gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

rename terminology "virtual table(vtable)" to "attribute"

Browse Source
This commit is contained in:
root
2024-08-22 06:42:37 +00:00
parent 678ddd718a
commit f660e6b2ac
38 changed files with 691 additions and 701 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/getting_started.md
View File

@@ -61,7 +61,7 @@ Table schema is stored in a json file(such as table_info.conf), which is loaded
"group_id":1,
"rule_id":2,
"not_flag":4,
"virtual_table_name":5,
"attribute_name":5,
"clause_index":6
}
},

4
docs/history.md
View File

@@ -8,7 +8,7 @@
| v3.1.20| 2021-4-28 | Add explanation for loading gzip-compressed JSON files | Zheng Chao |
| v3.1.5 | 2021-3-12 | Add matching examples for callback class FQDN table | Zheng Chao |
| v3.1.4 | 2020-11-04| When content foreign key is "null," it represents an empty file | Zheng Chao |
| v3.1.1 | 2020-9-27 | Add explanation for creating virtual tables on multiple different types of physical tables | Zheng Chao |
| v3.1.1 | 2020-9-27 | Add explanation for creating attributes on multiple different types of physical tables | Zheng Chao |
| v3.1.0 | 2020-9-18 | Add FQDN callback table | Zheng Chao |
| v3.0.4 | 2020-8-17 | Add extended numerical domain configuration interval_plus | Zheng Chao |
| v3.0 | 2020-6-29 | Maat 3.0, support clauses, original grouping table split into grouping relationship table and grouping compilation table | Zheng Chao |
@@ -16,7 +16,7 @@
| v2.8 | 2020-2-11 | Support Hit Path | Zheng Chao |
| v2.8 | 2020-2-4 | Support sorting strategies by Evaluation Order | Zheng Chao |
| v2.8 | 2020-1-22 | Maat JSON file encryption support, see 17.3 | Zheng Chao |
| v2.8 | 2019-7-28 | 1. No longer compatible with no grouping tables 2. Support virtual tables | Zheng Chao |
| v2.8 | 2019-7-28 | 1. No longer compatible with no grouping tables 2. Support attributes | Zheng Chao |
| v2.7.2 | 2019-7-10 | Expand IP configuration table to support CIDR format | Zheng Chao |
| v2.7.1 | 2019-5-23 | Rename rich IP class configuration table to extended IP configuration table | Zheng Chao |
| v2.7.0 | 2019-5-12 | 1. Add explanation for subgroup relationships 2. Add explanation for rich IP class configuration | Zheng Chao |

16
docs/logical_combinations.md
View File

@@ -42,7 +42,7 @@ Before showing how to configure the specific rules, we need some raw materials (
```bash
rule(rule) = clause1 & clause2
= {vtable1, group1, clause_index1} & {vtable2, group2, clause_index2}
= {attribute1, group1, clause_index1} & {attribute2, group2, clause_index2}
= {2, 211, 1} & {1, 201, 2}
```
@@ -53,7 +53,7 @@ rule(rule) = clause1 & clause2
```bash
rule(rule) = clause1 & clause2
= {vtable1, group1, clause_index1} & {vtable2, group2, clause_index2}
= {attribute1, group1, clause_index1} & {attribute2, group2, clause_index2}
= {2, 211, 1} & {3, 221, 2}
```
@@ -74,7 +74,7 @@ group_name: "152_mail_addr" and group_name: "interval_group_refered" are two cla
```bash
rule(rule) = clause1 & clause2
= {vtable1, (group1 | group2), clause_index1} & {vtable2, group3, clause_index2}
= {attribute1, (group1 | group2), clause_index1} & {attribute2, group3, clause_index2}
= {2, (211 | 212), 1} & {1, 201, 2}
```
@@ -86,7 +86,7 @@ rule(rule) = clause1 & clause2
```bash
rule(rule) = clause1 & clause2
= {vtable1, group1, clause_index1} & {vtable2, (group2 | group3), clause_index2}
= {attribute1, group1, clause_index1} & {attribute2, (group2 | group3), clause_index2}
= {2, 211, 1} & {3, (221 | 222), 2}
```
@@ -106,7 +106,7 @@ group_name: "152_mail_addr" contains two regions(items) with a logical `OR` rela
```bash
rule(rule) = clause1 & !clause2
= {vtable1, group1, clause_index1} & !{vtable2, group2, clause_index2}
= {attribute1, group1, clause_index1} & !{attribute2, group2, clause_index2}
= {2, 211, 1} & !{1, 201, 2}
```
@@ -118,7 +118,7 @@ rule(rule) = clause1 & !clause2
```bash
rule(rule) = clause1 & !clause2
= {vtable1, group1, clause_index1} & !{vtable2, (group2 | group3), clause_index2}
= {attribute1, group1, clause_index1} & !{attribute2, (group2 | group3), clause_index2}
= {2, 211, 1} & !{3, (221 | 222), 2}
```
@@ -148,7 +148,7 @@ super_group1 = group1 exclude group2
And then configure the rule.
```bash
rule(rule) = clause1 & clause2
= {vtable1, super_group1, clause_index1} & {vtable2, group2, clause_index2}
= {attribute1, super_group1, clause_index1} & {attribute2, group2, clause_index2}
= {2, (210 exclude 211), 1} & {1, 201, 2}
```
@@ -167,7 +167,7 @@ super_group2 = group2 exclude group3
And then configure the rule.
```bash
rule(rule) = clause1 & clause2
= {vtable1, group1, clause_index1} & {vtable2, super_group2, clause_index2}
= {attribute1, group1, clause_index1} & {attribute2, super_group2, clause_index2}
= {2, 211, 1} & {1, (202 exclude 201), 2}
```

