add rule count stat

scanner/adapter_hs/adapter_hs.cpp

@@ -91,7 +91,7 @@ struct adapter_hs_stream {
     size_t n_expr;
     hs_stream_t *literal_stream;
     hs_stream_t *regex_stream;
-    struct adapter_hs_runtime *hs_rt;
+    struct adapter_hs_runtime *ref_hs_rt;
     struct matched_pattern *matched_pat;
     struct log_handle *logger;
 };
@@ -602,7 +602,7 @@ struct adapter_hs_stream *adapter_hs_stream_open(struct adapter_hs *hs_instance,
     hs_stream->logger = hs_instance->logger;
     hs_stream->thread_id = thread_id;
     hs_stream->n_expr = hs_instance->n_expr;
-    hs_stream->hs_rt = hs_instance->hs_rt;
+    hs_stream->ref_hs_rt = hs_instance->hs_rt;
     hs_stream->matched_pat = ALLOC(struct matched_pattern, 1);
     hs_stream->matched_pat->ref_hs_attr = hs_instance->hs_attr;
     hs_stream->matched_pat->n_patterns = hs_instance->n_patterns;
@@ -653,7 +653,7 @@ void adapter_hs_stream_close(struct adapter_hs_stream *hs_stream)
         return;
     }
 
-    if (hs_stream->hs_rt != NULL) {
+    if (hs_stream->ref_hs_rt != NULL) {
         if (hs_stream->literal_stream != NULL) {
             hs_close_stream(hs_stream->literal_stream, NULL, NULL, NULL);
             hs_stream->literal_stream = NULL;
@@ -667,7 +667,7 @@ void adapter_hs_stream_close(struct adapter_hs_stream *hs_stream)
 
     /* hs_stream->hs_rt point to hs_instance->hs_rt which will call free 
         same as hs_attr */
-    hs_stream->hs_rt = NULL;
+    hs_stream->ref_hs_rt = NULL;
     hs_stream->matched_pat->ref_hs_attr = NULL;
     utarray_free(hs_stream->matched_pat->pattern_ids);
 
@@ -701,9 +701,9 @@ int adapter_hs_scan_stream(struct adapter_hs_stream *hs_stream, const char *data
 
     int err_scratch_flag = 0;
     if (hs_stream->literal_stream != NULL) {
-        if (hs_stream->hs_rt->literal_scratches != NULL) {
+        if (hs_stream->ref_hs_rt->literal_scratches != NULL) {
             err = hs_scan_stream(hs_stream->literal_stream, data, data_len,
-                                 0, hs_stream->hs_rt->literal_scratches[thread_id],
+                                 0, hs_stream->ref_hs_rt->literal_scratches[thread_id],
                                  matched_event_cb, hs_stream->matched_pat);
             if (err != HS_SUCCESS) {
                 err_count++;
@@ -716,9 +716,9 @@ int adapter_hs_scan_stream(struct adapter_hs_stream *hs_stream, const char *data
     }
 
     if (hs_stream->regex_stream != NULL) {
-        if (hs_stream->hs_rt->regex_scratches != NULL) {
+        if (hs_stream->ref_hs_rt->regex_scratches != NULL) {
             err = hs_scan_stream(hs_stream->regex_stream, data, data_len,
-                                 0, hs_stream->hs_rt->regex_scratches[thread_id],
+                                 0, hs_stream->ref_hs_rt->regex_scratches[thread_id],
                                  matched_event_cb, hs_stream->matched_pat);
             if (err != HS_SUCCESS) {
                 err_count++;
@@ -762,7 +762,7 @@ int adapter_hs_scan_stream(struct adapter_hs_stream *hs_stream, const char *data
 
     int ret = 0;
     struct bool_expr_match *bool_matcher_results = ALLOC(struct bool_expr_match, hs_stream->n_expr);
-    int bool_matcher_ret = bool_matcher_match(hs_stream->hs_rt->bm, pattern_ids, n_pattern_id,
+    int bool_matcher_ret = bool_matcher_match(hs_stream->ref_hs_rt->bm, pattern_ids, n_pattern_id,
                                               bool_matcher_results, hs_stream->n_expr);
     if (bool_matcher_ret < 0) {
         ret = -1;

src/inc_internal/maat_bool_plugin.h

@@ -46,6 +46,8 @@ int bool_plugin_runtime_update(void *bool_plugin_runtime, void *bool_plugin_sche
                                 const char *table_name, const char *line, int valid_column);
 int bool_plugin_runtime_commit(void *bool_plugin_runtime, const char *table_name);
 
+long long bool_plugin_runtime_rule_count(void *bool_plugin_runtime);
+
 struct ex_data_runtime *bool_plugin_runtime_get_ex_data_rt(void *bool_plugin_runtime);
 
 int bool_plugin_runtime_get_ex_data(void *bool_plugin_runtime, unsigned long long *item_ids, 

src/inc_internal/maat_compile.h

@@ -55,6 +55,8 @@ int compile_runtime_update(void *compile_runtime, void *compile_schema,
                            const char *table_name, const char *line, int valid_column);
 int compile_runtime_commit(void *compile_runtime, const char *table_name);
 
