gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[PATCH]patch for physical NOT clause

Browse Source
This commit is contained in:
liuwentan
2023-10-24 21:19:33 +08:00
parent d24d6c1a5f
commit edab9520bd
16 changed files with 189 additions and 183 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/inc_internal/maat_compile.h
View File

@@ -104,7 +104,7 @@ void maat_compile_state_reset(struct maat_compile_state *compile_state);
void maat_compile_state_free(struct maat_compile_state *compile_state,
struct maat *maat_instance, int thread_id);
int maat_compile_state_update(int phy_table_id, int vtable_id, struct maat_item *hit_items,
int maat_compile_state_update(int vtable_id, struct maat_item *hit_items,
size_t n_hit_item, struct maat_state *state);
size_t maat_compile_state_get_internal_hit_paths(struct maat_compile_state *compile_state,

5
src/inc_internal/maat_expr.h
View File

@@ -50,13 +50,12 @@ long long expr_runtime_get_version(void *expr_runtime);
* @retval the num of hit group_id
*/
int expr_runtime_scan(struct expr_runtime *expr_rt, int thread_id, const char *data,
size_t data_len, int phy_table_id, int vtable_id, struct maat_state *state);
size_t data_len, int vtable_id, struct maat_state *state);
struct expr_matcher_stream *expr_runtime_stream_open(struct expr_runtime *expr_rt, int thread_id);
int expr_runtime_stream_scan(struct expr_runtime *expr_rt, struct expr_matcher_stream *s_handle,
const char *data, size_t data_len, int phy_table_id, int vtable_id,
struct maat_state *state);
const char *data, size_t data_len, int vtable_id, struct maat_state *state);
void expr_runtime_stream_close(struct expr_runtime *expr_rt, int thread_id,
struct expr_matcher_stream *stream);

2
src/inc_internal/maat_flag.h
View File

@@ -48,7 +48,7 @@ long long flag_runtime_rule_count(void *flag_runtime);
* @retval the num of hit group_id
*/
int flag_runtime_scan(struct flag_runtime *flag_rt, int thread_id, long long flag,
int phy_table_id, int vtable_id, struct maat_state *state);
int vtable_id, struct maat_state *state);
int flag_runtime_set_scan_district(struct flag_runtime *flag_rt, const char *district,
size_t district_len, long long *district_id);

3
src/inc_internal/maat_interval.h
View File

@@ -47,8 +47,7 @@ long long interval_runtime_rule_count(void *interval_runtime);
* @retval the num of hit group_id
*/
int interval_runtime_scan(struct interval_runtime *interval_rt, int thread_id,
long long integer, int phy_table_id, int vtable_id,
struct maat_state *state);
long long integer, int vtable_id, struct maat_state *state);
int interval_runtime_set_scan_district(struct interval_runtime *interval_rt, const char *district,
size_t district_len, long long *district_id);

2
src/inc_internal/maat_ip.h
View File

@@ -42,7 +42,7 @@ long long ip_runtime_ipv6_rule_count(void *ip_runtime);
/* ip runtime scan API */
int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type,
uint8_t *ip_addr, uint16_t port, int proto, int phy_table_id,
uint8_t *ip_addr, uint16_t port, int proto,
int vtable_id, struct maat_state *state);
void ip_runtime_hit_inc(struct ip_runtime *ip_rt, int thread_id);