38
docs/maat_table.md
View File

@@ -7,7 +7,7 @@ The maat table consists of two parts: `schema` and `runtime`, which is the core
## 1. Table schema
Maat tables are divided into two categories: physical tables that actually exist in the database and virtual tables that reference physical tables.
Maat tables are divided into two categories: physical tables that actually exist in the database and attributes that reference physical tables.
The types of physical tables are as follows:
- [item table](#11-item-table)
@@ -22,7 +22,7 @@ The types of physical tables are as follows:
Different physical tables can be combined into one table, see [conjunction table](#110-conjunction-table)
A virtual table can only reference one physical table or conjuntion table, see [virtual table](#111-virtual-table)
A attribute can only reference one physical table or conjuntion table, see [attribute](#111-attribute)
### 1.1 <a name='Itemtable'></a> Item table
@@ -257,7 +257,7 @@ Describe the relationship between group and rule.
| **rule_id** | LONG LONG | rule id |
| **is_valid** | INT | 0(invalid), 1(valid) |
| **not_flag** | INT | logical 'NOT', identify a NOT clause, 0(no) 1(yes) |
| **virtual_table** | VARCHAR2(256) | virtual table name, NOT NULL |
| **attribute** | VARCHAR2(256) | attribute name, NOT NULL |
| **Nth_clause** | INT | the clause seq in (conjunctive normal form)CNF, from 0 to 7. groups with the same clause ID are logical 'OR' |
NOTE: If group_id is invalid in xx_item table, it must be marked as invalid in this table.
@@ -370,11 +370,11 @@ For example: HTTP_REGION is the conjunction of HTTP_URL and HTTP_HOST.
`Note`: Only physical tables support conjunction.
### 1.11 <a name='VirtualTable'></a> virtual table
### 1.11 <a name='Attribute'></a> attribute
A physical table refers to a table that physically exists in the database. In contrast, there are no virtual tables in the database. Virtual tables are merely references to physical tables, where one virtual table can only reference one physical table. If you want to reference multiple physical tables of the same type, you need to first combine these physical tables into a conjunction table, and then have the virtual table reference it. A physical table can be referenced by multiple virtual tables.
A physical table refers to a table that physically exists in the database. In contrast, there are no attributes in the database. Attributes are merely references to physical tables, where one attribute can only reference one physical table. If you want to reference multiple physical tables of the same type, you need to first combine these physical tables into a conjunction table, and then have the attribute reference it. A physical table can be referenced by multiple attributes.
Virtual tables are often used for different traffic attributes, where different virtual tables represent different traffic attributes, such as HTTP_HOST, HTTP_URL, and so on.
Attributes are often used for different traffic attributes, where different attributes represent different traffic attributes, such as HTTP_HOST, HTTP_URL, and so on.
### 1.12 <a name='ForeignFiles'></a>Foreign Files
@@ -445,21 +445,21 @@ In addition to the rule table, there is also the group2rule table in the table s
1. For expressions without NOT-clauses, returning the matched rule_id:
* rule1 = clause1 & clause2 = {vtable1, g1} & {vtable2, g2}
* rule1 = clause1 & clause2 = {attribute1, g1} & {attribute2, g2}
* rule2 = clause1 & clause2 = {vtable1, g2} & {vtable2, g3}
* rule2 = clause1 & clause2 = {attribute1, g2} & {attribute2, g3}
Given the matched vtable_id and group_id, all matching rule_ids can be provided. For example, if scanning vtable1 matches g2 and vtable2 matches g3, rule_runtime will return the matched rule_id 2.
Given the matched attribute_id and group_id, all matching rule_ids can be provided. For example, if scanning attribute1 matches g2 and attribute2 matches g3, rule_runtime will return the matched rule_id 2.
2. For expressions with NOT-clauses, returning the matched rule_id:
* rule3 = clause1 & !clause2 = {vtable1, g1} & !{vtable2, g2}
* rule3 = clause1 & !clause2 = {attribute1, g1} & !{attribute2, g2}
* rule4 = !clause1 & clause2 = !{vtable1, g2} & {vtable2, g3}
* rule4 = !clause1 & clause2 = !{attribute1, g2} & {attribute2, g3}
If scanning vtable1 matches g1 and vtable2 matches g3, rule_runtime will return the matched rule_id 4.
If scanning attribute1 matches g1 and attribute2 matches g3, rule_runtime will return the matched rule_id 4.
3. If a rule_id is matched, the full hit path can be obtained: **item_id -> group_id ->** {super_group_id} -> clause{**vtable_id, not_flag, clause_index} -> rule_id**. If the matched group is not referenced by a rule, a half hit path can be obtained: **item_id -> group_id** -> {super_group_id}.
3. If a rule_id is matched, the full hit path can be obtained: **item_id -> group_id ->** {super_group_id} -> clause{**attribute_id, not_flag, clause_index} -> rule_id**. If the matched group is not referenced by a rule, a half hit path can be obtained: **item_id -> group_id** -> {super_group_id}.
4. Getting the matched group_ids and the count of hit groups.
@@ -473,9 +473,9 @@ Rule runtime loads the rule table and group2rule table configurations into memor
1. All clause_ids under the same rule are used to construct AND expressions, and all rule AND expressions are used to build a bool_matcher.
2. For not_flag=0 (clauses), a `clause_id hash` is built, key:{group_id, vtable_id, not_flag}, value:clause_id.
2. For not_flag=0 (clauses), a `clause_id hash` is built, key:{group_id, attribute_id, not_flag}, value:clause_id.
3. For not_flag=1 (NOT-clauses), a `NOT_clause_id hash` is built, key:{group_id, vtable_id, not_flag}, value:clause_id.
3. For not_flag=1 (NOT-clauses), a `NOT_clause_id hash` is built, key:{group_id, attribute_id, not_flag}, value:clause_id.
* **Data Plane**
@@ -485,17 +485,17 @@ On the data plane, services are provided externally through the maat API, primar
* The hit item_id and group_id form a half-hit path.
* The group_id that is hit and the scanned `vtable_id` form the key {group_id, vtable_id, 0}. This key is used to find the `hit clause_ids` in the clause_id hash.
* The group_id that is hit and the scanned `attribute_id` form the key {group_id, attribute_id, 0}. This key is used to find the `hit clause_ids` in the clause_id hash.
* Use the key {group_id, vtable_id, 1} to search for NOT_clause_ids in the NOT_clause_id hash and cache them as `exclude clause_ids`. These clause_ids need to be removed from all clause_ids that are eventually hit. This is because the scan hit {group_id, vtable_id, 0} => clause_id, leading to the deduction that {group_id, vtable_id, 1} => NOT_clause_id does not hit.
* Use the key {group_id, attribute_id, 1} to search for NOT_clause_ids in the NOT_clause_id hash and cache them as `exclude clause_ids`. These clause_ids need to be removed from all clause_ids that are eventually hit. This is because the scan hit {group_id, attribute_id, 0} => clause_id, leading to the deduction that {group_id, attribute_id, 1} => NOT_clause_id does not hit.
* Identify the group_ids in vtable_id table that appear in the NOT_clause and add them to the `NOT_clause_group` set. Ensure that this set does not contain any group_id that was hit during scanning. If any such group_id is present, remove it from the set to form the final `NOT_clause_group` for the vtable_id table.
* Identify the group_ids in attribute_id table that appear in the NOT_clause and add them to the `NOT_clause_group` set. Ensure that this set does not contain any group_id that was hit during scanning. If any such group_id is present, remove it from the set to form the final `NOT_clause_group` for the attribute_id table.
* Use the hit clause_ids to determine if there are any hit rule_ids. If there are, populate the half-hit path which will become full-hit path.
2. **maat_scan_not_logic**: This interface is used to activate NOT-clause logic.
* Traverse the `NOT_clause_group` of `vtable_id`. For each `group_id`, form a key `{group_id, vtable_id, 1}` to obtain the `NOT_clause_id`. If it is in the `exclude clause_ids` set, ignore it; otherwise, add it to the `all hit clause_ids` set as a hit `NOT_clause_id`, and record the half-hit path of the NOT-clause.
* Traverse the `NOT_clause_group` of `attribute_id`. For each `group_id`, form a key `{group_id, attribute_id, 1}` to obtain the `NOT_clause_id`. If it is in the `exclude clause_ids` set, ignore it; otherwise, add it to the `all hit clause_ids` set as a hit `NOT_clause_id`, and record the half-hit path of the NOT-clause.
* Use the `all hit clause_ids` to calculate if there are any newly hit rule_ids. If there are, populate the half-hit path of the NOT-clause which will become full-hit path.

2
docs/overview.md
View File

@@ -28,7 +28,7 @@ As shown in the diagram below, maat organizes and abstracts configurations using
In addition, groups support nesting. For more detailed information, please refer to [group hierarchy](./group_hierarchy.md).
If we define literal_id = {virtual_table_id, group_id}, then a literal is composed of one or more literal_ids. The multiple literal_ids that form the same clause have a logical “OR” relationship. The multiple clauses that form the same rule have a logical “AND” relationship, and there can be a maximum of 8 clauses within the same rule. In addition, the clause itself supports logical "NOT".
If we define literal_id = {attribute_id, group_id}, then a literal is composed of one or more literal_ids. The multiple literal_ids that form the same clause have a logical “OR” relationship. The multiple clauses that form the same rule have a logical “AND” relationship, and there can be a maximum of 8 clauses within the same rule. In addition, the clause itself supports logical "NOT".
<img src="./imgs/rule_diagram.png" width="800" height="450" >

14
docs/terminology.md
View File

@@ -6,7 +6,7 @@
* [Clause(Condition)](#clause)
* [Literal](#literal)
* [Physical table](#physical-table)
* [Virtual table](#virtual-table)
* [Attribute](#attribute)
* [Table schema](#table-schema)
* [Table runtime](#table-runtime)
* [Table rule](#table-ruleconfiguration)
@@ -48,7 +48,7 @@ The relationship between group and group is stored in the [group2group table](./
## Rule(Policy)
A conjunctive normal form(CNF) consisting of multiple groups and virtual tables.
A conjunctive normal form(CNF) consisting of multiple groups and attributes.
`Note`: A rule can contain up to 8 clauses and multiple clauses in the same rule can be logical 'AND' and logical 'NOT' relationships.
@@ -64,19 +64,19 @@ Clauses are divided into two categories based on whether they contain the logica
## Literal
A Literal consists of `vtable_id(virtual table id)` and `group_id`. During the rules loading process, a unique clause_id will be generated based on the combination of virtual table_id and group_id in the same clause.
A Literal consists of `attribute_id(attribute id)` and `group_id`. During the rules loading process, a unique clause_id will be generated based on the combination of attribute_id and group_id in the same clause.
## Physical table
Different rules are stored in different tables in the actual database, including [item table](./maat_table.md#11-item-table), [rule table](./maat_table.md#12-rule-table), [group2rule table](./maat_table.md#13-group2rule-table), [group2group table](./maat_table.md#14-group2group-table), and [xx_plugin table](./maat_table.md#15-plugin-table), and so on.
## Virtual table
## Attribute
A virtual table references a physical table. In practice, network traffic attributes are commonly used as virtual table, such as HTTP_HOST, SSL_SNI, etc. The constraints of virtual tables are as follows:
A attribute references a physical table. In practice, network traffic attributes are commonly used as attribute, such as HTTP_HOST, SSL_SNI, etc. The constraints of attributes are as follows:
* A virtual table can only reference one physical table. If it need to reference multiple physical tables of the same type, these physical tables can be first joined together into one table and then referenced.
* A attribute can only reference one physical table. If it need to reference multiple physical tables of the same type, these physical tables can be first joined together into one table and then referenced.
* A physical table can be referenced by different virtual tables. For example, the keyword_table can be referenced by two virtual tables, http_request_body_virt and http_response_body_virt.
* A physical table can be referenced by different attributes. For example, the keyword_table can be referenced by two attributes, http_request_body_virt and http_response_body_virt.
<img src="./imgs/virt-phy-mapping.png" width="300" height="150" >

