gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Support physical table conjunction and fix compile table conjunction bug

Browse Source
This commit is contained in:
liuwentan
2023-03-06 10:45:36 +08:00
parent 5a53edd943
commit cf5c8353e3
16 changed files with 307 additions and 127 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/inc_internal/maat_compile.h
View File

@@ -54,7 +54,7 @@ int compile_runtime_update(void *compile_runtime, void *compile_schema,
int compile_runtime_commit(void *compile_runtime, const char *table_name); int compile_runtime_commit(void *compile_runtime, const char *table_name);
int compile_runtime_match(struct compile_runtime *compile_rt, long long *compile_ids, int compile_runtime_match(struct compile_runtime *compile_rt, long long *compile_ids,
size_t compile_ids_size, struct maat_state *state); int ids_index, size_t compile_ids_size, struct maat_state *state);
size_t compile_runtime_get_hit_paths(struct compile_runtime *compile_rt, size_t compile_runtime_get_hit_paths(struct compile_runtime *compile_rt,
struct group2group_runtime *g2g_rt, struct group2group_runtime *g2g_rt,

8
src/maat_api.c
View File

@@ -915,11 +915,11 @@ static inline int scan_status_should_compile_NOT(struct maat_state *state)
return 0; return 0;
} }
size_t hit_group_to_compile(void *compile_runtime, long long *compile_ids, size_t compile_ids_size, size_t hit_group_to_compile(void *compile_runtime, long long *compile_ids, int ids_index,
struct maat_state *mid) size_t compile_ids_size, struct maat_state *mid)
{ {
size_t n_hit_compile = compile_runtime_match((struct compile_runtime *)compile_runtime, size_t n_hit_compile = compile_runtime_match((struct compile_runtime *)compile_runtime,
compile_ids, compile_ids_size, mid); compile_ids, ids_index, compile_ids_size, mid);
return n_hit_compile; return n_hit_compile;
} }
@@ -1181,7 +1181,7 @@ size_t group_to_compile(struct maat *maat_instance, long long *results, size_t n
for (size_t i = 0; i < compile_table_cnt; i++) { for (size_t i = 0; i < compile_table_cnt; i++) {
void *compile_rt = table_manager_get_runtime(maat_instance->tbl_mgr, compile_table_id[i]); void *compile_rt = table_manager_get_runtime(maat_instance->tbl_mgr, compile_table_id[i]);
size_t n_hit_compile = hit_group_to_compile(compile_rt, results, n_result, mid); size_t n_hit_compile = hit_group_to_compile(compile_rt, results, sum_hit_compile_cnt, n_result, mid);
sum_hit_compile_cnt += n_hit_compile; sum_hit_compile_cnt += n_hit_compile;
} }

8
src/maat_bool_plugin.c
View File

@@ -36,7 +36,6 @@ struct bool_plugin_runtime {
struct ex_data_runtime *ex_data_rt; struct ex_data_runtime *ex_data_rt;
uint32_t rule_num; uint32_t rule_num;
uint32_t updating_rule_num;
struct maat_garbage_bin *ref_garbage_bin; struct maat_garbage_bin *ref_garbage_bin;
struct log_handle *logger; struct log_handle *logger;
@@ -474,16 +473,15 @@ int bool_plugin_runtime_get_ex_data(void *bool_plugin_runtime, unsigned long lon
} }
struct bool_plugin_runtime *bool_plugin_rt = (struct bool_plugin_runtime *)bool_plugin_runtime; struct bool_plugin_runtime *bool_plugin_rt = (struct bool_plugin_runtime *)bool_plugin_runtime;
if (NULL == bool_plugin_rt->matcher) { if (0 == bool_plugin_rt->rule_num) {
log_info(bool_plugin_rt->logger, MODULE_BOOL_PLUGIN, return 0;
"bool_matcher is NULL, can't get ex data");
return -1;
} }
struct bool_expr_match results[n_ex_data]; struct bool_expr_match results[n_ex_data];
memset(results, 0, sizeof(results)); memset(results, 0, sizeof(results));
n_item = ull_dedup(item_ids, n_item); n_item = ull_dedup(item_ids, n_item);
assert(bool_plugin_rt->matcher != NULL);
int n_result = bool_matcher_match(bool_plugin_rt->matcher, item_ids, n_item, results, n_ex_data); int n_result = bool_matcher_match(bool_plugin_rt->matcher, item_ids, n_item, results, n_ex_data);
for (int i = 0; i < n_result; i++) { for (int i = 0; i < n_result; i++) {
ex_data_array[i] = ex_data_runtime_get_ex_data_by_container(bool_plugin_rt->ex_data_rt, ex_data_array[i] = ex_data_runtime_get_ex_data_by_container(bool_plugin_rt->ex_data_rt,