+long long compile_runtime_rule_count(void *compile_runtime);
+
 int compile_runtime_match(struct compile_runtime *compile_rt, long long *compile_ids,
                           size_t compile_ids_size, struct maat_state *state);
 
@@ -79,6 +81,7 @@ void group2compile_runtime_free(void *g2c_runtime);
 int group2compile_runtime_update(void *g2c_runtime, void *g2c_schema,
                                  const char *table_name, const char *line, 
                                 int valid_column);
+long long group2compile_runtime_rule_count(void *g2c_runtime);
 
 /* maat compile state API */
 struct maat_compile_state;

src/inc_internal/maat_expr.h

@@ -37,6 +37,8 @@ int expr_runtime_update(void *expr_runtime, void *expr_schema,
                          int valid_column);
 int expr_runtime_commit(void *expr_runtime, const char *table_name);
 
+long long expr_runtime_rule_count(void *expr_runtime);
+
 /* expr runtime scan API */
 /**
  * @brief scan string to get hit group_ids
@@ -47,6 +49,7 @@ int expr_runtime_scan(struct expr_runtime *expr_rt, int thread_id, const char *d
                       size_t data_len, int vtable_id, struct maat_state *state);
 
 struct adapter_hs_stream *expr_runtime_stream_open(struct expr_runtime *expr_rt, int thread_id);
+
 int expr_runtime_stream_scan(struct expr_runtime *expr_rt, struct adapter_hs_stream *s_handle, 
                              const char *data, size_t data_len,
                              int vtable_id, struct maat_state *state);

src/inc_internal/maat_flag.h

@@ -39,6 +39,8 @@ int flag_runtime_update(void *flag_runtime, void *flag_schema,
                          int valid_column);
 int flag_runtime_commit(void *flag_runtime, const char *table_name);
 
+long long flag_runtime_rule_count(void *flag_runtime);
+
 /* flag runtime scan API */
 /**
  * @brief scan flag to get hit group_ids

src/inc_internal/maat_fqdn_plugin.h

@@ -48,6 +48,8 @@ int fqdn_plugin_runtime_update(void *fqdn_plugin_runtime, void *fqdn_plugin_sche
                                 const char *table_name, const char *line, int valid_column);
 int fqdn_plugin_runtime_commit(void *fqdn_plugin_runtime, const char *table_name);
 
+long long fqdn_plugin_runtime_rule_count(void *fqdn_plugin_runtime);
+
 struct ex_data_runtime *fqdn_plugin_runtime_get_ex_data_rt(void *fqdn_plugin_runtime);
 
 int fqdn_plugin_runtime_get_ex_data(void *fqdn_plugin_runtime, const char *fqdn, 

src/inc_internal/maat_group.h

@@ -51,6 +51,8 @@ int group2group_runtime_update(void *g2g_runtime, void *g2g_schema,
                                 int valid_column);			   
 int group2group_runtime_commit(void *g2g_runtime, const char *table_name);
 
+long long group2group_runtime_rule_count(void *g2g_runtime);
+
 #ifdef __cplusplus
 }
 #endif

src/inc_internal/maat_interval.h

@@ -37,6 +37,8 @@ int interval_runtime_update(void *interval_runtime, void *interval_schema,
                             const char *table_name,const char *line, int valid_column);
 int interval_runtime_commit(void *interval_runtime, const char *table_name);
 
+long long interval_runtime_rule_count(void *interval_runtime);
+
 /* interval runtime scan API */
 /**
  * @brief scan intval to get hit group_ids

src/inc_internal/maat_ip.h

@@ -36,6 +36,8 @@ int ip_runtime_update(void *ip_runtime, void *ip_schema,
                       int valid_column);
 int ip_runtime_commit(void *ip_runtime, const char *table_name);
 
+long long ip_runtime_rule_count(void *ip_runtime);
+
 /* ip runtime scan API */
 int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type, 
                     uint8_t *ip_addr, uint16_t port, int proto, int vtable_id, 

src/inc_internal/maat_ip_plugin.h

@@ -47,6 +47,8 @@ int ip_plugin_runtime_update(void *ip_plugin_runtime, void *ip_plugin_schema,
                              const char *table_name, const char *line, int valid_column);
 int ip_plugin_runtime_commit(void *ip_plugin_runtime, const char *table_name);
 