4
include/maat.h
View File

@@ -29,7 +29,7 @@ struct maat;
struct maat_hit_path {
int Nth_scan;
int vtable_id; // 0 is not a virtual table.
int attribute_id; // 0 is not a attribute.
int NOT_flag; // 1 means NOT clause(condition)
int clause_index; // 0 ~ 7
long long item_id;
@@ -41,7 +41,7 @@ struct maat_hit_path {
struct maat_hit_group {
long long item_id;
long long group_id;
int vtable_id;
int attribute_id;
};
enum maat_scan_status {

2
src/CMakeLists.txt
View File

@@ -14,7 +14,7 @@ add_definitions(-fPIC)
set(MAAT_SRC alignment.c json2iris.c maat_api.c rcu_hash.c maat_garbage_collection.c maat_config_monitor.c
maat_core.c maat_kv.c maat_ex_data.c maat_utils.c maat_command.c maat_redis_monitor.c maat_table.c
maat_rule.c maat_group.c maat_ip.c maat_flag.c maat_interval.c maat_expr.c maat_plugin.c
maat_ip_plugin.c maat_ipport_plugin.c maat_bool_plugin.c maat_fqdn_plugin.c maat_virtual.c maat_stat.c)
maat_ip_plugin.c maat_ipport_plugin.c maat_bool_plugin.c maat_fqdn_plugin.c maat_attribute.c maat_stat.c)
set(LIB_SOURCE_FILES
${PROJECT_SOURCE_DIR}/deps/cJSON/cJSON.c ${PROJECT_SOURCE_DIR}/deps/log/log.c)

63
src/inc_internal/maat_attribute.h Normal file
View File

@@ -0,0 +1,63 @@
/*
**********************************************************************************************
* File: maat_attribute.h
* Description:
* Authors: Liu WenTan <liuwentan@geedgenetworks.com>
* Date: 2022-10-31
* Copyright: (c) Since 2022 Geedge Networks, Ltd. All rights reserved.
***********************************************************************************************
*/
#ifndef _MAAT_ATTRIBUTE_H_
#define _MAAT_ATTRIBUTE_H_
#ifdef __cplusplus
extern "C"
{
#endif
#include "cJSON/cJSON.h"
#include "maat_table.h"
struct attribute_runtime;
void *attribute_schema_new(cJSON *json, struct table_manager *tbl_mgr,
const char *table_name, struct log_handle *logger);
void attribute_schema_free(void *attribute_schema);
void *attribute_runtime_new(void *attribute_schema, size_t max_thread_num,
struct maat_garbage_bin *garbage_bin,
struct log_handle *logger);
void attribute_runtime_free(void *attribute_runtime);
void attribute_runtime_scan_times_inc(struct attribute_runtime *virt_rt,
int thread_id);
void attribute_runtime_scan_bytes_add(struct attribute_runtime *virt_rt,
int thread_id, long long val);
long long attribute_runtime_scan_bytes(void *virt_rt);
long long attribute_runtime_scan_times(void *attribute_runtime);
long long attribute_runtime_scan_cpu_time(void *attribute_runtime);
void attribute_runtime_hit_times_inc(struct attribute_runtime *virt_rt,
int thread_id);
long long attribute_runtime_hit_times(void *attribute_runtime);
void attribute_runtime_hit_item_num_add(struct attribute_runtime *virt_rt,
int thread_id, long long val);
long long attribute_runtime_hit_item_num(void *attribute_runtime);
int attribute_get_physical_table_id(struct table_manager *tbl_mgr, int attribute_id);
#ifdef __cplusplus
}
#endif
#endif

2
src/inc_internal/maat_core.h
View File

@@ -31,7 +31,7 @@ extern "C"
#include "maat.h"
#include "maat_kv.h"
#include "maat_table.h"
#include "maat_virtual.h"
#include "maat_attribute.h"
#include "maat_stat.h"
#include "hiredis/hiredis.h"

4
src/inc_internal/maat_expr.h
View File

@@ -50,12 +50,12 @@ long long expr_runtime_get_version(void *expr_runtime);
* @retval the num of hit group_id
*/
int expr_runtime_scan(struct expr_runtime *expr_rt, int thread_id, const char *data,
size_t data_len, int vtable_id, struct maat_state *state);
size_t data_len, int attribute_id, struct maat_state *state);
struct expr_runtime_stream *expr_runtime_stream_open(struct expr_runtime *expr_rt, int thread_id);
int expr_runtime_stream_scan(struct expr_runtime_stream *expr_rt_stream, const char *data,
size_t data_len, int vtable_id, struct maat_state *state);
size_t data_len, int attribute_id, struct maat_state *state);
void expr_runtime_stream_close(struct expr_runtime_stream *expr_rt_stream);

2
src/inc_internal/maat_flag.h
View File

@@ -48,7 +48,7 @@ long long flag_runtime_rule_count(void *flag_runtime);
* @retval the num of hit group_id
*/
int flag_runtime_scan(struct flag_runtime *flag_rt, int thread_id, long long flag,
int vtable_id, struct maat_state *state);
int attribute_id, struct maat_state *state);
int flag_runtime_set_scan_district(struct flag_runtime *flag_rt, const char *district,
size_t district_len, long long *district_id);

2
src/inc_internal/maat_interval.h
View File

@@ -49,7 +49,7 @@ long long interval_runtime_rule_count(void *interval_runtime);
* @retval the num of hit group_id
*/
int interval_runtime_scan(struct interval_runtime *interval_rt, int thread_id,
long long integer, int vtable_id, struct maat_state *state);
long long integer, int attribute_id, struct maat_state *state);
int interval_runtime_set_scan_district(struct interval_runtime *interval_rt,
const char *district, size_t district_len,

2
src/inc_internal/maat_ip.h
View File

@@ -42,7 +42,7 @@ long long ip_runtime_ipv6_rule_count(void *ip_runtime);
/* ip runtime scan API */
int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type,
uint8_t *ip_addr, int port, int vtable_id, struct maat_state *state);
uint8_t *ip_addr, int port, int attribute_id, struct maat_state *state);
void ip_runtime_perf_stat(struct ip_runtime *ip_rt, struct timespec *start,
struct timespec *end, int thread_id);

4
src/inc_internal/maat_rule.h
View File

@@ -93,14 +93,14 @@ void rule_state_free(struct rule_state *rule_state,
struct maat *maat_instance, int thread_id);
int rule_state_update(struct rule_state *rule_state, struct maat *maat_inst,
int vtable_id, int custom_rule_tbl_id, int Nth_scan,
int attribute_id, int custom_rule_tbl_id, int Nth_scan,
struct maat_item *hit_items, size_t n_hit_item);
void rule_state_clear_last_hit_group(struct rule_state *rule_state);
void rule_state_not_logic_update(struct rule_state *rule_state,
struct rule_runtime *rule_rt,
struct maat *maat_inst, int vtable_id,
struct maat *maat_inst, int attribute_id,
int Nth_scan);
size_t rule_state_get_internal_hit_paths(struct rule_state *rule_state,

2
src/inc_internal/maat_table.h
View File

@@ -38,7 +38,7 @@ enum table_type {
TABLE_TYPE_FQDN_PLUGIN,
TABLE_TYPE_BOOL_PLUGIN,
//above are physical table
TABLE_TYPE_VIRTUAL,
TABLE_TYPE_ATTRIBUTE,
TABLE_TYPE_RULE,
TABLE_TYPE_GROUP2GROUP,
TABLE_TYPE_GROUP2RULE,

63
src/inc_internal/maat_virtual.h
View File

@@ -1,63 +0,0 @@
/*
**********************************************************************************************
* File: maat_virtual.h
* Description:
* Authors: Liu WenTan <liuwentan@geedgenetworks.com>
* Date: 2022-10-31
* Copyright: (c) Since 2022 Geedge Networks, Ltd. All rights reserved.
***********************************************************************************************
*/
#ifndef _MAAT_VIRTUAL_H_
#define _MAAT_VIRTUAL_H_
#ifdef __cplusplus
extern "C"
{
#endif
#include "cJSON/cJSON.h"
#include "maat_table.h"
struct virtual_runtime;
void *virtual_schema_new(cJSON *json, struct table_manager *tbl_mgr,
const char *table_name, struct log_handle *logger);
void virtual_schema_free(void *virtual_schema);
void *virtual_runtime_new(void *virtual_schema, size_t max_thread_num,
struct maat_garbage_bin *garbage_bin,
struct log_handle *logger);
void virtual_runtime_free(void *virtual_runtime);
void virtual_runtime_scan_times_inc(struct virtual_runtime *virt_rt,
int thread_id);
void virtual_runtime_scan_bytes_add(struct virtual_runtime *virt_rt,
int thread_id, long long val);
long long virtual_runtime_scan_bytes(void *virt_rt);
long long virtual_runtime_scan_times(void *virtual_runtime);
long long virtual_runtime_scan_cpu_time(void *virtual_runtime);
void virtual_runtime_hit_times_inc(struct virtual_runtime *virt_rt,
int thread_id);
long long virtual_runtime_hit_times(void *virtual_runtime);
void virtual_runtime_hit_item_num_add(struct virtual_runtime *virt_rt,
int thread_id, long long val);
long long virtual_runtime_hit_item_num(void *virtual_runtime);
int vtable_get_physical_table_id(struct table_manager *tbl_mgr, int vtable_id);
#ifdef __cplusplus
}
#endif
#endif