22
src/maat_compile.c
View File

@@ -74,7 +74,6 @@ struct compile_runtime {
unsigned long long clause_id_generator; unsigned long long clause_id_generator;
uint32_t rule_num; uint32_t rule_num;
uint32_t updating_rule_num;
pthread_rwlock_t rwlock; /* TODO: replaced with mutex? */ pthread_rwlock_t rwlock; /* TODO: replaced with mutex? */
struct bool_expr_match *expr_match_buff; struct bool_expr_match *expr_match_buff;
@@ -963,7 +962,7 @@ maat_compile_bool_matcher_new(struct maat_compile *compile_hash,
#if 0 #if 0
struct maat_literal_id *p = NULL; struct maat_literal_id *p = NULL;
for(p = (struct maat_literal_id *)utarray_front(compile->clause_states[i].literal_ids); p!=NULL; p=(struct maat_literal_id *)utarray_next(compile->clause_states[i].literal_ids,p)) { for(p = (struct maat_literal_id *)utarray_front(compile->clause_states[i].literal_ids); p!=NULL; p=(struct maat_literal_id *)utarray_next(compile->clause_states[i].literal_ids,p)) {
printf("<before bool_matcher_new> compile_id:%llu, clause_id:%llu, literal{%llu: %d}\n", printf("<before bool_matcher_new> compile_id:%lld, clause_id:%llu, literal{%lld: %d}\n",
compile->compile_id, compile->clause_states[i].clause_id, p->group_id, p->vtable_id); compile->compile_id, compile->clause_states[i].clause_id, p->group_id, p->vtable_id);
} }
#endif #endif
@@ -1102,17 +1101,14 @@ size_t maat_compile_bool_matcher_match(struct bool_matcher *bm, int is_last_scan
size_t n_this_scan_hit_item = compile_state->this_scan_hit_item_cnt; size_t n_this_scan_hit_item = compile_state->this_scan_hit_item_cnt;
if ((compile->not_clause_cnt > 0) && (LAST_SCAN_UNSET == is_last_scan)) { if ((compile->not_clause_cnt > 0) && (LAST_SCAN_UNSET == is_last_scan)) {
compile_state->not_clause_hitted_flag = 1; compile_state->not_clause_hitted_flag = 1;
} } else if (compile->user_data) {
if (n_new_hit_compile > 0 || 0 == n_this_scan_hit_item) {
//TODO: not_clause
if (compile->user_data) {
if (n_new_hit_compile > 0 || 0 == n_this_scan_hit_item) {
/* compile hit because of new item or /* compile hit because of new item or
hit a compile that refer a NOT-logic group in previous scan */ hit a compile that refer a NOT-logic group in previous scan */
user_data_array[ud_result_cnt] = compile->user_data; user_data_array[ud_result_cnt] = compile->user_data;
ud_result_cnt++; ud_result_cnt++;
} }
} }
} }
compile_state->this_scan_hit_item_cnt = 0; compile_state->this_scan_hit_item_cnt = 0;
@@ -1123,6 +1119,7 @@ int maat_add_group_to_compile(struct maat_compile **compile_hash, struct group2c
struct log_handle *logger) struct log_handle *logger)
{ {
int ret = -1; int ret = -1;
struct maat_compile *compile = maat_compile_hash_find(compile_hash, g2c_item->compile_id); struct maat_compile *compile = maat_compile_hash_find(compile_hash, g2c_item->compile_id);
if (!compile) { if (!compile) {
compile = maat_compile_new(g2c_item->compile_id); compile = maat_compile_new(g2c_item->compile_id);
@@ -1746,9 +1743,8 @@ static int compare_compile_rule(const void *a, const void *b)
return compile_sort_para_compare(&sa, &sb); return compile_sort_para_compare(&sa, &sb);
} }
int compile_runtime_match(struct compile_runtime *compile_rt, int compile_runtime_match(struct compile_runtime *compile_rt, long long *compile_ids,
long long *compile_ids, size_t compile_ids_size, int ids_index, size_t compile_ids_size, struct maat_state *state)
struct maat_state *state)
{ {
struct maat_compile_state *compile_state = state->compile_state; struct maat_compile_state *compile_state = state->compile_state;
int is_last_scan = state->is_last_scan; int is_last_scan = state->is_last_scan;
@@ -1767,7 +1763,7 @@ int compile_runtime_match(struct compile_runtime *compile_rt,
} }
for (size_t i = 0; i < bool_match_ret; i++) { for (size_t i = 0; i < bool_match_ret; i++) {
compile_ids[i] = compile_rules[i]->compile_id; compile_ids[ids_index + i] = compile_rules[i]->compile_id;
} }
return MIN(bool_match_ret, compile_ids_size); return MIN(bool_match_ret, compile_ids_size);