27
src/maat_api.c
View File

@@ -1043,7 +1043,7 @@ static int flag_scan(struct table_manager *tbl_mgr, int thread_id, long long fla
}
int group_hit_cnt = flag_runtime_scan((struct flag_runtime *)flag_rt, thread_id,
flag, phy_table_id, vtable_id, state);
flag, vtable_id, state);
if (group_hit_cnt <= 0) {
return group_hit_cnt;
}
@@ -1073,8 +1073,7 @@ static int interval_scan(struct table_manager *tbl_mgr, int thread_id, long long
}
int group_hit_cnt = interval_runtime_scan((struct interval_runtime *)interval_rt,
thread_id, integer, phy_table_id,
vtable_id, state);
thread_id, integer, vtable_id, state);
if (group_hit_cnt <= 0) {
return group_hit_cnt;
}
@@ -1100,8 +1099,7 @@ static int ipv4_scan(struct table_manager *tbl_mgr, int thread_id, uint32_t ip_a
}
int group_hit_cnt = ip_runtime_scan((struct ip_runtime *)ip_rt, thread_id, IPv4,
(uint8_t *)&ip_addr, port, proto, phy_table_id,
vtable_id, state);
(uint8_t *)&ip_addr, port, proto, vtable_id, state);
if (group_hit_cnt <= 0) {
return group_hit_cnt;
}
@@ -1127,8 +1125,7 @@ static int ipv6_scan(struct table_manager *tbl_mgr, int thread_id,
}
int group_hit_cnt = ip_runtime_scan((struct ip_runtime *)ip_rt, thread_id, IPv6,
ip_addr, port, proto, phy_table_id, vtable_id,
state);
ip_addr, port, proto, vtable_id, state);
if (group_hit_cnt <= 0) {
return group_hit_cnt;
}
@@ -1159,7 +1156,7 @@ static int string_scan(struct table_manager *tbl_mgr, int thread_id,
int group_hit_cnt = expr_runtime_scan((struct expr_runtime *)expr_rt,
thread_id, data, data_len,
phy_table_id, vtable_id, state);
vtable_id, state);
if (group_hit_cnt <= 0) {
return group_hit_cnt;
}
@@ -1195,8 +1192,7 @@ static int expr_stream_scan(struct maat_stream *stream, const char *data,
int group_hit_cnt = expr_runtime_stream_scan((struct expr_runtime *)expr_rt,
stream->handle, data, data_len,
stream->phy_table_id, stream->vtable_id,
state);
stream->vtable_id, state);
if (group_hit_cnt <= 0) {
return group_hit_cnt;
}
@@ -1247,7 +1243,7 @@ int maat_scan_flag(struct maat *maat_inst, int table_id,
return MAAT_SCAN_OK;
}
int vtable_id = 0;
int vtable_id = table_id;
int phy_table_id = table_id;
enum table_type table_type = TABLE_TYPE_INVALID;
@@ -1331,7 +1327,7 @@ int maat_scan_integer(struct maat *maat_inst, int table_id,
return MAAT_SCAN_OK;
}
int vtable_id = 0;
int vtable_id = table_id;
int phy_table_id = table_id;
enum table_type table_type = TABLE_TYPE_INVALID;
@@ -1415,7 +1411,7 @@ int maat_scan_ipv4(struct maat *maat_inst, int table_id, uint32_t ip_addr,
return MAAT_SCAN_OK;
}
int vtable_id = 0;
int vtable_id = table_id;
int phy_table_id = table_id;
enum table_type table_type = TABLE_TYPE_INVALID;
@@ -1500,7 +1496,7 @@ int maat_scan_ipv6(struct maat *maat_inst, int table_id,
return MAAT_SCAN_OK;
}
int vtable_id = 0;
int vtable_id = table_id;
int phy_table_id = table_id;
enum table_type table_type = TABLE_TYPE_INVALID;
@@ -1584,7 +1580,7 @@ int maat_scan_string(struct maat *maat_inst, int table_id, const char *data,
return MAAT_SCAN_OK;
}
int vtable_id = 0;
int vtable_id = table_id;
int phy_table_id = table_id;
enum table_type table_type = TABLE_TYPE_INVALID;
@@ -1659,6 +1655,7 @@ struct maat_stream *maat_stream_new(struct maat *maat_inst, int table_id,
stream->last_full_version = maat_inst->last_full_version;
stream->thread_id = state->thread_id;
stream->phy_table_id = table_id;
stream->vtable_id = table_id;
stream->logger = maat_inst->logger;
enum table_type table_type = TABLE_TYPE_INVALID;

6
src/maat_compile.c
View File

@@ -2243,7 +2243,7 @@ int compile_runtime_match(struct compile_runtime *compile_rt, long long *compile
return MIN(bool_match_ret, compile_ids_size);
}
int maat_compile_state_update(int phy_table_id, int vtable_id, struct maat_item *hit_items,
int maat_compile_state_update(int vtable_id, struct maat_item *hit_items,
size_t n_hit_item, struct maat_state *state)
{
size_t i = 0, j = 0;
@@ -2307,10 +2307,6 @@ int maat_compile_state_update(int phy_table_id, int vtable_id, struct maat_item
hit_group_ids[i], vtable_id);
}
if (vtable_id == 0) {
vtable_id = phy_table_id;
}
long long hit_NOT_group_ids[VTABLE_MAX_NOT_GROUP_NUM];
size_t hit_not_cnt = maat_compile_state_update_hit_not_clauses(state->compile_state, compile_rt,
hit_group_ids, hit_cnt, vtable_id,

