From f213fcbe97dde54c14a40306c011fb229e33f3c3 Mon Sep 17 00:00:00 2001 From: liuwentan Date: Wed, 12 Apr 2023 19:20:05 +0800 Subject: [PATCH] add rule count stat --- scanner/adapter_hs/adapter_hs.cpp | 18 ++++----- src/inc_internal/maat_bool_plugin.h | 2 + src/inc_internal/maat_compile.h | 3 ++ src/inc_internal/maat_expr.h | 3 ++ src/inc_internal/maat_flag.h | 2 + src/inc_internal/maat_fqdn_plugin.h | 2 + src/inc_internal/maat_group.h | 2 + src/inc_internal/maat_interval.h | 2 + src/inc_internal/maat_ip.h | 2 + src/inc_internal/maat_ip_plugin.h | 2 + src/inc_internal/maat_plugin.h | 2 + src/inc_internal/maat_table.h | 2 + src/maat_api.c | 7 ++-- src/maat_bool_plugin.c | 14 +++++-- src/maat_compile.c | 28 ++++++++++++- src/maat_expr.c | 12 +++++- src/maat_flag.c | 12 +++++- src/maat_fqdn_plugin.c | 10 +++++ src/maat_group.c | 13 +++++- src/maat_interval.c | 12 +++++- src/maat_ip.c | 12 +++++- src/maat_ip_plugin.c | 14 +++++-- src/maat_plugin.c | 14 +++++-- src/maat_rule.c | 19 +++++---- src/maat_table.c | 62 ++++++++++++++++++++++------- test/maat_framework_gtest.cpp | 43 ++++++++++++-------- 26 files changed, 246 insertions(+), 68 deletions(-) diff --git a/scanner/adapter_hs/adapter_hs.cpp b/scanner/adapter_hs/adapter_hs.cpp index 49b93a1..ba691b2 100644 --- a/scanner/adapter_hs/adapter_hs.cpp +++ b/scanner/adapter_hs/adapter_hs.cpp @@ -91,7 +91,7 @@ struct adapter_hs_stream { size_t n_expr; hs_stream_t *literal_stream; hs_stream_t *regex_stream; - struct adapter_hs_runtime *hs_rt; + struct adapter_hs_runtime *ref_hs_rt; struct matched_pattern *matched_pat; struct log_handle *logger; }; @@ -602,7 +602,7 @@ struct adapter_hs_stream *adapter_hs_stream_open(struct adapter_hs *hs_instance, hs_stream->logger = hs_instance->logger; hs_stream->thread_id = thread_id; hs_stream->n_expr = hs_instance->n_expr; - hs_stream->hs_rt = hs_instance->hs_rt; + hs_stream->ref_hs_rt = hs_instance->hs_rt; hs_stream->matched_pat = ALLOC(struct matched_pattern, 1); hs_stream->matched_pat->ref_hs_attr = hs_instance->hs_attr; hs_stream->matched_pat->n_patterns = hs_instance->n_patterns; @@ -653,7 +653,7 @@ void adapter_hs_stream_close(struct adapter_hs_stream *hs_stream) return; } - if (hs_stream->hs_rt != NULL) { + if (hs_stream->ref_hs_rt != NULL) { if (hs_stream->literal_stream != NULL) { hs_close_stream(hs_stream->literal_stream, NULL, NULL, NULL); hs_stream->literal_stream = NULL; @@ -667,7 +667,7 @@ void adapter_hs_stream_close(struct adapter_hs_stream *hs_stream) /* hs_stream->hs_rt point to hs_instance->hs_rt which will call free same as hs_attr */ - hs_stream->hs_rt = NULL; + hs_stream->ref_hs_rt = NULL; hs_stream->matched_pat->ref_hs_attr = NULL; utarray_free(hs_stream->matched_pat->pattern_ids); @@ -701,9 +701,9 @@ int adapter_hs_scan_stream(struct adapter_hs_stream *hs_stream, const char *data int err_scratch_flag = 0; if (hs_stream->literal_stream != NULL) { - if (hs_stream->hs_rt->literal_scratches != NULL) { + if (hs_stream->ref_hs_rt->literal_scratches != NULL) { err = hs_scan_stream(hs_stream->literal_stream, data, data_len, - 0, hs_stream->hs_rt->literal_scratches[thread_id], + 0, hs_stream->ref_hs_rt->literal_scratches[thread_id], matched_event_cb, hs_stream->matched_pat); if (err != HS_SUCCESS) { err_count++; @@ -716,9 +716,9 @@ int adapter_hs_scan_stream(struct adapter_hs_stream *hs_stream, const char *data } if (hs_stream->regex_stream != NULL) { - if (hs_stream->hs_rt->regex_scratches != NULL) { + if (hs_stream->ref_hs_rt->regex_scratches != NULL) { err = hs_scan_stream(hs_stream->regex_stream, data, data_len, - 0, hs_stream->hs_rt->regex_scratches[thread_id], + 0, hs_stream->ref_hs_rt->regex_scratches[thread_id], matched_event_cb, hs_stream->matched_pat); if (err != HS_SUCCESS) { err_count++; @@ -762,7 +762,7 @@ int adapter_hs_scan_stream(struct adapter_hs_stream *hs_stream, const char *data int ret = 0; struct bool_expr_match *bool_matcher_results = ALLOC(struct bool_expr_match, hs_stream->n_expr); - int bool_matcher_ret = bool_matcher_match(hs_stream->hs_rt->bm, pattern_ids, n_pattern_id, + int bool_matcher_ret = bool_matcher_match(hs_stream->ref_hs_rt->bm, pattern_ids, n_pattern_id, bool_matcher_results, hs_stream->n_expr); if (bool_matcher_ret < 0) { ret = -1; diff --git a/src/inc_internal/maat_bool_plugin.h b/src/inc_internal/maat_bool_plugin.h index ec45228..a07092a 100644 --- a/src/inc_internal/maat_bool_plugin.h +++ b/src/inc_internal/maat_bool_plugin.h @@ -46,6 +46,8 @@ int bool_plugin_runtime_update(void *bool_plugin_runtime, void *bool_plugin_sche const char *table_name, const char *line, int valid_column); int bool_plugin_runtime_commit(void *bool_plugin_runtime, const char *table_name); +long long bool_plugin_runtime_rule_count(void *bool_plugin_runtime); + struct ex_data_runtime *bool_plugin_runtime_get_ex_data_rt(void *bool_plugin_runtime); int bool_plugin_runtime_get_ex_data(void *bool_plugin_runtime, unsigned long long *item_ids, diff --git a/src/inc_internal/maat_compile.h b/src/inc_internal/maat_compile.h index c034907..9098489 100644 --- a/src/inc_internal/maat_compile.h +++ b/src/inc_internal/maat_compile.h @@ -55,6 +55,8 @@ int compile_runtime_update(void *compile_runtime, void *compile_schema, const char *table_name, const char *line, int valid_column); int compile_runtime_commit(void *compile_runtime, const char *table_name); +long long compile_runtime_rule_count(void *compile_runtime); + int compile_runtime_match(struct compile_runtime *compile_rt, long long *compile_ids, size_t compile_ids_size, struct maat_state *state); @@ -79,6 +81,7 @@ void group2compile_runtime_free(void *g2c_runtime); int group2compile_runtime_update(void *g2c_runtime, void *g2c_schema, const char *table_name, const char *line, int valid_column); +long long group2compile_runtime_rule_count(void *g2c_runtime); /* maat compile state API */ struct maat_compile_state; diff --git a/src/inc_internal/maat_expr.h b/src/inc_internal/maat_expr.h index fec75e8..2932dbb 100644 --- a/src/inc_internal/maat_expr.h +++ b/src/inc_internal/maat_expr.h @@ -37,6 +37,8 @@ int expr_runtime_update(void *expr_runtime, void *expr_schema, int valid_column); int expr_runtime_commit(void *expr_runtime, const char *table_name); +long long expr_runtime_rule_count(void *expr_runtime); + /* expr runtime scan API */ /** * @brief scan string to get hit group_ids @@ -47,6 +49,7 @@ int expr_runtime_scan(struct expr_runtime *expr_rt, int thread_id, const char *d size_t data_len, int vtable_id, struct maat_state *state); struct adapter_hs_stream *expr_runtime_stream_open(struct expr_runtime *expr_rt, int thread_id); + int expr_runtime_stream_scan(struct expr_runtime *expr_rt, struct adapter_hs_stream *s_handle, const char *data, size_t data_len, int vtable_id, struct maat_state *state); diff --git a/src/inc_internal/maat_flag.h b/src/inc_internal/maat_flag.h index 0362d13..f133fd6 100644 --- a/src/inc_internal/maat_flag.h +++ b/src/inc_internal/maat_flag.h @@ -39,6 +39,8 @@ int flag_runtime_update(void *flag_runtime, void *flag_schema, int valid_column); int flag_runtime_commit(void *flag_runtime, const char *table_name); +long long flag_runtime_rule_count(void *flag_runtime); + /* flag runtime scan API */ /** * @brief scan flag to get hit group_ids diff --git a/src/inc_internal/maat_fqdn_plugin.h b/src/inc_internal/maat_fqdn_plugin.h index ab23948..78435c7 100644 --- a/src/inc_internal/maat_fqdn_plugin.h +++ b/src/inc_internal/maat_fqdn_plugin.h @@ -48,6 +48,8 @@ int fqdn_plugin_runtime_update(void *fqdn_plugin_runtime, void *fqdn_plugin_sche const char *table_name, const char *line, int valid_column); int fqdn_plugin_runtime_commit(void *fqdn_plugin_runtime, const char *table_name); +long long fqdn_plugin_runtime_rule_count(void *fqdn_plugin_runtime); + struct ex_data_runtime *fqdn_plugin_runtime_get_ex_data_rt(void *fqdn_plugin_runtime); int fqdn_plugin_runtime_get_ex_data(void *fqdn_plugin_runtime, const char *fqdn, diff --git a/src/inc_internal/maat_group.h b/src/inc_internal/maat_group.h index 54a25fc..f4ef644 100644 --- a/src/inc_internal/maat_group.h +++ b/src/inc_internal/maat_group.h @@ -51,6 +51,8 @@ int group2group_runtime_update(void *g2g_runtime, void *g2g_schema, int valid_column); int group2group_runtime_commit(void *g2g_runtime, const char *table_name); +long long group2group_runtime_rule_count(void *g2g_runtime); + #ifdef __cplusplus } #endif diff --git a/src/inc_internal/maat_interval.h b/src/inc_internal/maat_interval.h index 1a3d6f3..c8ca956 100644 --- a/src/inc_internal/maat_interval.h +++ b/src/inc_internal/maat_interval.h @@ -37,6 +37,8 @@ int interval_runtime_update(void *interval_runtime, void *interval_schema, const char *table_name,const char *line, int valid_column); int interval_runtime_commit(void *interval_runtime, const char *table_name); +long long interval_runtime_rule_count(void *interval_runtime); + /* interval runtime scan API */ /** * @brief scan intval to get hit group_ids diff --git a/src/inc_internal/maat_ip.h b/src/inc_internal/maat_ip.h index 9b8bd22..c3df373 100644 --- a/src/inc_internal/maat_ip.h +++ b/src/inc_internal/maat_ip.h @@ -36,6 +36,8 @@ int ip_runtime_update(void *ip_runtime, void *ip_schema, int valid_column); int ip_runtime_commit(void *ip_runtime, const char *table_name); +long long ip_runtime_rule_count(void *ip_runtime); + /* ip runtime scan API */ int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type, uint8_t *ip_addr, uint16_t port, int proto, int vtable_id, diff --git a/src/inc_internal/maat_ip_plugin.h b/src/inc_internal/maat_ip_plugin.h index 8ba7710..0051af8 100644 --- a/src/inc_internal/maat_ip_plugin.h +++ b/src/inc_internal/maat_ip_plugin.h @@ -47,6 +47,8 @@ int ip_plugin_runtime_update(void *ip_plugin_runtime, void *ip_plugin_schema, const char *table_name, const char *line, int valid_column); int ip_plugin_runtime_commit(void *ip_plugin_runtime, const char *table_name); +long long ip_plugin_runtime_rule_count(void *ip_plugin_runtime); + struct ex_data_runtime *ip_plugin_runtime_get_ex_data_rt(void *ip_plugin_runtime); int ip_plugin_runtime_get_ex_data(void *ip_plugin_runtime, const struct ip_addr *ip_addr, diff --git a/src/inc_internal/maat_plugin.h b/src/inc_internal/maat_plugin.h index 0a2d172..e275995 100644 --- a/src/inc_internal/maat_plugin.h +++ b/src/inc_internal/maat_plugin.h @@ -60,6 +60,8 @@ int plugin_runtime_update(void *plugin_runtime, void *plugin_schema, int valid_column); int plugin_runtime_commit(void *plugin_runtime, const char *table_name); +long long plugin_runtime_rule_count(void *plugin_runtime); + struct ex_data_runtime *plugin_runtime_get_ex_data_rt(void *plugin_runtime); size_t plugin_runtime_cached_row_count(void *plugin_runtime); diff --git a/src/inc_internal/maat_table.h b/src/inc_internal/maat_table.h index 4c3ca33..49615da 100644 --- a/src/inc_internal/maat_table.h +++ b/src/inc_internal/maat_table.h @@ -72,6 +72,8 @@ void *table_manager_get_runtime(struct table_manager *tbl_mgr, int table_id); int table_manager_update_runtime(struct table_manager *tbl_mgr, const char *table_name, int table_id, const char *line); void table_manager_commit_runtime(struct table_manager *tbl_mgr, int table_id); +long long table_manager_runtime_rule_count(struct table_manager *tbl_mgr, int table_id); + #ifdef __cplusplus } #endif diff --git a/src/maat_api.c b/src/maat_api.c index e81ae85..560989c 100644 --- a/src/maat_api.c +++ b/src/maat_api.c @@ -45,11 +45,11 @@ struct maat_stream { struct maat *ref_maat_instance; struct adapter_hs_stream *s_handle; //each physical table open one stream - int last_full_version; + long long last_full_version; + struct log_handle *logger; int thread_id; int vtable_id; int