+long long ip_plugin_runtime_rule_count(void *ip_plugin_runtime);
+
 struct ex_data_runtime *ip_plugin_runtime_get_ex_data_rt(void *ip_plugin_runtime);
 
 int ip_plugin_runtime_get_ex_data(void *ip_plugin_runtime, const struct ip_addr *ip_addr, 

src/inc_internal/maat_plugin.h

@@ -60,6 +60,8 @@ int plugin_runtime_update(void *plugin_runtime, void *plugin_schema,
                           int valid_column);
 int plugin_runtime_commit(void *plugin_runtime, const char *table_name);
 
+long long plugin_runtime_rule_count(void *plugin_runtime);
+
 struct ex_data_runtime *plugin_runtime_get_ex_data_rt(void *plugin_runtime);
 
 size_t plugin_runtime_cached_row_count(void *plugin_runtime);

src/inc_internal/maat_table.h

@@ -72,6 +72,8 @@ void *table_manager_get_runtime(struct table_manager *tbl_mgr, int table_id);
 int table_manager_update_runtime(struct table_manager *tbl_mgr, const char *table_name, int table_id, const char *line);
 void table_manager_commit_runtime(struct table_manager *tbl_mgr, int table_id);
 
+long long table_manager_runtime_rule_count(struct table_manager *tbl_mgr, int table_id);
+
 #ifdef __cplusplus
 }
 #endif

src/maat_api.c

@@ -45,11 +45,11 @@
 struct maat_stream {
     struct maat *ref_maat_instance;
     struct adapter_hs_stream *s_handle; //each physical table open one stream
-    int last_full_version;
+    long long last_full_version;
+    struct log_handle *logger;
     int thread_id;
     int vtable_id;
     int physical_table_id;
-    struct log_handle *logger;
 };
 
 struct maat_options* maat_options_new(void)
@@ -1498,7 +1498,8 @@ int maat_stream_scan(struct maat_stream *maat_stream, const char *data, int data
 
     state->scan_cnt++;
 
-    if (maat_stream->last_full_version != maat_stream->ref_maat_instance->last_full_version) {
+    struct maat *maat_instance = maat_stream->ref_maat_instance;
+    if (maat_stream->last_full_version != maat_instance->last_full_version) {
         return MAAT_SCAN_OK;
     }
 

src/maat_bool_plugin.c

@@ -34,9 +34,7 @@ struct bool_plugin_schema {
 struct bool_plugin_runtime {
     struct bool_matcher *matcher;
     struct ex_data_runtime *ex_data_rt;
-
+    long long rule_num;
-    uint32_t rule_num;
-
     struct maat_garbage_bin *ref_garbage_bin;
     struct log_handle *logger;
 };
@@ -477,6 +475,16 @@ int bool_plugin_runtime_commit(void *bool_plugin_runtime, const char *table_name
     return ret;
 }
 
+long long bool_plugin_runtime_rule_count(void *bool_plugin_runtime)
+{
+    if (NULL == bool_plugin_runtime) {
+        return 0;
+    }
+    
+    struct bool_plugin_runtime *bool_plugin_rt = (struct bool_plugin_runtime *)bool_plugin_runtime;
+    return bool_plugin_rt->rule_num;
+}
+
 struct ex_data_runtime *bool_plugin_runtime_get_ex_data_rt(void *bool_plugin_runtime)
 {
     if (NULL == bool_plugin_runtime) {

src/maat_compile.c

@@ -74,7 +74,7 @@ struct compile_runtime {
     struct maat_runtime *ref_maat_rt;
     time_t version;
     struct maat_clause *clause_by_literals_hash;
-    uint32_t rule_num;
+    long long rule_num;
     int updating_flag;
     pthread_rwlock_t rwlock; /* TODO: replaced with mutex? */
 
@@ -85,6 +85,7 @@ struct compile_runtime {
 
 struct group2compile_runtime {
     long long not_flag_group;
+    long long rule_num;
     struct compile_runtime *ref_compile_rt;
     struct group2group_runtime *ref_g2g_rt;
 };
@@ -1541,6 +1542,9 @@ int compile_runtime_update(void *compile_runtime, void *compile_schema,
         compile = maat_compile_hash_find(&(compile_rt->compile_hash), compile_id);
         if (NULL == compile) {
             pthread_rwlock_unlock(&compile_rt->rwlock);
+            log_error(compile_rt->logger, MODULE_COMPILE,
+                      "[%s:%d] compile table:%s has no compile_id:%lld, can't be deleted",
+                      __FUNCTION__, __LINE__, table_name, compile_id);
             return -1;
         }
 
@@ -1641,6 +1645,7 @@ int group2compile_runtime_update(void *g2c_runtime, void *g2c_schema,
                 g2c_rt->not_flag_group--;
             }
             maat_group_ref_dec(group);
+            g2c_rt->rule_num--;
         }
     } else {
         //add
@@ -1658,6 +1663,7 @@ int group2compile_runtime_update(void *g2c_runtime, void *g2c_schema,
                 g2c_rt->not_flag_group++;
             }
             maat_group_ref_inc(group);
+            g2c_rt->rule_num++;
         }
     }
     