14
src/maat_expr.c
View File

@@ -77,7 +77,7 @@ struct expr_runtime {
struct group2group_runtime *ref_g2g_rt; struct group2group_runtime *ref_g2g_rt;
uint32_t rule_num; uint32_t rule_num;
uint32_t updating_rule_num;
struct maat_item *item_hash; struct maat_item *item_hash;
void (*item_user_data_free)(void *); void (*item_user_data_free)(void *);
@@ -850,9 +850,9 @@ int expr_runtime_commit(void *expr_runtime, const char *table_name)
int expr_runtime_scan(struct expr_runtime *expr_rt, int thread_id, const char *data, int expr_runtime_scan(struct expr_runtime *expr_rt, int thread_id, const char *data,
size_t data_len, int vtable_id, struct maat_state *state) size_t data_len, int vtable_id, struct maat_state *state)
{ {
if (NULL == expr_rt || thread_id < 0 || NULL == data || 0 == data_len if (0 == expr_rt->rule_num) {
|| vtable_id < 0 || NULL == state) { //empty expr table
return -1; return 0;
} }
size_t n_hit_item = 0; size_t n_hit_item = 0;
@@ -919,9 +919,9 @@ int expr_runtime_stream_open(struct expr_runtime *expr_rt, int thread_id)
int expr_runtime_stream_scan(struct expr_runtime *expr_rt, const char *data, size_t data_len, int expr_runtime_stream_scan(struct expr_runtime *expr_rt, const char *data, size_t data_len,
int vtable_id, struct maat_state *state) int vtable_id, struct maat_state *state)
{ {
if (NULL == expr_rt || NULL == data || 0 == data_len || if (0 == expr_rt->rule_num) {
vtable_id < 0 || NULL == state) { //empty expr table
return -1; return 0;
} }
size_t n_hit_item = 0; size_t n_hit_item = 0;

7
src/maat_flag.c
View File

@@ -47,7 +47,7 @@ struct flag_runtime {
struct rcu_hash_table *htable; struct rcu_hash_table *htable;
uint32_t rule_num; uint32_t rule_num;
uint32_t updating_rule_num;
struct maat_item *item_hash; struct maat_item *item_hash;
void (*item_user_data_free)(void *); void (*item_user_data_free)(void *);
@@ -450,6 +450,11 @@ int flag_runtime_commit(void *flag_runtime, const char *table_name)
int flag_runtime_scan(struct flag_runtime *flag_rt, int thread_id, int flag_runtime_scan(struct flag_runtime *flag_rt, int thread_id,
long long flag, int vtable_id, struct maat_state *state) long long flag, int vtable_id, struct maat_state *state)
{ {
if (0 == flag_rt->rule_num) {
//empty flag table
return 0;
}
struct flag_result hit_results[MAX_SCANNER_HIT_ITEM_NUM] = {0}; struct flag_result hit_results[MAX_SCANNER_HIT_ITEM_NUM] = {0};
int n_hit_item = flag_matcher_match(flag_rt->matcher, flag, int n_hit_item = flag_matcher_match(flag_rt->matcher, flag,

2
src/maat_fqdn.c
View File

@@ -26,7 +26,7 @@ struct fqdn_runtime {
struct rcu_hash_table *htable; struct rcu_hash_table *htable;
uint32_t rule_num; uint32_t rule_num;
uint32_t updating_rule_num;
struct maat_item *item_hash; struct maat_item *item_hash;
void (*item_user_data_free)(void *); void (*item_user_data_free)(void *);

