_id, 0);
|
ASSERT_GT(not_hit_table_id, 0);
|
||||||
|
|
||||||
maat_state_set_last_scan(state);
|
maat_state_enable_compile_NOT(state);
|
||||||
ret = maat_scan_ipv4(maat_inst, not_hit_table_id, sip, port, proto,
|
ret = maat_scan_ipv4(maat_inst, not_hit_table_id, sip, port, proto,
|
||||||
results, ARRAY_SIZE, &n_hit_result, state);
|
results, ARRAY_SIZE, &n_hit_result, state);
|
||||||
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
|
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
|
||||||
|
|||||||
Reference in New Issue
Block a user