18
src/json2iris.c
View File

@@ -644,7 +644,7 @@ write_region_rule(cJSON *region_json, int rule_id, int group_id,
static int
write_group2rule_line(int *group_ids, size_t n_group_id,
int rule_id, int group_not_flag,
int clause_index, const char *vtable,
int clause_index, const char *attribute,
struct iris_description *p_iris,
struct iris_table *g2c_table)
{
@@ -670,10 +670,10 @@ write_group2rule_line(int *group_ids, size_t n_group_id,
}
group_id_str[strlen(group_id_str) - 1] = '\0';
snprintf(buff, sizeof(buff), "%s\t%d\t%d\t%s\t%d\t1\n", group_id_str,
rule_id, group_not_flag, vtable, clause_index);
rule_id, group_not_flag, attribute, clause_index);
} else {
snprintf(buff, sizeof(buff), "%d\t%d\t%d\t%s\t%d\t1\n", group_ids[0],
rule_id, group_not_flag, vtable, clause_index);
rule_id, group_not_flag, attribute, clause_index);
}
table->write_pos += memcat(&(table->buff), table->write_pos,
@@ -759,7 +759,7 @@ write_group_rule(cJSON *group_json, int parent_id,
char group_name_array[32][MAX_NAME_STR_LEN];
size_t group_name_cnt = 0;
long long group_id = -1;
const char *virtual_table = NULL;
const char *attribute = NULL;
struct iris_table *g2c_table = NULL;
cJSON *item = cJSON_GetObjectItem(group_json, "group_name");
@@ -790,11 +790,11 @@ write_group_rule(cJSON *group_json, int parent_id,
}
if (parent_type == PARENT_TYPE_RULE) {
item = cJSON_GetObjectItem(group_json, "virtual_table");
item = cJSON_GetObjectItem(group_json, "attribute");
if (NULL == item || item->type != cJSON_String) {
virtual_table = "null";
attribute = "null";
} else {
virtual_table = item->valuestring;
attribute = item->valuestring;
}
item = cJSON_GetObjectItem(group_json, "not_flag");
@@ -834,7 +834,7 @@ write_group_rule(cJSON *group_json, int parent_id,
assert(parent_type == PARENT_TYPE_RULE);
ret = write_group2rule_line(group_ids, group_name_cnt, parent_id,
group_not_flag, clause_index,
virtual_table, p_iris, g2c_table);
attribute, p_iris, g2c_table);
} else {
struct group_info *group_info =
@@ -895,7 +895,7 @@ write_group_rule(cJSON *group_json, int parent_id,
if (parent_type == PARENT_TYPE_RULE) {
ret = write_group2rule_line(&(group_info->group_id), 1, parent_id,
group_not_flag, clause_index,
virtual_table, p_iris, g2c_table);
attribute, p_iris, g2c_table);
if (ret < 0) {
log_fatal(logger, MODULE_JSON2IRIS,
"[%s:%d] rule:%d write group error",