8
src/maat_fqdn_plugin.c
View File

@@ -38,7 +38,6 @@ struct fqdn_plugin_runtime {
struct ex_data_runtime *ex_data_rt; struct ex_data_runtime *ex_data_rt;
uint32_t rule_num; uint32_t rule_num;
uint32_t updating_rule_num;
struct maat_garbage_bin *ref_garbage_bin; struct maat_garbage_bin *ref_garbage_bin;
struct log_handle *logger; struct log_handle *logger;
@@ -456,15 +455,14 @@ int fqdn_plugin_runtime_get_ex_data(void *fqdn_plugin_runtime, const char *query
} }
struct fqdn_plugin_runtime *fqdn_plugin_rt = (struct fqdn_plugin_runtime *)fqdn_plugin_runtime; struct fqdn_plugin_runtime *fqdn_plugin_rt = (struct fqdn_plugin_runtime *)fqdn_plugin_runtime;
if (NULL == fqdn_plugin_rt->engine) { if (0 == fqdn_plugin_rt->rule_num) {
log_info(fqdn_plugin_rt->logger, MODULE_FQDN_PLUGIN, return 0;
"fqdn_engine is NULL, can't get ex data");
return -1;
} }
struct FQDN_match results[n_ex_data]; struct FQDN_match results[n_ex_data];
memset(results, 0, sizeof(results)); memset(results, 0, sizeof(results));
assert(fqdn_plugin_rt->engine != NULL);
int n_result = FQDN_engine_search(fqdn_plugin_rt->engine, query_fqdn, strlen(query_fqdn), results, n_ex_data); int n_result = FQDN_engine_search(fqdn_plugin_rt->engine, query_fqdn, strlen(query_fqdn), results, n_ex_data);
for (int i = 0; i < n_result; i++) { for (int i = 0; i < n_result; i++) {
ex_data_array[i] = ex_data_runtime_get_ex_data_by_container(fqdn_plugin_rt->ex_data_rt, ex_data_array[i] = ex_data_runtime_get_ex_data_by_container(fqdn_plugin_rt->ex_data_rt,

1
src/maat_group.c
View File

@@ -61,7 +61,6 @@ struct group2group_runtime {
struct maat_group_topology *group_topo; struct maat_group_topology *group_topo;
uint32_t rule_num; uint32_t rule_num;
uint32_t updating_rule_num;
pthread_rwlock_t rwlock; pthread_rwlock_t rwlock;
struct maat_garbage_bin *ref_garbage_bin; struct maat_garbage_bin *ref_garbage_bin;

7
src/maat_interval.c
View File

@@ -44,7 +44,7 @@ struct interval_runtime {
struct rcu_hash_table *htable; struct rcu_hash_table *htable;
uint32_t rule_num; uint32_t rule_num;
uint32_t updating_rule_num;
struct maat_item *item_hash; struct maat_item *item_hash;
void (*item_user_data_free)(void *); void (*item_user_data_free)(void *);
@@ -447,6 +447,11 @@ int interval_runtime_commit(void *interval_runtime, const char *table_name)
int interval_runtime_scan(struct interval_runtime *interval_rt, int thread_id, int interval_runtime_scan(struct interval_runtime *interval_rt, int thread_id,
long long integer, int vtable_id, struct maat_state *state) long long integer, int vtable_id, struct maat_state *state)
{ {
if (0 == interval_rt->rule_num) {
//empty interval table
return 0;
}
struct interval_result hit_results[MAX_SCANNER_HIT_ITEM_NUM] = {0}; struct interval_result hit_results[MAX_SCANNER_HIT_ITEM_NUM] = {0};
int n_hit_item = interval_matcher_match(interval_rt->matcher, integer, int n_hit_item = interval_matcher_match(interval_rt->matcher, integer,

6
src/maat_ip.c
View File

@@ -59,7 +59,7 @@ struct ip_runtime {
struct ex_data_runtime* ex_data_rt; struct ex_data_runtime* ex_data_rt;
uint32_t rule_num; uint32_t rule_num;
uint32_t updating_rule_num;
struct maat_item *item_hash; struct maat_item *item_hash;
void (*item_user_data_free)(void *); void (*item_user_data_free)(void *);
@@ -486,6 +486,10 @@ int ip_runtime_commit(void *ip_runtime, const char *table_name)
int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type, int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type,
uint8_t *ip_addr, int vtable_id, struct maat_state *state) uint8_t *ip_addr, int vtable_id, struct maat_state *state)
{ {
if (0 == ip_rt->rule_num) {
//empty ip table
return 0;
}
int n_hit_item = 0; int n_hit_item = 0;
struct scan_result scan_results[MAX_SCANNER_HIT_ITEM_NUM] = {0}; struct scan_result scan_results[MAX_SCANNER_HIT_ITEM_NUM] = {0};