@@ -1666,6 +1672,16 @@ int group2compile_runtime_update(void *g2c_runtime, void *g2c_schema,
     return ret;
 }
 
+long long group2compile_runtime_rule_count(void *g2c_runtime)
+{
+    if (NULL == g2c_runtime) {
+        return 0;
+    }
+    
+    struct group2compile_runtime *g2c_rt = (struct group2compile_runtime *)g2c_runtime;
+    return g2c_rt->rule_num;
+}
+
 int compile_runtime_commit(void *compile_runtime, const char *table_name)
 {
     if (NULL == compile_runtime) {
@@ -1713,6 +1729,16 @@ int compile_runtime_commit(void *compile_runtime, const char *table_name)
     return ret;
 }
 
+long long compile_runtime_rule_count(void *compile_runtime)
+{
+    if (NULL == compile_runtime) {
+        return 0;
+    }
+    
+    struct compile_runtime *compile_rt = (struct compile_runtime *)compile_runtime;
+    return compile_rt->rule_num;
+}
+
 static int compile_sort_para_compare(const struct compile_sort_para *a,
                                      const struct compile_sort_para *b)
 {

src/maat_expr.c

@@ -71,7 +71,7 @@ struct expr_runtime {
     struct rcu_hash_table *htable;      // store hs_expr rule for rebuild adapter_hs instance
     struct rcu_hash_table *item_htable; // store this expr table's all maat_item which will be used in expr_runtime_scan
 
-    uint32_t rule_num;
+    long long rule_num;
     int n_worker_thread;
     struct maat_garbage_bin *ref_garbage_bin;
     struct log_handle *logger;
@@ -874,6 +874,16 @@ int expr_runtime_commit(void *expr_runtime, const char *table_name)
     return ret;
 }
 
+long long expr_runtime_rule_count(void *expr_runtime)
+{
+    if (NULL == expr_runtime) {
+        return 0;
+    }
+    
+    struct expr_runtime *expr_rt = (struct expr_runtime *)expr_runtime;
+    return expr_rt->rule_num;
+}
+
 int expr_runtime_scan(struct expr_runtime *expr_rt, int thread_id, const char *data, 
                       size_t data_len, int vtable_id, struct maat_state *state)
 {

src/maat_flag.c

@@ -46,7 +46,7 @@ struct flag_runtime {
     struct flag_matcher *matcher;
     struct rcu_hash_table *htable;       //store flag rule for rebuild flag_matcher instance
     struct rcu_hash_table *item_htable;  //store this flag table's all maat_item which will be used in flag_runtime_scan
-    uint32_t rule_num;
+    long long rule_num;
     struct maat_garbage_bin *ref_garbage_bin;
     struct log_handle *logger;
     int district_num;
@@ -522,6 +522,16 @@ int flag_runtime_commit(void *flag_runtime, const char *table_name)
     return ret;
 }
 
+long long flag_runtime_rule_count(void *flag_runtime)
+{
+    if (NULL == flag_runtime) {
+        return 0;
+    }
+    
+    struct flag_runtime *flag_rt = (struct flag_runtime *)flag_runtime;
+    return flag_rt->rule_num;
+}
+
 int flag_runtime_scan(struct flag_runtime *flag_rt, int thread_id, 
                       long long flag, int vtable_id, struct maat_state *state)
 {

src/maat_fqdn_plugin.c

@@ -472,6 +472,16 @@ int fqdn_plugin_runtime_commit(void *fqdn_plugin_runtime, const char *table_name
     return ret;
 }
 
+long long fqdn_plugin_runtime_rule_count(void *fqdn_plugin_runtime)
+{
+    if (NULL == fqdn_plugin_runtime) {
+        return 0;
+    }
+    
+    struct fqdn_plugin_runtime *fqdn_plugin_rt = (struct fqdn_plugin_runtime *)fqdn_plugin_runtime;
+    return fqdn_plugin_rt->rule_num;
+}
+
 struct ex_data_runtime *fqdn_plugin_runtime_get_ex_data_rt(void *fqdn_plugin_runtime)
 {
     if (NULL == fqdn_plugin_runtime) {

src/maat_group.c

@@ -59,8 +59,7 @@ struct maat_group_topology {
 
 struct group2group_runtime {
     struct maat_group_topology *group_topo;
-
+	long long rule_num;
-	uint32_t rule_num;
 
     pthread_rwlock_t rwlock;
     struct maat_garbage_bin *ref_garbage_bin;
@@ -633,6 +632,16 @@ int group2group_runtime_commit(void *g2g_runtime, const char *table_name)
     return 0;
 }
 