166
src/maat_api.c
View File

@@ -39,7 +39,7 @@
#include "maat_ipport_plugin.h"
#include "maat_fqdn_plugin.h"
#include "maat_bool_plugin.h"
#include "maat_virtual.h"
#include "maat_attribute.h"
#include "maat_stat.h"
#include "uthash/utarray.h"
@@ -62,7 +62,7 @@ struct maat_stream {
long long expr_rt_version;
struct log_handle *logger;
int thread_id;
int vtable_id;
int attribute_id;
int phy_table_id;
};
@@ -1050,7 +1050,7 @@ int maat_bool_plugin_table_get_ex_data(struct maat *maat_inst, int table_id,
static int
flag_scan(struct table_manager *tbl_mgr, int thread_id, long long flag,
int phy_table_id, int vtable_id, struct maat_state *state)
int phy_table_id, int attribute_id, struct maat_state *state)
{
enum table_type table_type =
table_manager_get_table_type(tbl_mgr, phy_table_id);
@@ -1072,26 +1072,26 @@ flag_scan(struct table_manager *tbl_mgr, int thread_id, long long flag,
flag_runtime_scan_times_inc((struct flag_runtime *)flag_rt, thread_id);
void *virt_rt = NULL;
table_type = table_manager_get_table_type(tbl_mgr, vtable_id);
if (table_type == TABLE_TYPE_VIRTUAL) {
virt_rt = table_manager_get_runtime(tbl_mgr, vtable_id);
table_type = table_manager_get_table_type(tbl_mgr, attribute_id);
if (table_type == TABLE_TYPE_ATTRIBUTE) {
virt_rt = table_manager_get_runtime(tbl_mgr, attribute_id);
if (virt_rt != NULL) {
virtual_runtime_scan_times_inc((struct virtual_runtime *)virt_rt,
attribute_runtime_scan_times_inc((struct attribute_runtime *)virt_rt,
thread_id);
}
}
int group_hit_cnt = flag_runtime_scan((struct flag_runtime *)flag_rt,
thread_id, flag, vtable_id, state);
thread_id, flag, attribute_id, state);
if (group_hit_cnt <= 0) {
return group_hit_cnt;
}
if (virt_rt != NULL) {
//Note: group_hit_cnt is equivalent to item_hit_cnt
virtual_runtime_hit_item_num_add((struct virtual_runtime *)virt_rt,
attribute_runtime_hit_item_num_add((struct attribute_runtime *)virt_rt,
thread_id, group_hit_cnt);
virtual_runtime_hit_times_inc((struct virtual_runtime *)virt_rt, thread_id);
attribute_runtime_hit_times_inc((struct attribute_runtime *)virt_rt, thread_id);
}
flag_runtime_hit_times_inc((struct flag_runtime *)flag_rt, thread_id);
@@ -1101,7 +1101,7 @@ flag_scan(struct table_manager *tbl_mgr, int thread_id, long long flag,
static int
interval_scan(struct table_manager *tbl_mgr, int thread_id, long long integer,
int phy_table_id, int vtable_id, struct maat_state *state)
int phy_table_id, int attribute_id, struct maat_state *state)
{
enum table_type table_type =
@@ -1124,26 +1124,26 @@ interval_scan(struct table_manager *tbl_mgr, int thread_id, long long integer,
interval_runtime_scan_times_inc((struct interval_runtime *)interval_rt, thread_id);
void *virt_rt = NULL;
table_type = table_manager_get_table_type(tbl_mgr, vtable_id);
if (table_type == TABLE_TYPE_VIRTUAL) {
virt_rt = table_manager_get_runtime(tbl_mgr, vtable_id);
table_type = table_manager_get_table_type(tbl_mgr, attribute_id);
if (table_type == TABLE_TYPE_ATTRIBUTE) {
virt_rt = table_manager_get_runtime(tbl_mgr, attribute_id);
if (virt_rt != NULL) {
virtual_runtime_scan_times_inc((struct virtual_runtime *)virt_rt,
attribute_runtime_scan_times_inc((struct attribute_runtime *)virt_rt,
thread_id);
}
}
int group_hit_cnt = interval_runtime_scan((struct interval_runtime *)interval_rt,
thread_id, integer, vtable_id, state);
thread_id, integer, attribute_id, state);
if (group_hit_cnt <= 0) {
return group_hit_cnt;
}
if (virt_rt != NULL) {
//Note: group_hit_cnt is equivalent to item_hit_cnt
virtual_runtime_hit_item_num_add((struct virtual_runtime *)virt_rt,
attribute_runtime_hit_item_num_add((struct attribute_runtime *)virt_rt,
thread_id, group_hit_cnt);
virtual_runtime_hit_times_inc((struct virtual_runtime *)virt_rt, thread_id);
attribute_runtime_hit_times_inc((struct attribute_runtime *)virt_rt, thread_id);
}
interval_runtime_hit_times_inc((struct interval_runtime *)interval_rt, thread_id);
@@ -1153,7 +1153,7 @@ interval_scan(struct table_manager *tbl_mgr, int thread_id, long long integer,
static int
ipv4_scan(struct table_manager *tbl_mgr, int thread_id, uint32_t ip_addr,
int port, int phy_table_id, int vtable_id, struct maat_state *state)
int port, int phy_table_id, int attribute_id, struct maat_state *state)
{
enum table_type table_type =
@@ -1170,26 +1170,26 @@ ipv4_scan(struct table_manager *tbl_mgr, int thread_id, uint32_t ip_addr,
ip_runtime_scan_times_inc(ip_rt, thread_id);
void *virt_rt = NULL;
table_type = table_manager_get_table_type(tbl_mgr, vtable_id);
if (table_type == TABLE_TYPE_VIRTUAL) {
virt_rt = table_manager_get_runtime(tbl_mgr, vtable_id);
table_type = table_manager_get_table_type(tbl_mgr, attribute_id);
if (table_type == TABLE_TYPE_ATTRIBUTE) {
virt_rt = table_manager_get_runtime(tbl_mgr, attribute_id);
if (virt_rt != NULL) {
virtual_runtime_scan_times_inc((struct virtual_runtime *)virt_rt,
attribute_runtime_scan_times_inc((struct attribute_runtime *)virt_rt,
thread_id);
}
}
int group_hit_cnt = ip_runtime_scan((struct ip_runtime *)ip_rt, thread_id, IPv4,
(uint8_t *)&ip_addr, port, vtable_id, state);
(uint8_t *)&ip_addr, port, attribute_id, state);
if (group_hit_cnt <= 0) {
return group_hit_cnt;
}
if (virt_rt != NULL) {
//Note: group_hit_cnt is equivalent to item_hit_cnt
virtual_runtime_hit_item_num_add((struct virtual_runtime *)virt_rt,
attribute_runtime_hit_item_num_add((struct attribute_runtime *)virt_rt,
thread_id, group_hit_cnt);
virtual_runtime_hit_times_inc((struct virtual_runtime *)virt_rt, thread_id);
attribute_runtime_hit_times_inc((struct attribute_runtime *)virt_rt, thread_id);
}
ip_runtime_hit_times_inc((struct ip_runtime *)ip_rt, thread_id);
@@ -1199,7 +1199,7 @@ ipv4_scan(struct table_manager *tbl_mgr, int thread_id, uint32_t ip_addr,
static int
ipv6_scan(struct table_manager *tbl_mgr, int thread_id, uint8_t *ip_addr,
int port, int phy_table_id, int vtable_id, struct maat_state *state)
int port, int phy_table_id, int attribute_id, struct maat_state *state)
{
enum table_type table_type =
@@ -1216,26 +1216,26 @@ ipv6_scan(struct table_manager *tbl_mgr, int thread_id, uint8_t *ip_addr,
ip_runtime_scan_times_inc(ip_rt, thread_id);
void *virt_rt = NULL;
table_type = table_manager_get_table_type(tbl_mgr, vtable_id);
if (table_type == TABLE_TYPE_VIRTUAL) {
virt_rt = table_manager_get_runtime(tbl_mgr, vtable_id);
table_type = table_manager_get_table_type(tbl_mgr, attribute_id);
if (table_type == TABLE_TYPE_ATTRIBUTE) {
virt_rt = table_manager_get_runtime(tbl_mgr, attribute_id);
if (virt_rt != NULL) {
virtual_runtime_scan_times_inc((struct virtual_runtime *)virt_rt,
attribute_runtime_scan_times_inc((struct attribute_runtime *)virt_rt,
thread_id);
}
}
int group_hit_cnt = ip_runtime_scan((struct ip_runtime *)ip_rt, thread_id, IPv6,
ip_addr, port, vtable_id, state);
ip_addr, port, attribute_id, state);
if (group_hit_cnt <= 0) {
return group_hit_cnt;
}
if (virt_rt != NULL) {
//Note: group_hit_cnt is equivalent to item_hit_cnt
virtual_runtime_hit_item_num_add((struct virtual_runtime *)virt_rt,
attribute_runtime_hit_item_num_add((struct attribute_runtime *)virt_rt,
thread_id, group_hit_cnt);
virtual_runtime_hit_times_inc((struct virtual_runtime *)virt_rt, thread_id);
attribute_runtime_hit_times_inc((struct attribute_runtime *)virt_rt, thread_id);
}
ip_runtime_hit_times_inc((struct ip_runtime *)ip_rt, thread_id);
@@ -1246,7 +1246,7 @@ ipv6_scan(struct table_manager *tbl_mgr, int thread_id, uint8_t *ip_addr,
static int
string_scan(struct table_manager *tbl_mgr, int thread_id,
const char *data, size_t data_len, int phy_table_id,
int vtable_id, struct maat_state *state)
int attribute_id, struct maat_state *state)
{
enum table_type table_type =
table_manager_get_table_type(tbl_mgr, phy_table_id);
@@ -1269,29 +1269,29 @@ string_scan(struct table_manager *tbl_mgr, int thread_id,
expr_runtime_scan_bytes_add(expr_rt, thread_id, data_len);
void *virt_rt = NULL;
table_type = table_manager_get_table_type(tbl_mgr, vtable_id);
if (table_type == TABLE_TYPE_VIRTUAL) {
virt_rt = table_manager_get_runtime(tbl_mgr, vtable_id);
table_type = table_manager_get_table_type(tbl_mgr, attribute_id);
if (table_type == TABLE_TYPE_ATTRIBUTE) {
virt_rt = table_manager_get_runtime(tbl_mgr, attribute_id);
if (virt_rt != NULL) {
virtual_runtime_scan_times_inc((struct virtual_runtime *)virt_rt,
attribute_runtime_scan_times_inc((struct attribute_runtime *)virt_rt,
thread_id);
virtual_runtime_scan_bytes_add((struct virtual_runtime *)virt_rt,
attribute_runtime_scan_bytes_add((struct attribute_runtime *)virt_rt,
thread_id, data_len);
}
}
int group_hit_cnt = expr_runtime_scan((struct expr_runtime *)expr_rt,
thread_id, data, data_len,
vtable_id, state);
attribute_id, state);
if (group_hit_cnt <= 0) {
return group_hit_cnt;
}
if (virt_rt != NULL) {
//Note: group_hit_cnt is equivalent to item_hit_cnt
virtual_runtime_hit_item_num_add((struct virtual_runtime *)virt_rt,
attribute_runtime_hit_item_num_add((struct attribute_runtime *)virt_rt,
thread_id, group_hit_cnt);