8
src/maat_ip_plugin.c
View File

@@ -42,7 +42,6 @@ struct ip_plugin_runtime {
struct ex_data_runtime *ex_data_rt; struct ex_data_runtime *ex_data_rt;
uint32_t rule_num; uint32_t rule_num;
uint32_t updating_rule_num;
struct maat_garbage_bin *ref_garbage_bin; struct maat_garbage_bin *ref_garbage_bin;
struct log_handle *logger; struct log_handle *logger;
@@ -501,10 +500,8 @@ int ip_plugin_runtime_get_ex_data(void *ip_plugin_runtime, const struct ip_addr
} }
struct ip_plugin_runtime *ip_plugin_rt = (struct ip_plugin_runtime *)ip_plugin_runtime; struct ip_plugin_runtime *ip_plugin_rt = (struct ip_plugin_runtime *)ip_plugin_runtime;
if (NULL == ip_plugin_rt->ip_matcher) { if (0 == ip_plugin_rt->rule_num) {
log_info(ip_plugin_rt->logger, MODULE_IP_PLUGIN, return 0;
"ip_matcher is NULL, can't get ex data");
return -1;
} }
struct scan_result results[n_ex_data]; struct scan_result results[n_ex_data];
@@ -517,6 +514,7 @@ int ip_plugin_runtime_get_ex_data(void *ip_plugin_runtime, const struct ip_addr
ipv6_ntoh(ip_data.ipv6); ipv6_ntoh(ip_data.ipv6);
} }
assert(ip_plugin_rt->ip_matcher != NULL);
int n_result = ip_matcher_match(ip_plugin_rt->ip_matcher, &ip_data, results, n_ex_data); int n_result = ip_matcher_match(ip_plugin_rt->ip_matcher, &ip_data, results, n_ex_data);
for (int i = 0; i < n_result; i++) { for (int i = 0; i < n_result; i++) {
ex_data_array[i] = ex_data_runtime_get_ex_data_by_container(ip_plugin_rt->ex_data_rt, ex_data_array[i] = ex_data_runtime_get_ex_data_by_container(ip_plugin_rt->ex_data_rt,

1
src/maat_plugin.c
View File

@@ -32,7 +32,6 @@ struct plugin_runtime {
struct ex_data_runtime *ex_data_rt; struct ex_data_runtime *ex_data_rt;
uint32_t rule_num; uint32_t rule_num;
uint32_t updating_rule_num;
struct maat_garbage_bin *ref_garbage_bin; struct maat_garbage_bin *ref_garbage_bin;
struct log_handle *logger; struct log_handle *logger;

52
src/maat_table.c
View File

@@ -306,17 +306,31 @@ static int register_tablename2id(cJSON *json, struct maat_kv_store *tablename2id
__FUNCTION__, __LINE__, table_id); __FUNCTION__, __LINE__, table_id);
return -1; return -1;
} }
}
}
if (strlen(item->valuestring) >= NAME_MAX) { if (strlen(tmp_item->valuestring) >= NAME_MAX) {
log_error(logger, MODULE_TABLE, log_error(logger, MODULE_TABLE,
"[%s:%d] table(table_id:%d) name %s length too long", "[%s:%d] table(table_id:%d) name %s length too long",
__FUNCTION__, __LINE__, table_id, item->valuestring); __FUNCTION__, __LINE__, table_id, tmp_item->valuestring);
return -1; return -1;
}
maat_kv_register(tablename2id_map, tmp_item->valuestring, table_id);
log_info(logger, MODULE_TABLE, "tablename[%s] -> table_id:[%d]",
tmp_item->valuestring, table_id);
}
} else {
//cJSON_String
if (strlen(item->valuestring) >= NAME_MAX) {
log_error(logger, MODULE_TABLE,
"[%s:%d] table(table_id:%d) name %s length too long",
__FUNCTION__, __LINE__, table_id, item->valuestring);
return -1;
}
maat_kv_register(tablename2id_map, item->valuestring, table_id);
log_info(logger, MODULE_TABLE, "table_name[%s] -> table_id:[%d]",
item->valuestring, table_id);
} }
maat_kv_register(tablename2id_map, item->valuestring, table_id);
return 0; return 0;
} }
@@ -341,20 +355,14 @@ struct maat_table *maat_table_new(cJSON *json, struct maat_kv_store *reserved_wo
ptable->table_id = item->valueint; ptable->table_id = item->valueint;
item = cJSON_GetObjectItem(json, "table_name"); item = cJSON_GetObjectItem(json, "table_name");
if (NULL == item || (item->type != cJSON_String && item->type != cJSON_Array)) { // already validate in register_tablename2id
log_error(logger, MODULE_TABLE, if (item->type == cJSON_Array) {
"[%s:%d] table(table_id:%d) has no table name", cJSON *tmp_item = cJSON_GetArrayItem(item, 0);
__FUNCTION__, __LINE__, ptable->table_id); memcpy(ptable->table_name, tmp_item->valuestring, strlen(tmp_item->valuestring));
goto error; } else {
//cJSON_String
memcpy(ptable->table_name, item->valuestring, strlen(item->valuestring));
} }
if (strlen(item->valuestring) >= NAME_MAX) {
log_error(logger, MODULE_TABLE,
"[%s:%d] table(table_id:%d) name %s length too long",
__FUNCTION__, __LINE__, ptable->table_id, item->valuestring);
goto error;
}
memcpy(ptable->table_name, item->valuestring, strlen(item->valuestring));
item = cJSON_GetObjectItem(json, "table_type"); item = cJSON_GetObjectItem(json, "table_type");
if (NULL == item || item->type != cJSON_String) { if (NULL == item || item->type != cJSON_String) {