+long long group2group_runtime_rule_count(void *g2g_runtime)
+{
+    if (NULL == g2g_runtime) {
+        return 0;
+    }
+    
+    struct group2group_runtime *g2g_rt = (struct group2group_runtime *)g2g_runtime;
+    return g2g_rt->rule_num;
+}
+
 int group2group_runtime_get_top_groups(void *g2g_runtime, long long *group_ids, 
                                        size_t n_group_ids, long long *top_group_ids)
 {

src/maat_interval.c

@@ -43,7 +43,7 @@ struct interval_runtime {
     struct interval_matcher *matcher;
     struct rcu_hash_table *htable;       //store interval rule for rebuild interval_matcher instance
     struct rcu_hash_table *item_htable;  //store this interval table's all maat_item which will be used in interval_runtime_scan
-    uint32_t rule_num;
+    long long rule_num;
     struct maat_garbage_bin *ref_garbage_bin;
     struct log_handle *logger;
     int district_num;
@@ -518,6 +518,16 @@ int interval_runtime_commit(void *interval_runtime, const char *table_name)
     return ret;
 }
 
+long long interval_runtime_rule_count(void *interval_runtime)
+{
+    if (NULL == interval_runtime) {
+        return 0;
+    }
+    
+    struct interval_runtime *interval_rt = (struct interval_runtime *)interval_runtime;
+    return interval_rt->rule_num;
+}
+
 int interval_runtime_scan(struct interval_runtime *interval_rt, int thread_id, 
                           long long integer, int vtable_id, struct maat_state *state)
 {

src/maat_ip.c

@@ -69,7 +69,7 @@ struct ip_runtime {
     struct interval_matcher *intval_matcher;
     struct rcu_hash_table *htable; //store ip rule for rebuild ip_matcher instance
     struct rcu_hash_table *item_htable;  //store this ip table's all maat_item which will be used in ip_runtime_scan
-    uint32_t rule_num;
+    long long rule_num;
     struct maat_garbage_bin *ref_garbage_bin;
     struct log_handle *logger;
 
@@ -630,6 +630,16 @@ int ip_runtime_commit(void *ip_runtime, const char *table_name)
     return ret;
 }
 
+long long ip_runtime_rule_count(void *ip_runtime)
+{
+    if (NULL == ip_runtime) {
+        return 0;
+    }
+    
+    struct ip_runtime *ip_rt = (struct ip_runtime *)ip_runtime;
+    return ip_rt->rule_num;
+}
+
 int validate_port(struct rcu_hash_table *htable, const char *key, size_t key_len,
                   uint16_t port, int proto)
 {

src/maat_ip_plugin.c

@@ -39,9 +39,7 @@ struct ip_plugin_schema {
 struct ip_plugin_runtime {
 	struct ip_matcher *ip_matcher;
     struct ex_data_runtime *ex_data_rt;
-
+    long long rule_num;
-    uint32_t rule_num;
-
     struct maat_garbage_bin *ref_garbage_bin;
     struct log_handle *logger;
 };
@@ -512,6 +510,16 @@ int ip_plugin_runtime_commit(void *ip_plugin_runtime, const char *table_name)
     return ret;
 }
 
+long long ip_plugin_runtime_rule_count(void *ip_plugin_runtime)
+{
+    if (NULL == ip_plugin_runtime) {
+        return 0;
+    }
+    
+    struct ip_plugin_runtime *ip_plugin_rt = (struct ip_plugin_runtime *)ip_plugin_runtime;
+    return ip_plugin_rt->rule_num;
+}
+
 struct ex_data_runtime *ip_plugin_runtime_get_ex_data_rt(void *ip_plugin_runtime)
 {
     if (NULL == ip_plugin_runtime) {

src/maat_plugin.c

@@ -31,9 +31,7 @@ struct plugin_callback_schema {
 struct plugin_runtime {
     long long acc_line_num;
     struct ex_data_runtime *ex_data_rt;
-
+    long long rule_num;
-    uint32_t rule_num;
-
     struct maat_garbage_bin *ref_garbage_bin;
     struct log_handle *logger;
 };
@@ -452,6 +450,16 @@ int plugin_runtime_commit(void *plugin_runtime, const char *table_name)
     return 0;
 }
 
+long long plugin_runtime_rule_count(void *plugin_runtime)
+{
+    if (NULL == plugin_runtime) {
+        return 0;
+    }
+    
+    struct plugin_runtime *plugin_rt = (struct plugin_runtime *)plugin_runtime;
+    return plugin_rt->rule_num;
+}
+
 struct ex_data_runtime *plugin_runtime_get_ex_data_rt(void *plugin_runtime)
 {
     if (NULL == plugin_runtime) {

src/maat_rule.c

@@ -393,17 +393,16 @@ int maat_update_cb(const char *table_name, const char *line, void *u_param)
 	return 0;
 }
 