9
src/maat_expr.c
View File

@@ -955,7 +955,7 @@ long long expr_runtime_get_version(void *expr_runtime)
}
int expr_runtime_scan(struct expr_runtime *expr_rt, int thread_id,
const char *data, size_t data_len, int phy_table_id,
const char *data, size_t data_len,
int vtable_id, struct maat_state *state)
{
if (0 == expr_rt->rule_num) {
@@ -1002,7 +1002,7 @@ int expr_runtime_scan(struct expr_runtime *expr_rt, int thread_id,
}
next:
return maat_compile_state_update(phy_table_id, vtable_id, hit_maat_items, real_hit_item_cnt, state);
return maat_compile_state_update(vtable_id, hit_maat_items, real_hit_item_cnt, state);
}
struct expr_matcher_stream *
@@ -1024,8 +1024,7 @@ expr_runtime_stream_open(struct expr_runtime *expr_rt, int thread_id)
int expr_runtime_stream_scan(struct expr_runtime *expr_rt,
struct expr_matcher_stream *s_handle,
const char *data, size_t data_len,
int phy_table_id, int vtable_id,
struct maat_state *state)
int vtable_id, struct maat_state *state)
{
if (0 == expr_rt->rule_num) {
//empty expr table
@@ -1065,7 +1064,7 @@ int expr_runtime_stream_scan(struct expr_runtime *expr_rt,
}
next:
return maat_compile_state_update(phy_table_id, vtable_id, hit_maat_items, real_hit_item_cnt, state);
return maat_compile_state_update(vtable_id, hit_maat_items, real_hit_item_cnt, state);
}
void expr_runtime_stream_close(struct expr_runtime *expr_rt, int thread_id,

5
src/maat_flag.c
View File

@@ -544,8 +544,7 @@ long long flag_runtime_rule_count(void *flag_runtime)
}
int flag_runtime_scan(struct flag_runtime *flag_rt, int thread_id,
long long flag, int phy_table_id, int vtable_id,
struct maat_state *state)
long long flag, int vtable_id, struct maat_state *state)
{
if (0 == flag_rt->rule_num) {
//empty flag table
@@ -589,7 +588,7 @@ int flag_runtime_scan(struct flag_runtime *flag_rt, int thread_id,
}
next:
return maat_compile_state_update(phy_table_id, vtable_id, hit_maat_items, real_hit_item_cnt, state);
return maat_compile_state_update(vtable_id, hit_maat_items, real_hit_item_cnt, state);
}
void flag_runtime_hit_inc(struct flag_runtime *flag_rt, int thread_id)

5
src/maat_interval.c
View File

@@ -545,8 +545,7 @@ long long interval_runtime_rule_count(void *interval_runtime)
}
int interval_runtime_scan(struct interval_runtime *interval_rt, int thread_id,
long long integer, int phy_table_id, int vtable_id,
struct maat_state *state)
long long integer, int vtable_id, struct maat_state *state)
{
if (0 == interval_rt->rule_num) {
//empty interval table
@@ -590,7 +589,7 @@ int interval_runtime_scan(struct interval_runtime *interval_rt, int thread_id,
}
next:
return maat_compile_state_update(phy_table_id, vtable_id, hit_maat_items, real_hit_item_cnt, state);
return maat_compile_state_update(vtable_id, hit_maat_items, real_hit_item_cnt, state);
}
void interval_runtime_hit_inc(struct interval_runtime *interval_rt, int thread_id)

4
src/maat_ip.c
View File

@@ -700,7 +700,7 @@ static int validate_port_proto(struct ip_item *item, uint16_t port, int proto)
}
int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type,
uint8_t *ip_addr, uint16_t port, int proto, int phy_table_id,
uint8_t *ip_addr, uint16_t port, int proto,
int vtable_id, struct maat_state *state)
{
if (0 == ip_rt->rule_num) {
@@ -761,7 +761,7 @@ int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type,
}
next:
return maat_compile_state_update(phy_table_id, vtable_id, hit_maat_items, real_hit_item_cnt, state);
return maat_compile_state_update(vtable_id, hit_maat_items, real_hit_item_cnt, state);
}
void ip_runtime_hit_inc(struct ip_runtime *ip_rt, int thread_id)