224
test/maat_framework_gtest.cpp
View File

@@ -602,9 +602,8 @@ TEST_F(MaatIPScan, IPv4) {
ret = maat_scan_ipv4(g_maat_instance, table_id, 0, sip, results, ARRAY_SIZE, ret = maat_scan_ipv4(g_maat_instance, table_id, 0, sip, results, ARRAY_SIZE,
&n_hit_result, &state); &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 2); EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 169); EXPECT_EQ(results[0], 154);
EXPECT_EQ(results[1], 154);
maat_state_free(&state); maat_state_free(&state);
} }
@@ -641,9 +640,8 @@ TEST_F(MaatIPScan, dynamic_config) {
struct maat_state *state = NULL; struct maat_state *state = NULL;
ret = maat_scan_ipv4(g_maat_instance, table_id, 0, sip, results, ARRAY_SIZE, ret = maat_scan_ipv4(g_maat_instance, table_id, 0, sip, results, ARRAY_SIZE,
&n_hit_result, &state); &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(ret, MAAT_SCAN_OK);
EXPECT_EQ(n_hit_result, 1); EXPECT_EQ(n_hit_result, 0);
EXPECT_EQ(results[0], 169);
maat_state_free(&state); maat_state_free(&state);
/* add new line in GROUP2COMPILE table */ /* add new line in GROUP2COMPILE table */
@@ -680,9 +678,8 @@ TEST_F(MaatIPScan, dynamic_config) {
ret = maat_scan_ipv4(g_maat_instance, table_id, 0, sip, results, ARRAY_SIZE, ret = maat_scan_ipv4(g_maat_instance, table_id, 0, sip, results, ARRAY_SIZE,
&n_hit_result, &state); &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 2); EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 9998); EXPECT_EQ(results[0], 9998);
EXPECT_EQ(results[1], 169);
maat_state_free(&state); maat_state_free(&state);
/* del new line in IP_PLUS_CONFIG */ /* del new line in IP_PLUS_CONFIG */
@@ -778,32 +775,161 @@ protected:
} }
}; };
TEST_F(NOTLogic, ScanNotAtLast) { TEST_F(NOTLogic, OneRegion) {
const char *string_should_hit = "This string ONLY contains must-contained-string-of-rule-144."; const char *string_should_hit = "This string ONLY contains must-contained-string-of-rule-143.";
const char *string_should_not_hit = "This string contains both must-contained-string-of-rule-144 and must-not-contained-string-of-rule-144."; const char *string_should_not_hit = "This string contains both must-contained-string-of-rule-143 and must-not-contained-string-of-rule-143.";
long long results[ARRAY_SIZE] = {0}; long long results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0; size_t n_hit_result = 0;
struct maat_state *state = NULL; struct maat_state *state = NULL;
const char *hit_table_name = "HTTP_URL_LITERAL"; const char *table_name = "HTTP_URL_LITERAL";
const char *not_hit_table_name = "KEYWORDS_TABLE";
int hit_table_id = maat_get_table_id(g_maat_instance, hit_table_name);
int not_hit_table_id = maat_get_table_id(g_maat_instance, not_hit_table_name);
int ret = maat_scan_string(g_maat_instance, hit_table_id, 0, string_should_hit, strlen(string_should_hit), int table_id = maat_get_table_id(g_maat_instance, table_name);
maat_state_set_last_scan(g_maat_instance, &state);
int ret = maat_scan_string(g_maat_instance, table_id, 0, string_should_hit, strlen(string_should_hit),
results, ARRAY_SIZE, &n_hit_result, &state); results, ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1); EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 144); EXPECT_EQ(results[0], 143);
maat_state_free(&state);
maat_state_set_last_scan(g_maat_instance, &state);
ret = maat_scan_string(g_maat_instance, not_hit_table_id, 0, string_should_not_hit, strlen(string_should_not_hit), maat_state_set_last_scan(g_maat_instance, &state);
ret = maat_scan_string(g_maat_instance, table_id, 0, string_should_not_hit, strlen(string_should_not_hit),
results, ARRAY_SIZE, &n_hit_result, &state); results, ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
maat_state_free(&state); maat_state_free(&state);
} }
TEST_F(NOTLogic, ScanNotAtLast) {
const char *string_should_hit="This string ONLY contains must-contained-string-of-rule-144.";
const char *string_should_not_hit="This string contains both must-contained-string-of-rule-144 and must-not-contained-string-of-rule-144.";