-uint32_t maat_runtime_rule_num(struct maat_runtime *maat_rt)
+long long maat_runtime_rule_num(struct maat_runtime *maat_rt)
 {
-	uint32_t total = 0;
+	long long total = 0;
-	void *runtime = NULL;
 	
 	for (size_t i = 0; i < maat_rt->max_table_num; i++) {
-		runtime = table_manager_get_runtime(maat_rt->ref_tbl_mgr, i);
+        long long rule_cnt = table_manager_runtime_rule_count(maat_rt->ref_tbl_mgr, i);
-		if (runtime != NULL) {
+		total += rule_cnt;
-            //TODO: by luis
+        if (rule_cnt != 0) {
-			//total += table_runtime_rule_count(runtime);
+            log_info(maat_rt->logger, MODULE_MAAT_RULE, "table:%d rule count:%lld", i, rule_cnt);
-		}
+        }
 	}
 
 	return total;
@@ -432,16 +431,16 @@ void maat_finish_cb(void *u_param)
     maat_plugin_table_all_callback_finish(maat_instance->tbl_mgr);
 
     if (maat_instance->creating_maat_rt != NULL) {
-        maat_instance->creating_maat_rt->rule_num = maat_runtime_rule_num(maat_instance->creating_maat_rt);
         maat_runtime_commit(maat_instance->creating_maat_rt, maat_instance->logger);
+        maat_instance->creating_maat_rt->rule_num = maat_runtime_rule_num(maat_instance->creating_maat_rt);
         log_info(maat_instance->logger, MODULE_MAAT_RULE, 
                  "Full config version %llu load %d entries complete", 
                  maat_instance->creating_maat_rt->version, 
                  maat_instance->creating_maat_rt->rule_num);
     } else if (maat_instance->maat_rt != NULL) {
-        maat_instance->maat_rt->rule_num = maat_runtime_rule_num(maat_instance->maat_rt);
         maat_instance->maat_rt->version = maat_instance->maat_version;
         maat_runtime_commit(maat_instance->maat_rt, maat_instance->logger);
+        maat_instance->maat_rt->rule_num = maat_runtime_rule_num(maat_instance->maat_rt);
         log_info(maat_instance->logger, MODULE_MAAT_RULE, 
                  "Inc config version %llu load %d entries complete", 
                  maat_instance->maat_rt->version, 

src/maat_table.c

@@ -73,6 +73,8 @@ struct table_operations {
     int (*update_runtime)(void *runtime, void *schema, const char *table_name,
                           const char *line, int valid_column);
     int (*commit_runtime)(void *runtime, const char *table_name);
+
+    long long (*runtime_rule_count)(void *runtime);
 };
 