virtual_runtime_hit_times_inc((struct virtual_runtime *)virt_rt, thread_id);
attribute_runtime_hit_times_inc((struct attribute_runtime *)virt_rt, thread_id);
}
expr_runtime_hit_times_inc((struct expr_runtime *)expr_rt, thread_id);
@@ -1342,13 +1342,13 @@ int maat_scan_flag(struct maat *maat_inst, int table_id,
return MAAT_SCAN_OK;
}
int vtable_id = table_id;
int attribute_id = table_id;
int phy_table_id = table_id;
enum table_type table_type = TABLE_TYPE_INVALID;
table_type = table_manager_get_table_type(maat_inst->tbl_mgr, table_id);
if (table_type == TABLE_TYPE_VIRTUAL) {
phy_table_id = vtable_get_physical_table_id(maat_inst->tbl_mgr, table_id);
if (table_type == TABLE_TYPE_ATTRIBUTE) {
phy_table_id = attribute_get_physical_table_id(maat_inst->tbl_mgr, table_id);
}
if (phy_table_id < 0) {
@@ -1364,7 +1364,7 @@ int maat_scan_flag(struct maat *maat_inst, int table_id,
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
int hit_group_cnt = flag_scan(maat_inst->tbl_mgr, state->thread_id, flag,
phy_table_id, vtable_id, state);
phy_table_id, attribute_id, state);
if (hit_group_cnt < 0) {
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
@@ -1426,13 +1426,13 @@ int maat_scan_integer(struct maat *maat_inst, int table_id,
return MAAT_SCAN_OK;
}
int vtable_id = table_id;
int attribute_id = table_id;
int phy_table_id = table_id;
enum table_type table_type = TABLE_TYPE_INVALID;
table_type = table_manager_get_table_type(maat_inst->tbl_mgr, table_id);
if (table_type == TABLE_TYPE_VIRTUAL) {
phy_table_id = vtable_get_physical_table_id(maat_inst->tbl_mgr, table_id);
if (table_type == TABLE_TYPE_ATTRIBUTE) {
phy_table_id = attribute_get_physical_table_id(maat_inst->tbl_mgr, table_id);
}
if (phy_table_id < 0) {
@@ -1449,7 +1449,7 @@ int maat_scan_integer(struct maat *maat_inst, int table_id,
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
int hit_group_cnt = interval_scan(maat_inst->tbl_mgr, state->thread_id, integer,
phy_table_id, vtable_id, state);
phy_table_id, attribute_id, state);
if (hit_group_cnt < 0) {
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
@@ -1511,13 +1511,13 @@ int maat_scan_ipv4_port(struct maat *maat_inst, int table_id, uint32_t ip_addr,
return MAAT_SCAN_OK;
}
int vtable_id = table_id;
int attribute_id = table_id;
int phy_table_id = table_id;
enum table_type table_type = TABLE_TYPE_INVALID;
table_type = table_manager_get_table_type(maat_inst->tbl_mgr, table_id);
if (table_type == TABLE_TYPE_VIRTUAL) {
phy_table_id = vtable_get_physical_table_id(maat_inst->tbl_mgr, table_id);
if (table_type == TABLE_TYPE_ATTRIBUTE) {
phy_table_id = attribute_get_physical_table_id(maat_inst->tbl_mgr, table_id);
}
if (phy_table_id < 0) {
@@ -1533,7 +1533,7 @@ int maat_scan_ipv4_port(struct maat *maat_inst, int table_id, uint32_t ip_addr,
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
int hit_group_cnt = ipv4_scan(maat_inst->tbl_mgr, state->thread_id, ip_addr, port,
phy_table_id, vtable_id, state);
phy_table_id, attribute_id, state);
if (hit_group_cnt < 0) {
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
@@ -1595,13 +1595,13 @@ int maat_scan_ipv6_port(struct maat *maat_inst, int table_id, uint8_t *ip_addr,
return MAAT_SCAN_OK;
}
int vtable_id = table_id;
int attribute_id = table_id;
int phy_table_id = table_id;
enum table_type table_type = TABLE_TYPE_INVALID;
table_type = table_manager_get_table_type(maat_inst->tbl_mgr, table_id);
if (table_type == TABLE_TYPE_VIRTUAL) {
phy_table_id = vtable_get_physical_table_id(maat_inst->tbl_mgr, table_id);
if (table_type == TABLE_TYPE_ATTRIBUTE) {
phy_table_id = attribute_get_physical_table_id(maat_inst->tbl_mgr, table_id);
}
if (phy_table_id < 0) {
@@ -1617,7 +1617,7 @@ int maat_scan_ipv6_port(struct maat *maat_inst, int table_id, uint8_t *ip_addr,
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
int hit_group_cnt = ipv6_scan(maat_inst->tbl_mgr, state->thread_id, ip_addr, port,
phy_table_id, vtable_id, state);
phy_table_id, attribute_id, state);
if (hit_group_cnt < 0) {
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
@@ -1698,13 +1698,13 @@ int maat_scan_string(struct maat *maat_inst, int table_id,
return MAAT_SCAN_OK;
}
int vtable_id = table_id;
int attribute_id = table_id;
int phy_table_id = table_id;
enum table_type table_type = TABLE_TYPE_INVALID;
table_type = table_manager_get_table_type(maat_inst->tbl_mgr, table_id);
if (table_type == TABLE_TYPE_VIRTUAL) {
phy_table_id = vtable_get_physical_table_id(maat_inst->tbl_mgr, table_id);
if (table_type == TABLE_TYPE_ATTRIBUTE) {
phy_table_id = attribute_get_physical_table_id(maat_inst->tbl_mgr, table_id);
}
if (phy_table_id < 0) {
@@ -1720,7 +1720,7 @@ int maat_scan_string(struct maat *maat_inst, int table_id,
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
int hit_group_cnt = string_scan(maat_inst->tbl_mgr, state->thread_id, data,
data_len, phy_table_id, vtable_id, state);
data_len, phy_table_id, attribute_id, state);
if (hit_group_cnt < 0) {
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
@@ -1840,18 +1840,18 @@ int maat_scan_group(struct maat *maat_inst, int table_id,
return MAAT_SCAN_OK;
}
int vtable_id = table_id;
int attribute_id = table_id;
enum table_type table_type = TABLE_TYPE_INVALID;
table_type = table_manager_get_table_type(maat_inst->tbl_mgr, table_id);
if (table_type == TABLE_TYPE_VIRTUAL) {
void *virt_rt = table_manager_get_runtime(maat_inst->tbl_mgr, vtable_id);
if (table_type == TABLE_TYPE_ATTRIBUTE) {
void *virt_rt = table_manager_get_runtime(maat_inst->tbl_mgr, attribute_id);
if (virt_rt != NULL) {
virtual_runtime_scan_times_inc((struct virtual_runtime *)virt_rt,
attribute_runtime_scan_times_inc((struct attribute_runtime *)virt_rt,
state->thread_id);
virtual_runtime_hit_times_inc((struct virtual_runtime *)virt_rt,
attribute_runtime_hit_times_inc((struct attribute_runtime *)virt_rt,
state->thread_id);
virtual_runtime_hit_item_num_add((struct virtual_runtime *)virt_rt,
attribute_runtime_hit_item_num_add((struct attribute_runtime *)virt_rt,
state->thread_id, n_group);
}
}
@@ -1922,14 +1922,14 @@ struct maat_stream *maat_stream_new(struct maat *maat_inst, int table_id,
stream->last_full_version = maat_inst->last_full_version;
stream->thread_id = state->thread_id;
stream->phy_table_id = table_id;
stream->vtable_id = table_id;
stream->attribute_id = table_id;
stream->logger = maat_inst->logger;
enum table_type table_type = TABLE_TYPE_INVALID;
table_type = table_manager_get_table_type(maat_inst->tbl_mgr, table_id);
if (table_type == TABLE_TYPE_VIRTUAL) {
stream->phy_table_id = vtable_get_physical_table_id(maat_inst->tbl_mgr,
if (table_type == TABLE_TYPE_ATTRIBUTE) {
stream->phy_table_id = attribute_get_physical_table_id(maat_inst->tbl_mgr,
table_id);
}
@@ -1993,28 +1993,28 @@ static int expr_stream_scan(struct maat_stream *stream, const char *data,
data_len);
void *virt_rt = NULL;
table_type = table_manager_get_table_type(tbl_mgr, stream->vtable_id);
if (table_type == TABLE_TYPE_VIRTUAL) {
virt_rt = table_manager_get_runtime(tbl_mgr, stream->vtable_id);
table_type = table_manager_get_table_type(tbl_mgr, stream->attribute_id);
if (table_type == TABLE_TYPE_ATTRIBUTE) {
virt_rt = table_manager_get_runtime(tbl_mgr, stream->attribute_id);
if (virt_rt != NULL) {
virtual_runtime_scan_times_inc((struct virtual_runtime *)virt_rt,
attribute_runtime_scan_times_inc((struct attribute_runtime *)virt_rt,
stream->thread_id);
virtual_runtime_scan_bytes_add((struct virtual_runtime *)virt_rt,
attribute_runtime_scan_bytes_add((struct attribute_runtime *)virt_rt,
stream->thread_id, data_len);
}
}
int group_hit_cnt = expr_runtime_stream_scan(stream->expr_rt_stream, data,
data_len, stream->vtable_id, state);
data_len, stream->attribute_id, state);
if (group_hit_cnt <= 0) {
return group_hit_cnt;
}
if (virt_rt != NULL) {
//Note: group_hit_cnt is equivalent to item_hit_cnt
virtual_runtime_hit_item_num_add((struct virtual_runtime *)virt_rt,
attribute_runtime_hit_item_num_add((struct attribute_runtime *)virt_rt,
stream->thread_id, group_hit_cnt);
virtual_runtime_hit_times_inc((struct virtual_runtime *)virt_rt, stream->thread_id);
attribute_runtime_hit_times_inc((struct attribute_runtime *)virt_rt, stream->thread_id);
}
expr_runtime_stream_hit_times_inc(stream->expr_rt_stream, stream->thread_id);
@@ -2200,13 +2200,13 @@ int maat_state_set_scan_district(struct maat_state *state, int table_id,
enum table_type table_type = TABLE_TYPE_INVALID;
table_type = table_manager_get_table_type(maat_inst->tbl_mgr, table_id);
if (table_type != TABLE_TYPE_FLAG_PLUS && table_type != TABLE_TYPE_EXPR_PLUS &&
table_type != TABLE_TYPE_INTERVAL_PLUS && table_type != TABLE_TYPE_VIRTUAL) {
table_type != TABLE_TYPE_INTERVAL_PLUS && table_type != TABLE_TYPE_ATTRIBUTE) {
return -1;
}
int phy_table_id = table_id;
if (table_type == TABLE_TYPE_VIRTUAL) {
phy_table_id = vtable_get_physical_table_id(maat_inst->tbl_mgr, table_id);
if (table_type == TABLE_TYPE_ATTRIBUTE) {
phy_table_id = attribute_get_physical_table_id(maat_inst->tbl_mgr, table_id);
}
int ret = -1;