long long results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0;
struct maat_state *state = NULL;
const char *hit_table_name = "HTTP_URL_LITERAL";
const char *not_hit_table_name = "KEYWORDS_TABLE";
int hit_table_id = maat_get_table_id(g_maat_instance, hit_table_name);
ASSERT_GT(hit_table_id, 0);
int ret = maat_scan_string(g_maat_instance, hit_table_id, 0, string_should_hit, strlen(string_should_hit),
results, ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
int not_hit_table_id = maat_get_table_id(g_maat_instance, not_hit_table_name);
ASSERT_GT(not_hit_table_id, 0);
maat_state_set_last_scan(g_maat_instance, &state);
ret = maat_scan_string(g_maat_instance, not_hit_table_id, 0, string_should_not_hit, strlen(string_should_not_hit),
results, ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
maat_state_free(&state);
}
TEST_F(NOTLogic, ScanIrrelavantAtLast) {
const char *string_should_hit = "This string ONLY contains must-contained-string-of-rule-144.";
const char *string_irrelevant = "This string contiains nothing to hit.";
long long results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0;
struct maat_state *state = NULL;
const char *hit_table_name = "HTTP_URL_LITERAL";
const char *not_hit_table_name = "KEYWORDS_TABLE";
int hit_table_id = maat_get_table_id(g_maat_instance, hit_table_name);
ASSERT_GT(hit_table_id, 0);
int ret = maat_scan_string(g_maat_instance, hit_table_id, 0, string_should_hit, strlen(string_should_hit),
results, ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
int not_hit_table_id = maat_get_table_id(g_maat_instance, not_hit_table_name);
ASSERT_GT(hit_table_id, 0);
maat_state_set_last_scan(g_maat_instance, &state);
ret = maat_scan_string(g_maat_instance, not_hit_table_id, 0, string_irrelevant, strlen(string_irrelevant),
results, ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 144);
maat_state_free(&state);
}
TEST_F(NOTLogic, ScanHitAtLastEmptyExpr) {
const char *string_should_not_hit = "This string should not hit.";
const char *string_match_no_region = "This string is matched against a empty table.";
long long results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0;
struct maat_state *state = NULL;
const char *not_hit_table_name = "HTTP_URL_LITERAL";
const char *hit_table_name = "IP_PLUS_CONFIG";
const char *empty_table_name = "EMPTY_KEYWORD";
int not_hit_table_id = maat_get_table_id(g_maat_instance, not_hit_table_name);
ASSERT_GT(not_hit_table_id, 0);
int ret = maat_scan_string(g_maat_instance, not_hit_table_id, 0, string_should_not_hit, strlen(string_should_not_hit),
results, ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
uint32_t sip;
inet_pton(AF_INET, "10.0.8.186", &sip);
int hit_table_id = maat_get_table_id(g_maat_instance, hit_table_name);
ASSERT_GT(hit_table_id, 0);
ret = maat_scan_ipv4(g_maat_instance, hit_table_id, 0, sip,
results, ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
int empty_table_id = maat_get_table_id(g_maat_instance, empty_table_name);
ASSERT_GT(empty_table_id, 0);
maat_state_set_last_scan(g_maat_instance, &state);
ret = maat_scan_string(g_maat_instance, empty_table_id, 0, string_match_no_region, strlen(string_match_no_region),
results, ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 186);
maat_state_free(&state);
}
TEST_F(NOTLogic, ScanHitAtLastEmptyInteger) {
const char *string_should_not_hit = "This string should not hit.";
long long results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0;
struct maat_state *state = NULL;
const char *not_hit_table_name = "HTTP_URL_LITERAL";
const char *hit_table_name = "IP_PLUS_CONFIG";
const char *empty_table_name = "EMPTY_INTERGER";
int not_hit_table_id = maat_get_table_id(g_maat_instance, not_hit_table_name);
ASSERT_GT(not_hit_table_id, 0);
int ret = maat_scan_string(g_maat_instance, not_hit_table_id, 0, string_should_not_hit, strlen(string_should_not_hit),
results, ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
uint32_t sip;