 struct table_operations table_ops[TABLE_TYPE_MAX] = {
@@ -83,7 +85,8 @@ struct table_operations table_ops[TABLE_TYPE_MAX] = {
         .new_runtime = flag_runtime_new,
         .free_runtime = flag_runtime_free,
         .update_runtime = flag_runtime_update,
-        .commit_runtime = flag_runtime_commit
+        .commit_runtime = flag_runtime_commit,
+        .runtime_rule_count = flag_runtime_rule_count
     },
     {
         .type = TABLE_TYPE_FLAG_PLUS,
@@ -92,7 +95,8 @@ struct table_operations table_ops[TABLE_TYPE_MAX] = {
         .new_runtime = flag_runtime_new,
         .free_runtime = flag_runtime_free,
         .update_runtime = flag_runtime_update,
-        .commit_runtime = flag_runtime_commit
+        .commit_runtime = flag_runtime_commit,
+        .runtime_rule_count = flag_runtime_rule_count
     },
     {
         .type = TABLE_TYPE_EXPR,
@@ -101,7 +105,8 @@ struct table_operations table_ops[TABLE_TYPE_MAX] = {
         .new_runtime = expr_runtime_new,
         .free_runtime = expr_runtime_free,
         .update_runtime = expr_runtime_update,
-        .commit_runtime = expr_runtime_commit
+        .commit_runtime = expr_runtime_commit,
+        .runtime_rule_count = expr_runtime_rule_count
     },
     {
         .type = TABLE_TYPE_EXPR_PLUS,
@@ -110,7 +115,8 @@ struct table_operations table_ops[TABLE_TYPE_MAX] = {
         .new_runtime = expr_runtime_new,
         .free_runtime = expr_runtime_free,
         .update_runtime = expr_runtime_update,
-        .commit_runtime = expr_runtime_commit
+        .commit_runtime = expr_runtime_commit,
+        .runtime_rule_count = expr_runtime_rule_count
     },
     {
         .type = TABLE_TYPE_IP_PLUS,
@@ -119,7 +125,8 @@ struct table_operations table_ops[TABLE_TYPE_MAX] = {
         .new_runtime = ip_runtime_new,
         .free_runtime = ip_runtime_free,
         .update_runtime = ip_runtime_update,
-        .commit_runtime = ip_runtime_commit
+        .commit_runtime = ip_runtime_commit,
+        .runtime_rule_count = ip_runtime_rule_count
     },
     {
         .type = TABLE_TYPE_INTERVAL,
@@ -128,7 +135,8 @@ struct table_operations table_ops[TABLE_TYPE_MAX] = {
         .new_runtime = interval_runtime_new,
         .free_runtime = interval_runtime_free,
         .update_runtime = interval_runtime_update,
-        .commit_runtime = interval_runtime_commit
+        .commit_runtime = interval_runtime_commit,
+        .runtime_rule_count = interval_runtime_rule_count
     },
     {
         .type = TABLE_TYPE_INTERVAL_PLUS,
@@ -137,7 +145,8 @@ struct table_operations table_ops[TABLE_TYPE_MAX] = {
         .new_runtime = interval_runtime_new,
         .free_runtime = interval_runtime_free,
         .update_runtime = interval_runtime_update,
-        .commit_runtime = interval_runtime_commit
+        .commit_runtime = interval_runtime_commit,
+        .runtime_rule_count = interval_runtime_rule_count
     },
     {
         .type = TABLE_TYPE_PLUGIN,
@@ -146,7 +155,8 @@ struct table_operations table_ops[TABLE_TYPE_MAX] = {
         .new_runtime = plugin_runtime_new,
         .free_runtime = plugin_runtime_free,
         .update_runtime = plugin_runtime_update,
-        .commit_runtime = plugin_runtime_commit
+        .commit_runtime = plugin_runtime_commit,
+        .runtime_rule_count = plugin_runtime_rule_count
     },
     {
         .type = TABLE_TYPE_IP_PLUGIN,
@@ -155,7 +165,8 @@ struct table_operations table_ops[TABLE_TYPE_MAX] = {
         .new_runtime = ip_plugin_runtime_new,
         .free_runtime = ip_plugin_runtime_free,
         .update_runtime = ip_plugin_runtime_update,
-        .commit_runtime = ip_plugin_runtime_commit
+        .commit_runtime = ip_plugin_runtime_commit,
+        .runtime_rule_count = ip_plugin_runtime_rule_count
     },
     {
         .type = TABLE_TYPE_FQDN_PLUGIN,
@@ -164,7 +175,8 @@ struct table_operations table_ops[TABLE_TYPE_MAX] = {
         .new_runtime = fqdn_plugin_runtime_new,
         .free_runtime = fqdn_plugin_runtime_free,
         .update_runtime = fqdn_plugin_runtime_update,
-        .commit_runtime = fqdn_plugin_runtime_commit
+        .commit_runtime = fqdn_plugin_runtime_commit,
+        .runtime_rule_count = fqdn_plugin_runtime_rule_count
     },
     {
         .type = TABLE_TYPE_BOOL_PLUGIN,
@@ -173,7 +185,8 @@ struct table_operations table_ops[TABLE_TYPE_MAX] = {
         .new_runtime = bool_plugin_runtime_new,
         .free_runtime = bool_plugin_runtime_free,
         .update_runtime = bool_plugin_runtime_update,
-        .commit_runtime = bool_plugin_runtime_commit
+        .commit_runtime = bool_plugin_runtime_commit,
+        .runtime_rule_count = bool_plugin_runtime_rule_count
     },
     {
         .type = TABLE_TYPE_VIRTUAL,
@@ -200,7 +213,8 @@ struct table_operations table_ops[TABLE_TYPE_MAX] = {
         .new_runtime = compile_runtime_new,
         .free_runtime = compile_runtime_free,
         .update_runtime = compile_runtime_update,
-        .commit_runtime = compile_runtime_commit
+        .commit_runtime = compile_runtime_commit,
+        .runtime_rule_count = compile_runtime_rule_count
     },
     {
         .type = TABLE_TYPE_GROUP2GROUP,
@@ -209,7 +223,8 @@ struct table_operations table_ops[TABLE_TYPE_MAX] = {
         .new_runtime = group2group_runtime_new,
         .free_runtime = group2group_runtime_free,
         .update_runtime = group2group_runtime_update,
-        .commit_runtime = group2group_runtime_commit
+        .commit_runtime = group2group_runtime_commit,
+        .runtime_rule_count = group2group_runtime_rule_count
     },
     {
         .type = TABLE_TYPE_GROUP2COMPILE,
@@ -218,7 +233,8 @@ struct table_operations table_ops[TABLE_TYPE_MAX] = {
         .new_runtime = group2compile_runtime_new,
         .free_runtime = group2compile_runtime_free,
         .update_runtime = group2compile_runtime_update,
-        .commit_runtime = NULL
+        .commit_runtime = NULL,
+        .runtime_rule_count = group2compile_runtime_rule_count
     }
 };
 