104
src/maat_virtual.c → src/maat_attribute.c
View File

@@ -1,6 +1,6 @@
/*
**********************************************************************************************
* File: maat_virtual.c
* File: maat_attribute.c
* Description:
* Authors: Liu WenTan <liuwentan@geedgenetworks.com>
* Date: 2022-10-31
@@ -17,15 +17,15 @@
#include "maat_core.h"
#include "maat_table.h"
#define MODULE_VIRTUAL module_name_str("maat.virtual")
#define MODULE_ATTRIBUTE module_name_str("maat.attribute")
struct virtual_schema {
int vtable_id;
struct attribute_schema {
int attribute_id;
int physical_table_id;
struct table_manager *ref_tbl_mgr;
};
struct virtual_runtime {
struct attribute_runtime {
size_t n_worker_thread;
long long *scan_times;
long long *scan_bytes;
@@ -34,33 +34,33 @@ struct virtual_runtime {
long long *hit_item_num;
};
void *virtual_schema_new(cJSON *json, struct table_manager *tbl_mgr,
void *attribute_schema_new(cJSON *json, struct table_manager *tbl_mgr,
const char *table_name, struct log_handle *logger)
{
struct virtual_schema *schema = ALLOC(struct virtual_schema, 1);
struct attribute_schema *schema = ALLOC(struct attribute_schema, 1);
schema->ref_tbl_mgr = tbl_mgr;
cJSON *item = cJSON_GetObjectItem(json, "table_id");
if (NULL == item || item->type != cJSON_Number) {
log_fatal(logger, MODULE_VIRTUAL,
"[%s:%d] virtual table:<%s> schema has no table_id column",
log_fatal(logger, MODULE_ATTRIBUTE,
"[%s:%d] attribute:<%s> schema has no table_id column",
__FUNCTION__, __LINE__, table_name);
goto error;
}
schema->vtable_id = item->valueint;
schema->attribute_id = item->valueint;
item = cJSON_GetObjectItem(json, "physical_table");
if (NULL == item || item->type != cJSON_String) {
log_fatal(logger, MODULE_VIRTUAL,
"[%s:%d] virtual table:<%s> schema has no physical_table column",
log_fatal(logger, MODULE_ATTRIBUTE,
"[%s:%d] attribute:<%s> schema has no physical_table column",
__FUNCTION__, __LINE__, table_name);
goto error;
}
schema->physical_table_id = table_manager_get_table_id(tbl_mgr, item->valuestring);
if (schema->physical_table_id < 0) {
log_fatal(logger, MODULE_VIRTUAL,
"[%s:%d] virtual table:<%s>'s physical table:<%s> unregistered.",
log_fatal(logger, MODULE_ATTRIBUTE,
"[%s:%d] attribute:<%s>'s physical table:<%s> unregistered.",
__FUNCTION__, __LINE__, table_name, item->valuestring);
goto error;
}
@@ -71,20 +71,20 @@ error:
return NULL;
}
void virtual_schema_free(void *virtual_schema)
void attribute_schema_free(void *attribute_schema)
{
FREE(virtual_schema);
FREE(attribute_schema);
}
void *virtual_runtime_new(void *virtual_schema, size_t max_thread_num,
void *attribute_runtime_new(void *attribute_schema, size_t max_thread_num,
struct maat_garbage_bin *garbage_bin,
struct log_handle *logger)
{
if (NULL == virtual_schema) {
if (NULL == attribute_schema) {
return NULL;
}
struct virtual_runtime *virt_rt = ALLOC(struct virtual_runtime, 1);
struct attribute_runtime *virt_rt = ALLOC(struct attribute_runtime, 1);
virt_rt->n_worker_thread = max_thread_num;
virt_rt->scan_times = alignment_int64_array_alloc(max_thread_num);
@@ -96,13 +96,13 @@ void *virtual_runtime_new(void *virtual_schema, size_t max_thread_num,
return virt_rt;
}
void virtual_runtime_free(void *virtual_runtime)
void attribute_runtime_free(void *attribute_runtime)
{
if (NULL == virtual_runtime) {
if (NULL == attribute_runtime) {
return;
}
struct virtual_runtime *virt_rt = (struct virtual_runtime *)virtual_runtime;
struct attribute_runtime *virt_rt = (struct attribute_runtime *)attribute_runtime;
if (virt_rt->scan_times != NULL) {
alignment_int64_array_free(virt_rt->scan_times);
@@ -132,7 +132,7 @@ void virtual_runtime_free(void *virtual_runtime)
FREE(virt_rt);
}
void virtual_runtime_scan_bytes_add(struct virtual_runtime *virt_rt,
void attribute_runtime_scan_bytes_add(struct attribute_runtime *virt_rt,
int thread_id, long long val)
{
if (NULL == virt_rt || thread_id < 0) {
@@ -142,13 +142,13 @@ void virtual_runtime_scan_bytes_add(struct virtual_runtime *virt_rt,
alignment_int64_array_add(virt_rt->scan_bytes, thread_id, val);
}
long long virtual_runtime_scan_bytes(void *virtual_runtime)
long long attribute_runtime_scan_bytes(void *attribute_runtime)
{
if (NULL == virtual_runtime) {
if (NULL == attribute_runtime) {
return 0;
}
struct virtual_runtime *virt_rt = (struct virtual_runtime *)virtual_runtime;
struct attribute_runtime *virt_rt = (struct attribute_runtime *)attribute_runtime;
long long sum = alignment_int64_array_sum(virt_rt->scan_bytes,
virt_rt->n_worker_thread);
alignment_int64_array_reset(virt_rt->scan_bytes,
@@ -157,7 +157,7 @@ long long virtual_runtime_scan_bytes(void *virtual_runtime)
return sum;
}
void virtual_runtime_scan_times_inc(struct virtual_runtime *virt_rt,
void attribute_runtime_scan_times_inc(struct attribute_runtime *virt_rt,
int thread_id)
{
if (NULL == virt_rt || thread_id < 0) {
@@ -167,13 +167,13 @@ void virtual_runtime_scan_times_inc(struct virtual_runtime *virt_rt,
alignment_int64_array_add(virt_rt->scan_times, thread_id, 1);
}
long long virtual_runtime_scan_times(void *virtual_runtime)
long long attribute_runtime_scan_times(void *attribute_runtime)
{
if (NULL == virtual_runtime) {
if (NULL == attribute_runtime) {
return 0;
}
struct virtual_runtime *virt_rt = (struct virtual_runtime *)virtual_runtime;
struct attribute_runtime *virt_rt = (struct attribute_runtime *)attribute_runtime;
long long sum = alignment_int64_array_sum(virt_rt->scan_times,
virt_rt->n_worker_thread);
alignment_int64_array_reset(virt_rt->scan_times,
@@ -182,13 +182,13 @@ long long virtual_runtime_scan_times(void *virtual_runtime)
return sum;
}
long long virtual_runtime_scan_cpu_time(void *virtual_runtime)
long long attribute_runtime_scan_cpu_time(void *attribute_runtime)
{
if (NULL == virtual_runtime) {
if (NULL == attribute_runtime) {
return 0;
}
struct virtual_runtime *virt_rt = (struct virtual_runtime *)virtual_runtime;
struct attribute_runtime *virt_rt = (struct attribute_runtime *)attribute_runtime;
long long sum = alignment_int64_array_sum(virt_rt->scan_cpu_time,
virt_rt->n_worker_thread);
alignment_int64_array_reset(virt_rt->scan_cpu_time,
@@ -197,7 +197,7 @@ long long virtual_runtime_scan_cpu_time(void *virtual_runtime)
return sum;
}
void virtual_runtime_hit_times_inc(struct virtual_runtime *virt_rt,
void attribute_runtime_hit_times_inc(struct attribute_runtime *virt_rt,
int thread_id)
{
if (NULL == virt_rt || thread_id < 0) {
@@ -207,13 +207,13 @@ void virtual_runtime_hit_times_inc(struct virtual_runtime *virt_rt,
alignment_int64_array_add(virt_rt->hit_times, thread_id, 1);
}
long long virtual_runtime_hit_times(void *virtual_runtime)
long long attribute_runtime_hit_times(void *attribute_runtime)
{
if (NULL == virtual_runtime) {
if (NULL == attribute_runtime) {
return 0;
}
struct virtual_runtime *virt_rt = (struct virtual_runtime *)virtual_runtime;
struct attribute_runtime *virt_rt = (struct attribute_runtime *)attribute_runtime;
long long sum = alignment_int64_array_sum(virt_rt->hit_times,
virt_rt->n_worker_thread);
alignment_int64_array_reset(virt_rt->hit_times,
@@ -222,7 +222,7 @@ long long virtual_runtime_hit_times(void *virtual_runtime)
return sum;
}
void virtual_runtime_hit_item_num_add(struct virtual_runtime *virt_rt,
void attribute_runtime_hit_item_num_add(struct attribute_runtime *virt_rt,
int thread_id, long long val)
{
if (NULL == virt_rt || thread_id < 0) {
@@ -232,13 +232,13 @@ void virtual_runtime_hit_item_num_add(struct virtual_runtime *virt_rt,
alignment_int64_array_add(virt_rt->hit_item_num, thread_id, val);
}
long long virtual_runtime_hit_item_num(void *virtual_runtime)
long long attribute_runtime_hit_item_num(void *attribute_runtime)
{
if (NULL == virtual_runtime) {
if (NULL == attribute_runtime) {
return 0;
}
struct virtual_runtime *virt_rt = (struct virtual_runtime *)virtual_runtime;
struct attribute_runtime *virt_rt = (struct attribute_runtime *)attribute_runtime;
long long sum = alignment_int64_array_sum(virt_rt->hit_item_num,
virt_rt->n_worker_thread);
alignment_int64_array_reset(virt_rt->hit_item_num,
@@ -247,27 +247,17 @@ long long virtual_runtime_hit_item_num(void *virtual_runtime)
return sum;
}
static int virtual_table_get_physical_table_id(void *virtual_schema)
{
if (NULL == virtual_schema) {
return 0;
}
struct virtual_schema *schema = (struct virtual_schema *)virtual_schema;
return schema->physical_table_id;
}
int vtable_get_physical_table_id(struct table_manager *tbl_mgr, int table_id)
int attribute_get_physical_table_id(struct table_manager *tbl_mgr, int table_id)
{
enum table_type table_type = table_manager_get_table_type(tbl_mgr, table_id);
if (table_type != TABLE_TYPE_VIRTUAL) {
if (table_type != TABLE_TYPE_ATTRIBUTE) {
return -1;
}
// find physical table id
void *virtual_schema = table_manager_get_schema(tbl_mgr, table_id);
assert(virtual_schema != NULL);
return virtual_table_get_physical_table_id(virtual_schema);
struct attribute_schema *attribute_schema = table_manager_get_schema(tbl_mgr, table_id);
assert(attribute_schema != NULL);
return attribute_schema->physical_table_id;
}