inet_pton(AF_INET, "10.0.8.187", &sip);
int hit_table_id = maat_get_table_id(g_maat_instance, hit_table_name);
ASSERT_GT(hit_table_id, 0);
ret = maat_scan_ipv4(g_maat_instance, hit_table_id, 0, sip,
results, ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
int empty_table_id = maat_get_table_id(g_maat_instance, empty_table_name);
ASSERT_GT(empty_table_id, 0);
maat_state_set_last_scan(g_maat_instance, &state);
ret = maat_scan_integer(g_maat_instance, empty_table_id, 0, 2015,
results, ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(results[0], 187);
maat_state_free(&state);
}
void maat_read_entry_start_cb(int update_type, void *u_para) void maat_read_entry_start_cb(int update_type, void *u_para)
{ {
@@ -1301,6 +1427,27 @@ TEST_F(CompileTable, CompileRuleUpdate) {
EXPECT_EQ(ret, 1); EXPECT_EQ(ret, 1);
} }
TEST_F(CompileTable, Conjunction) {
long long results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0;
struct maat_state *state = NULL;
const char *scan_data = "i.ytimg.com/vi/OtCNcustg_I/hqdefault.jpg?sqp=-oaymwEZCNACELwBSFXyq4qpAwsIARUAAIhCGAFwAQ==&rs=AOn4CLDOp_5fHMaCA9XZuJdCRv4DNDorMg";
const char *table_name = "HTTP_URL_LITERAL";
const char *compile_tables[2] = {"COMPILE", "COMPILE_ALIAS"};
int table_id = maat_get_table_id(g_maat_instance, table_name);
ASSERT_GT(table_id, 0);
maat_state_set_scan_compile_tables(g_maat_instance, &state, compile_tables, 2);
int ret = maat_scan_string(g_maat_instance, table_id, 0, scan_data, strlen(scan_data),
results, ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 2);
EXPECT_EQ(results[0], 197);
EXPECT_EQ(results[1], 141);
maat_state_free(&state);
}
class Policy : public testing::Test class Policy : public testing::Test
{ {
protected: protected:
@@ -1471,6 +1618,41 @@ TEST_F(Policy, ReadColumn) {
EXPECT_EQ(0, strncmp(tmp, line+offset, len)); EXPECT_EQ(0, strncmp(tmp, line+offset, len));
} }
class TableInfo : public testing::Test
{
protected:
static void SetUpTestCase() {
}
static void TearDownTestCase() {
}
};
TEST_F(TableInfo, Conjunction) {
long long results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0;
struct maat_state *state = NULL;
const char *scan_data = "soq is using table conjunction function.http://www.3300av.com/novel/27122.txt";
const char *table_name = "HTTP_URL_LITERAL";
const char *conj_table_name = "HTTP_HOST_LITERAL";
int table_id = maat_get_table_id(g_maat_instance, table_name);
ASSERT_GT(table_id, 0);
int conj_table_id = maat_get_table_id(g_maat_instance, conj_table_name);
ASSERT_GT(conj_table_id, 0);
int ret = maat_scan_string(g_maat_instance, conj_table_id, 0, scan_data, strlen(scan_data),
results, ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 2);
EXPECT_EQ(results[0], 134);
EXPECT_EQ(results[1], 133);
maat_state_free(&state);
}
class MaatCmdTest : public testing::Test class MaatCmdTest : public testing::Test
{ {
protected: protected:

64
test/maat_json.json
View File

@@ -1541,44 +1541,6 @@
} }
] ]
}, },
{
"compile_id": 169,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "IPScan.IPv4_Any",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_type": "ip_plus",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"addr_type": "ipv4",
"saddr_format": "CIDR",
"src_ip1": "0.0.0.0",
"src_ip2": "0",
"sport_format": "mask",
"src_port1": "20304",
"src_port2": "65535",
"daddr_format": "CIDR",
"dst_ip1": "0.0.0.0",
"dst_ip2": "0",
"dport_format": "range",
"dst_port1": "0",
"dst_port2": "0",
"protocol": 6,
"direction": "single"
}
}
],
"not_flag" : 0
}
]
},
{ {
"compile_id": 170, "compile_id": 170,
"service": 0, "service": 0,
@@ -2434,6 +2396,32 @@
] ]
} }
] ]
},
{
"compile_id": 197,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "Something:I\\bhave\\ba\\bname,8866",
"is_valid": "yes",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "HTTP_URL_LITERAL",
"table_type": "expr",
"table_content": {
"keywords": "hqdefault.jpg",
"expr_type": "none",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
} }
], ],
"plugin_table": [ "plugin_table": [