@@ -832,3 +848,21 @@ void table_manager_commit_runtime(struct table_manager *tbl_mgr, int table_id)
         table_ops[table_type].commit_runtime(runtime, ptable->table_name);;
     }
 }
+
+long long table_manager_runtime_rule_count(struct table_manager *tbl_mgr, int table_id)
+{
+    void *runtime = table_manager_get_runtime(tbl_mgr, table_id);
+    if (NULL == runtime) {
+        return 0;
+    }
+
+    enum table_type table_type = table_manager_get_table_type(tbl_mgr, table_id);
+    if (table_type == TABLE_TYPE_INVALID) {
+        log_error(tbl_mgr->logger, MODULE_TABLE, 
+                  "[%s:%d] table(table_id:%d) table_type is invalid, can't update runtime",
+                  __FUNCTION__, __LINE__, table_id);
+        return 0;
+    }
+
+    return table_ops[table_type].runtime_rule_count(runtime);
+}

test/maat_framework_gtest.cpp

@@ -322,6 +322,21 @@ int del_command(struct maat *maat_instance, int compile_id)
 {
     return compile_table_set_line(maat_instance, "COMPILE", MAAT_OP_DEL, compile_id, NULL, 1, 0);
 }
+
+static void random_keyword_generate(char *keyword_buf, size_t sz)
+{
+#define MIN_KEYWORD_LEN	4
+	size_t i=0, len=0;
+	len=random()%(sz-1-MIN_KEYWORD_LEN)+MIN_KEYWORD_LEN;
+	for(i=0; i<len; i++)
+	{
+		//keyword_buf[i]='0'+random()%('~' - '0');
+		keyword_buf[i]='a'+random()%('z' - 'a');
+	}
+	keyword_buf[i]='\0';
+	return;
+}
+
 #if 0
 class MaatStreamScan : public testing::Test
 {
@@ -342,7 +357,7 @@ protected:
         maat_free(_shared_maat_instance);
 
         maat_options_set_foreign_cont_dir(opts, "./foreign_files/");
-        maat_options_set_rule_effect_interval_ms(opts, 20 * 1000); //20s for garbage collection
+        maat_options_set_rule_effect_interval_ms(opts, 10 * 1000); //20s for garbage collection
         _shared_maat_instance = maat_new(opts, table_info_path);
         maat_options_free(opts);
     }
@@ -357,11 +372,10 @@ protected:
 struct maat *MaatStreamScan::_shared_maat_instance;
 
 TEST_F(MaatStreamScan, dynamic_config) {
-    const char *scan_data1 = "http://www.cyberessays.com/search_results.php?action=search&query=yulingjing,abckkk,1234567";
+	const char *scan_data1 = "hello world cyberessays.com/search_results.php?action=search&query=yulingjing,abckkk,1234567";
-	const char *scan_data2 = "hello world";
     const char *table_name = "HTTP_URL";
-    const char *keywords1 = "action=search\\&query=(.*)";
+    const char *keywords1 = "hello";
-    const char *keywords2 = "hello";
+    char keyword_buf[128];
     long long results[ARRAY_SIZE] = {0};
     size_t n_hit_result = 0;
     int thread_id = 0;
@@ -389,27 +403,24 @@ TEST_F(MaatStreamScan, dynamic_config) {
 	EXPECT_EQ(results[0], compile1_id);
 	maat_state_reset(state);
 
-    long long compile2_id = maat_cmd_incrby(maat_instance, "TEST_SEQ", 1);
-    ret = test_add_expr_command(maat_instance, table_name, compile2_id, 0, keywords2);
-    EXPECT_EQ(ret, 1);
-
     for (int i = 0; i < 100; i++) {
+        random_keyword_generate(keyword_buf, sizeof(keyword_buf));
+        long long compile_id = maat_cmd_incrby(maat_instance, "TEST_SEQ", 1);
+        ret = test_add_expr_command(maat_instance, table_name, compile_id, 0, keyword_buf);
+        EXPECT_EQ(ret, 1);
+
         ret = maat_stream_scan(sp, "www.cyberessays.com", strlen("www.cyberessays.com"),
                                results, ARRAY_SIZE, &n_hit_result, state);
         EXPECT_EQ(ret, MAAT_SCAN_OK);
 
-        ret = maat_stream_scan(sp, scan_data2, strlen(scan_data2), results, ARRAY_SIZE,
+        ret = maat_stream_scan(sp, scan_data1, strlen(scan_data1), results, ARRAY_SIZE,
                                &n_hit_result, state);
         EXPECT_EQ(ret, MAAT_SCAN_HIT);
-        EXPECT_EQ(results[0], compile2_id);
+        EXPECT_EQ(results[0], compile1_id);
         maat_state_reset(state);
         usleep(500 * 1000);
-
-        compile2_id = maat_cmd_incrby(maat_instance, "TEST_SEQ", 1);
-        ret = test_add_expr_command(maat_instance, table_name, compile2_id, 0, keywords2);
-        EXPECT_EQ(ret, 1);
-        
     }
+
     maat_stream_free(sp);
     maat_state_free(state);
     sp = NULL;