physical_table_id; - struct log_handle *logger; }; struct maat_options* maat_options_new(void) @@ -1498,7 +1498,8 @@ int maat_stream_scan(struct maat_stream *maat_stream, const char *data, int data state->scan_cnt++; - if (maat_stream->last_full_version != maat_stream->ref_maat_instance->last_full_version) { + struct maat *maat_instance = maat_stream->ref_maat_instance; + if (maat_stream->last_full_version != maat_instance->last_full_version) { return MAAT_SCAN_OK; } diff --git a/src/maat_bool_plugin.c b/src/maat_bool_plugin.c index e4bd29f..7b88f09 100644 --- a/src/maat_bool_plugin.c +++ b/src/maat_bool_plugin.c @@ -34,9 +34,7 @@ struct bool_plugin_schema { struct bool_plugin_runtime { struct bool_matcher *matcher; struct ex_data_runtime *ex_data_rt; - - uint32_t rule_num; - + long long rule_num; struct maat_garbage_bin *ref_garbage_bin; struct log_handle *logger; }; @@ -477,6 +475,16 @@ int bool_plugin_runtime_commit(void *bool_plugin_runtime, const char *table_name return ret; } +long long bool_plugin_runtime_rule_count(void *bool_plugin_runtime) +{ + if (NULL == bool_plugin_runtime) { + return 0; + } + + struct bool_plugin_runtime *bool_plugin_rt = (struct bool_plugin_runtime *)bool_plugin_runtime; + return bool_plugin_rt->rule_num; +} + struct ex_data_runtime *bool_plugin_runtime_get_ex_data_rt(void *bool_plugin_runtime) { if (NULL == bool_plugin_runtime) { diff --git a/src/maat_compile.c b/src/maat_compile.c index fff932d..5e7c52d 100644 --- a/src/maat_compile.c +++ b/src/maat_compile.c @@ -74,7 +74,7 @@ struct compile_runtime { struct maat_runtime *ref_maat_rt; time_t version; struct maat_clause *clause_by_literals_hash; - uint32_t rule_num; + long long rule_num; int updating_flag; pthread_rwlock_t rwlock; /* TODO: replaced with mutex? */ @@ -85,6 +85,7 @@ struct compile_runtime { struct group2compile_runtime { long long not_flag_group; + long long rule_num; struct compile_runtime *ref_compile_rt; struct group2group_runtime *ref_g2g_rt; }; @@ -1541,6 +1542,9 @@ int compile_runtime_update(void *compile_runtime, void *compile_schema, compile = maat_compile_hash_find(&(compile_rt->compile_hash), compile_id); if (NULL == compile) { pthread_rwlock_unlock(&compile_rt->rwlock); + log_error(compile_rt->logger, MODULE_COMPILE, + "[%s:%d] compile table:%s has no compile_id:%lld, can't be deleted", + __FUNCTION__, __LINE__, table_name, compile_id); return -1; } @@ -1641,6 +1645,7 @@ int group2compile_runtime_update(void *g2c_runtime, void *g2c_schema, g2c_rt->not_flag_group--; } maat_group_ref_dec(group); + g2c_rt->rule_num--; } } else { //add @@ -1658,6 +1663,7 @@ int group2compile_runtime_update(void *g2c_runtime, void *g2c_schema, g2c_rt->not_flag_group++; } maat_group_ref_inc(group); + g2c_rt->rule_num++; } } @@ -1666,6 +1672,16 @@ int group2compile_runtime_update(void *g2c_runtime, void *g2c_schema, return ret; } +long long group2compile_runtime_rule_count(void *g2c_runtime) +{ + if (NULL == g2c_runtime) { + return 0; + } + + struct group2compile_runtime *g2c_rt = (struct group2compile_runtime *)g2c_runtime; + return g2c_rt->rule_num; +} + int compile_runtime_commit(void *compile_runtime, const char *table_name) { if (NULL == compile_runtime) { @@ -1713,6 +1729,16 @@ int compile_runtime_commit(void *compile_runtime, const char *table_name) return ret; } +long long compile_runtime_rule_count(void *compile_runtime) +{ + if (NULL == compile_runtime) { + return 0; + } + + struct compile_runtime *compile_rt = (struct compile_runtime *)compile_runtime; + return compile_rt->rule_num; +} + static int compile_sort_para_compare(const struct compile_sort_para *a, const struct compile_sort_para *b) { diff --git a/src/maat_expr.c b/src/maat_expr.c index c9c5f61..a9519c7 100644 --- a/src/maat_expr.c +++ b/src/maat_expr.c @@ -71,7 +71,7 @@ struct expr_runtime { struct rcu_hash_table *htable; // store hs_expr rule for rebuild adapter_hs instance struct rcu_hash_table *item_htable; // store this expr table's all maat_item which will be used in expr_runtime_scan - uint32_t rule_num; + long long rule_num; int n_worker_thread; struct maat_garbage_bin *ref_garbage_bin; struct log_handle *logger; @@ -874,6 +874,16 @@ int expr_runtime_commit(void *expr_runtime, const char *table_name) return ret; } +long long expr_runtime_rule_count(void *expr_runtime) +{ + if (NULL == expr_runtime) { + return 0; + } + + struct expr_runtime *expr_rt = (struct expr_runtime *)expr_runtime; + return expr_rt->rule_num; +} + int expr_runtime_scan(struct expr_runtime *expr_rt, int thread_id, const char *data, size_t data_len, int vtable_id, struct maat_state *state) { diff --git a/src/maat_flag.c b/src/maat_flag.c index 9ad5944..929d4c9 100644 --- a/src/maat_flag.c +++ b/src/maat_flag.c @@ -46,7 +46,7 @@ struct flag_runtime { struct flag_matcher *matcher; struct rcu_hash_table *htable; //store flag rule for rebuild flag_matcher instance struct rcu_hash_table *item_htable; //store this flag table's all maat_item which will be used in flag_runtime_scan - uint32_t rule_num; + long long rule_num; struct maat_garbage_bin *ref_garbage_bin; struct log_handle *logger; int district_num; @@ -522,6 +522,16 @@ int flag_runtime_commit(void *flag_runtime, const char *table_name) return ret; } +long long flag_runtime_rule_count(void *flag_runtime) +{ + if (NULL == flag_runtime) { + return 0; + } + + struct flag_runtime *flag_rt = (struct flag_runtime *)flag_runtime; + return flag_rt->rule_num; +} + int flag_runtime_scan(struct flag_runtime *flag_rt, int thread_id, long long flag, int vtable_id, struct maat_state *state) { diff --git a/src/maat_fqdn_plugin.c b/src/maat_fqdn_plugin.c index 6553de1..39fa403 100644 --- a/src/maat_fqdn_plugin.c +++ b/src/maat_fqdn_plugin.c @@ -472,6 +472,16 @@ int fqdn_plugin_runtime_commit(void *fqdn_plugin_runtime, const char *table_name return ret; } +long long fqdn_plugin_runtime_rule_count(void *fqdn_plugin_runtime) +{ + if (NULL == fqdn_plugin_runtime) { + return 0; + } + + struct fqdn_plugin_runtime *fqdn_plugin_rt = (struct fqdn_plugin_runtime *)fqdn_plugin_runtime; + return fqdn_plugin_rt->rule_num; +} + struct ex_data_runtime *fqdn_plugin_runtime_get_ex_data_rt(void *fqdn_plugin_runtime) { if (NULL == fqdn_plugin_runtime) { diff --git a/src/maat_group.c b/src/maat_group.c index adee629..f639285 100644 --- a/src/maat_group.c +++ b/src/maat_group.c @@ -59,8 +59,7 @@ struct maat_group_topology { struct group2group_runtime { struct maat_group_topology *group_topo; - - uint32_t rule_num; + long long rule_num; pthread_rwlock_t rwlock; struct maat_garbage_bin *ref_garbage_bin; @@ -633,6 +632,16 @@ int group2group_runtime_commit(void *g2g_runtime, const char *table_name) return 0; } +long long group2group_runtime_rule_count(void *g2g_runtime) +{ + if (NULL == g2g_runtime) { + return 0; + } + + struct group2group_runtime *g2g_rt = (struct group2group_runtime *)g2g_runtime; + return g2g_rt->rule_num; +} + int group2group_runtime_get_top_groups(void *g2g_runtime, long long *group_ids, size_t n_group_ids, long long *top_group_ids) { diff --git a/src/maat_interval.c b/src/maat_interval.c index 17530b7..1352309 100644 --- a/src/maat_interval.c +++ b/src/maat_interval.c @@ -43,7 +43,7 @@ struct interval_runtime { struct interval_matcher *matcher; struct rcu_hash_table *htable; //store interval rule for rebuild interval_matcher instance struct rcu_hash_table *item_htable; //store this interval table's all maat_item which will be used in interval_runtime_scan - uint32_t rule_num; + long long rule_num; struct maat_garbage_bin *ref_garbage_bin; struct log_handle *logger; int district_num; @@ -518,6 +518,16 @@ int interval_runtime_commit(void *interval_runtime, const char *table_name) return ret; } +long long interval_runtime_rule_count(void *interval_runtime) +{ + if (NULL == interval_runtime) { + return 0; + } + + struct interval_runtime *interval_rt = (struct interval_runtime *)interval_runtime; + return interval_rt->rule_num; +} + int interval_runtime_scan(struct interval_runtime *interval_rt, int thread_id, long long integer, int vtable_id, struct maat_state *state) { diff --git a/src/maat_ip.c b/src/maat_ip.c index d77798e..7c35682 100644 --- a/src/maat_ip.c +++ b/src/maat_ip.c @@ -69,7 +69,7 @@ struct ip_runtime { struct interval_matcher *intval_matcher; struct rcu_hash_table *htable; //store ip rule for rebuild ip_matcher instance struct rcu_hash_table *item_htable; //store this ip table's all maat_item which will be used in ip_runtime_scan - uint32_t rule_num; + long long rule_num; struct maat_garbage_bin *ref_garbage_bin; struct log_handle *logger; @@ -630,6 +630,16 @@ int ip_runtime_commit(void *ip_runtime, const char *table_name) return ret; } +long long ip_runtime_rule_count(void *ip_runtime) +{ + if (NULL == ip_runtime) { + return 0; + } + + struct ip_runtime *ip_rt = (struct ip_runtime *)ip_runtime; + return ip_rt->rule_num; +} + int validate_port(struct rcu_hash_table *htable, const char *key, size_t key_len, uint16_t port, int proto) { diff --git a/src/maat_ip_plugin.c b/src/maat_ip_plugin.c index f2f7039..914ac3b 100644 --- a/src/maat_ip_plugin.c +++ b/src/maat_ip_plugin.c @@ -39,9 +39,7 @@ struct ip_plugin_schema { struct ip_plugin_runtime { struct ip_matcher *ip_matcher; struct ex_data_runtime *ex_data_rt; - - uint32_t rule_num; - + long long rule_num; struct maat_garbage_bin *ref_garbage_bin; struct log_handle *logger; }; @@ -512,6 +510,16 @@ int ip_plugin_runtime_commit(void *ip_plugin_runtime, const char *table_name) return ret; } +long long ip_plugin_runtime_rule_count(void *ip_plugin_runtime) +{ + if (NULL == ip_plugin_runtime) { + return 0; + } + + struct ip_plugin_runtime *ip_plugin_rt = (struct ip_plugin_runtime *)ip_plugin_runtime; + return ip_plugin_rt->rule_num; +} + struct ex_data_runtime *ip_plugin_runtime_get_ex_data_rt(void *ip_plugin_runtime) { if (NULL == ip_plugin_runtime) { diff --git a/src/maat_plugin.c b/src/maat_plugin.c index 90397e1..a739fcf 100644 --- a/src/maat_plugin.c +++ b/src/maat_plugin.c @@ -31,9 +31,7 @@ struct plugin_callback_schema { struct plugin_runtime { long long acc_line_num; struct ex_data_runtime *ex_data_rt; - - uint32_t rule_num; - + long long rule_num; struct maat_garbage_bin *ref_garbage_bin; struct log_handle *logger; }; @@ -452,6 +450,16 @@ int plugin_runtime_commit(void *plugin_runtime, const char *table_name) return 0; } +long long plugin_runtime_rule_count(void *plugin_runtime) +{ + if (NULL == plugin_runtime) { + return 0; + } + + struct plugin_runtime *plugin_rt = (struct plugin_runtime *)plugin_runtime; + return plugin_rt->rule_num; +} + struct ex_data_runtime *plugin_runtime_get_ex_data_rt(void *plugin_runtime) { if (NULL == plugin_runtime) { diff --git a/src/maat_rule.c b/src/maat_rule.c index 39db5e5..92b1673 100644 --- a/src/maat_rule.c +++ b/src/maat_rule.c @@ -393,17 +393,16 @@ int maat_update_cb(const char *table_name, const char *line, void *u_param) return 0; } -uint32_t maat_runtime_rule_num(struct maat_runtime *maat_rt) +long long maat_runtime_rule_num(struct maat_runtime *maat_rt) { - uint32_t total = 0; - void *runtime = NULL; + long long total = 0; for (size_t i = 0; i < maat_rt->max_table_num; i++) { - runtime = table_manager_get_runtime(maat_rt->ref_tbl_mgr, i); - if (runtime != NULL) { - //TODO: by luis - //total += table_runtime_rule_count(runtime); - } + long long rule_cnt = table_manager_runtime_rule_count(maat_rt->ref_tbl_mgr, i); + total += rule_cnt; + if (rule_cnt != 0) { + log_info(maat_rt->logger, MODULE_MAAT_RULE, "table:%d rule count:%lld", i, rule_cnt); + } } return total; @@ -432,16 +431,16 @@ void maat_finish_cb(void *u_param) maat_plugin_table_all_callback_finish(maat_instance->tbl_mgr); if (maat_instance->creating_maat_rt != NULL) { - maat_instance->creating_maat_rt->rule_num = maat_runtime_rule_num(maat_instance->creating_maat_rt); maat_runtime_commit(maat_instance->creating_maat_rt, maat_instance->logger); + maat_instance->creating_maat_rt->rule_num = maat_runtime_rule_num(maat_instance->creating_maat_rt); log_info(maat_instance->logger, MODULE_MAAT_RULE, "Full config version %llu load %d entries complete", maat_instance->creating_maat_rt->version, maat_instance->creating_maat_rt->rule_num); } else if (maat_instance->maat_rt != NULL) { - maat_instance->maat_rt->rule_num = maat_runtime_rule_num(maat_instance->maat_rt); maat_instance->maat_rt->version = maat_instance->maat_version; maat_runtime_commit(maat_instance->maat_rt, maat_instance->logger); + maat_instance->maat_rt->rule_num = maat_runtime_rule_num(maat_instance->maat_rt); log_info(maat_instance->logger, MODULE_MAAT_RULE, "Inc config version %llu load %d entries complete", maat_instance->maat_rt->version, diff --git a/src/maat_table.c b/src/maat_table.c index baa41d6..83ef5b9 100644 --- a/src/maat_table.c +++ b/src/maat_table.c @@ -73,6 +73,8 @@ struct table_operations { int (*update_runtime)(void *runtime, void *schema, const char *table_name, const char *line, int valid_column); int (*commit_runtime)(void *runtime, const char *table_name); + + long long (*runtime_rule_count)(void *runtime); }; struct table_operations table_ops[TABLE_TYPE_MAX] = { @@ -83,7 +85,8 @@ struct table_operations table_ops[TABLE_TYPE_MAX] = { .new_runtime = flag_runtime_new, .free_runtime = flag_runtime_free, .update_runtime = flag_runtime_update, - .commit_runtime = flag_runtime_commit + .commit_runtime = flag_runtime_commit, + .runtime_rule_count = flag_runtime_rule_count }, { .type = TABLE_TYPE_FLAG_PLUS, @@ -92,7 +95,8 @@ struct table_operations table_ops[TABLE_TYPE_MAX] = { .new_runtime = flag_runtime_new, .free_runtime = flag_runtime_free, .update_runtime = flag_runtime_update, - .commit_runtime = flag_runtime_commit + .commit_runtime = flag_runtime_commit, + .runtime_rule_count = flag_runtime_rule_count }, { .type = TABLE_TYPE_EXPR, @@ -101,7 +105,8 @@ struct table_operations table_ops[TABLE_TYPE_MAX] = { .new_runtime = expr_runtime_new, .free_runtime = expr_runtime_free, .update_runtime = expr_runtime_update, - .commit_runtime = expr_runtime_commit + .commit_runtime = expr_runtime_commit, + .runtime_rule_count = expr_runtime_rule_count }, { .type = TABLE_TYPE_EXPR_PLUS, @@ -110,7 +115,8 @@ struct table_operations table_ops[TABLE_TYPE_MAX] = { .new_runtime = expr_runtime_new, .free_runtime = expr_runtime_free, .update_runtime = expr_runtime_update, - .commit_runtime = expr_runtime_commit + .commit_runtime = expr_runtime_commit, + .runtime_rule_count = expr_runtime_rule_count }, { .type = TABLE_TYPE_IP_PLUS, @@ -119,7 +125,8 @@ struct table_operations table_ops[TABLE_TYPE_MAX] = { .new_runtime = ip_runtime_new, .free_runtime = ip_runtime_free, .update_runtime = ip_runtime_update, - .commit_runtime = ip_runtime_commit + .commit_runtime = ip_runtime_commit, + .runtime_rule_count = ip_runtime_rule_count }, { .type = TABLE_TYPE_INTERVAL, @@ -128,7 +135,8 @@ struct table_operations table_ops[TABLE_TYPE_MAX] = { .new_runtime = interval_runtime_new, .free_runtime = interval_runtime_free, .update_runtime = interval_runtime_update, - .commit_runtime = interval_runtime_commit + .commit_runtime = interval_runtime_commit, + .runtime_rule_count = interval_runtime_rule_count }, { .type = TABLE_TYPE_INTERVAL_PLUS, @@ -137,7 +145,8 @@ struct table_operations table_ops[TABLE_TYPE_MAX] = { .new_runtime = interval_runtime_new, .free_runtime = interval_runtime_free, .update_runtime = interval_runtime_update, - .commit_runtime = interval_runtime_commit + .commit_runtime = interval_runtime_commit, + .runtime_rule_count = interval_runtime_rule_count }, { .type = TABLE_TYPE_PLUGIN, @@ -146,7 +155,8 @@ struct table_operations table_ops[TABLE_TYPE_MAX] = { .new_runtime = plugin_runtime_new, .free_runtime = plugin_runtime_free, .update_runtime = plugin_runtime_update, - .commit_runtime = plugin_runtime_commit + .commit_runtime = plugin_runtime_commit, + .runtime_rule_count = plugin_runtime_rule_count }, { .type = TABLE_TYPE_IP_PLUGIN, @@ -155,7 +165,8 @@ struct table_operations table_ops[TABLE_TYPE_MAX] = { .new_runtime = ip_plugin_runtime_new, .free_runtime = ip_plugin_runtime_free, .update_runtime = ip_plugin_runtime_update, - .commit_runtime = ip_plugin_runtime_commit + .commit_runtime = ip_plugin_runtime_commit, + .runtime_rule_count = ip_plugin_runtime_rule_count }, { .type = TABLE_TYPE_FQDN_PLUGIN, @@ -164,7 +175,8 @@ struct table_operations table_ops[TABLE_TYPE_MAX] = { .new_runtime = fqdn_plugin_runtime_new, .free_runtime = fqdn_plugin_runtime_free, .update_runtime = fqdn_plugin_runtime_update, - .commit_runtime = fqdn_plugin_runtime_commit + .commit_runtime = fqdn_plugin_runtime_commit, + .runtime_rule_count = fqdn_plugin_runtime_rule_count }, { .type = TABLE_TYPE_BOOL_PLUGIN, @@ -173,7 +185,8 @@ struct table_operations table_ops[TABLE_TYPE_MAX] = { .new_runtime = bool_plugin_runtime_new, .free_runtime = bool_plugin_runtime_free, .update_runtime = bool_plugin_runtime_update, - .commit_runtime = bool_plugin_runtime_commit + .commit_runtime = bool_plugin_runtime_commit, + .runtime_rule_count = bool_plugin_runtime_rule_count }, { .type = TABLE_TYPE_VIRTUAL, @@ -200,7 +213,8 @@ struct table_operations table_ops[TABLE_TYPE_MAX] = { .new_runtime = compile_runtime_new, .free_runtime = compile_runtime_free, .update_runtime = compile_runtime_update, - .commit_runtime = compile_runtime_commit + .commit_runtime = compile_runtime_commit, + .runtime_rule_count = compile_runtime_rule_count }, { .type = TABLE_TYPE_GROUP2GROUP, @@ -209,7 +223,8 @@ struct table_operations table_ops[TABLE_TYPE_MAX] = { .new_runtime = group2group_runtime_new, .free_runtime = group2group_runtime_free, .update_runtime = group2group_runtime_update, - .commit_runtime = group2group_runtime_commit + .commit_runtime = group2group_runtime_commit, + .runtime_rule_count = group2group_runtime_rule_count }, { .type = TABLE_TYPE_GROUP2COMPILE, @@ -218,7 +233,8 @@ struct table_operations table_ops[TABLE_TYPE_MAX] = { .new_runtime = group2compile_runtime_new, .free_runtime = group2compile_runtime_free, .update_runtime = group2compile_runtime_update, - .commit_runtime = NULL + .commit_runtime = NULL, + .runtime_rule_count = group2compile_runtime_rule_count } }; @@ -832,3 +848,21 @@ void table_manager_commit_runtime(struct table_manager *tbl_mgr, int table_id) table_ops[table_type].commit_runtime(runtime, ptable->table_name);; } } + +long long table_manager_runtime_rule_count(struct table_manager *tbl_mgr, int table_id) +{ + void *runtime = table_manager_get_runtime(tbl_mgr, table_id); + if (NULL == runtime) { + return 0; + } + + enum table_type table_type = table_manager_get_table_type(tbl_mgr, table_id); + if (table_type == TABLE_TYPE_INVALID) { + log_error(tbl_mgr->logger, MODULE_TABLE, + "[%s:%d] table(table_id:%d) table_type is invalid, can't update runtime", + __FUNCTION__, __LINE__, table_id); + return 0; + } + + return table_ops[table_type].runtime_rule_count(runtime); +} \ No newline at end of file diff --git a/test/maat_framework_gtest.cpp b/test/maat_framework_gtest.cpp index cd26341..fd70607 100644 --- a/test/maat_framework_gtest.cpp +++ b/test/maat_framework_gtest.cpp @@ -322,6 +322,21 @@ int del_command(struct maat *maat_instance, int compile_id) { return compile_table_set_line(maat_instance, "COMPILE", MAAT_OP_DEL, compile_id, NULL, 1, 0); } + +static void random_keyword_generate(char *keyword_buf, size_t sz) +{ +#define MIN_KEYWORD_LEN 4 + size_t i=0, len=0; + len=random()%(sz-1-MIN_KEYWORD_LEN)+MIN_KEYWORD_LEN; + for(i=0; i