8
src/maat_expr.c
View File

@@ -951,7 +951,7 @@ long long expr_runtime_get_version(void *expr_runtime)
int expr_runtime_scan(struct expr_runtime *expr_rt, int thread_id,
const char *data, size_t data_len,
int vtable_id, struct maat_state *state)
int attribute_id, struct maat_state *state)
{
//clear rule_state->last_hit_group
if (state != NULL && state->rule_state != NULL) {
@@ -1019,7 +1019,7 @@ next:
state->thread_id, 1);
}
return rule_state_update(state->rule_state, state->maat_inst, vtable_id,
return rule_state_update(state->rule_state, state->maat_inst, attribute_id,
state->rule_table_id, state->Nth_scan,
hit_maat_items, real_hit_item_num);
}
@@ -1045,7 +1045,7 @@ expr_runtime_stream_open(struct expr_runtime *expr_rt, int thread_id)
int expr_runtime_stream_scan(struct expr_runtime_stream *expr_rt_stream,
const char *data, size_t data_len,
int vtable_id, struct maat_state *state)
int attribute_id, struct maat_state *state)
{
struct expr_runtime *expr_rt = expr_rt_stream->ref_expr_rt;
@@ -1113,7 +1113,7 @@ next:
state->thread_id, 1);
}
return rule_state_update(state->rule_state, state->maat_inst, vtable_id,
return rule_state_update(state->rule_state, state->maat_inst, attribute_id,
state->rule_table_id, state->Nth_scan,
hit_maat_items, real_hit_item_cnt);
}

4
src/maat_flag.c
View File

@@ -553,7 +553,7 @@ long long flag_runtime_rule_count(void *flag_runtime)
}
int flag_runtime_scan(struct flag_runtime *flag_rt, int thread_id,
long long flag, int vtable_id, struct maat_state *state)
long long flag, int attribute_id, struct maat_state *state)
{
//clear rule_state->last_hit_group
if (state != NULL && state->rule_state != NULL) {
@@ -615,7 +615,7 @@ next:
state->thread_id, 1);
}
return rule_state_update(state->rule_state, state->maat_inst, vtable_id,
return rule_state_update(state->rule_state, state->maat_inst, attribute_id,
state->rule_table_id, state->Nth_scan,
hit_maat_items, real_hit_item_cnt);
}

4
src/maat_interval.c
View File

@@ -542,7 +542,7 @@ long long interval_runtime_rule_count(void *interval_runtime)
}
int interval_runtime_scan(struct interval_runtime *interval_rt, int thread_id,
long long integer, int vtable_id, struct maat_state *state)
long long integer, int attribute_id, struct maat_state *state)
{
//clear rule_state->last_hit_group
if (state != NULL && state->rule_state != NULL) {
@@ -604,7 +604,7 @@ next:
state->thread_id, 1);
}
return rule_state_update(state->rule_state, state->maat_inst, vtable_id,
return rule_state_update(state->rule_state, state->maat_inst, attribute_id,
state->rule_table_id, state->Nth_scan,
hit_maat_items, real_hit_item_cnt);
}

4
src/maat_ip.c
View File

@@ -520,7 +520,7 @@ long long ip_runtime_ipv6_rule_count(void *ip_runtime)
}
int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type,
uint8_t *ip_addr, int port, int vtable_id, struct maat_state *state)
uint8_t *ip_addr, int port, int attribute_id, struct maat_state *state)
{
//clear rule_state->last_hit_group
if (state != NULL && state->rule_state != NULL) {
@@ -599,7 +599,7 @@ next:
state->thread_id, 1);
}
return rule_state_update(state->rule_state, state->maat_inst, vtable_id,
return rule_state_update(state->rule_state, state->maat_inst, attribute_id,
state->rule_table_id, state->Nth_scan,
hit_maat_items, real_hit_item_cnt);
}

2
src/maat_redis_monitor.c
View File

@@ -22,7 +22,7 @@
#include "maat_config_monitor.h"
#include "maat_redis_monitor.h"
#include "maat_plugin.h"
#include "maat_virtual.h"
#include "maat_attribute.h"
#define MODULE_REDIS_MONITOR module_name_str("maat.redis_monitor")

148
src/maat_rule.c
View File

@@ -48,7 +48,7 @@ struct group2rule_schema {
int group_id_column;
int rule_id_column;
int not_flag_column;
int vtable_name_column;
int attribute_name_column;
int clause_index_column;
int asso_rule_table_id; //asso is abbreviation for associated
int table_id;
@@ -66,13 +66,13 @@ struct group2rule_item {
UT_array *group_ids;
long long rule_id;
int not_flag;
int vtable_id;
int attribute_id;
int clause_index;
};
struct clause_query_key {
long long group_id;
int vtable_id;
int attribute_id;
int not_flag;
};
@@ -83,7 +83,7 @@ struct clause_id_kv {
};
struct table_clause {
int vtable_id;
int attribute_id;
int actual_clause_num;
UT_array *clause_ids;
UT_array *group_ids;
@@ -91,7 +91,7 @@ struct table_clause {
};
struct table_group {
int vtable_id;
int attribute_id;
UT_array *group_ids;
UT_hash_handle hh;
};
@@ -117,13 +117,13 @@ struct group2rule_runtime {
long long rule_num;
long long update_err_cnt;
struct rule_runtime *ref_rule_rt;
struct table_clause *tbl_not_clause_hash; //each virtual table's not clause number <= MAX_NOT_CLAUSE_NUM
struct table_clause *tbl_not_clause_hash; //each attribute's not clause number <= MAX_NOT_CLAUSE_NUM
};
struct clause_literal {
long long group_ids[MAX_GROUP_CNT];
int group_cnt;
int vtable_id;
int attribute_id;
};
struct rule_clause {
@@ -154,7 +154,7 @@ struct internal_hit_path {
long long item_id;
long long group_id;
int Nth_scan;
int vtable_id;
int attribute_id;
int NOT_flag; // 1 means NOT clause
};
@@ -479,12 +479,12 @@ void *group2rule_schema_new(cJSON *json, struct table_manager *tbl_mgr,
goto error;
}
custom_item = cJSON_GetObjectItem(item, "virtual_table_name");
custom_item = cJSON_GetObjectItem(item, "attribute_name");
if (custom_item != NULL && custom_item->type == cJSON_Number) {
g2c_schema->vtable_name_column = custom_item->valueint;
g2c_schema->attribute_name_column = custom_item->valueint;
} else {
log_fatal(logger, MODULE_RULE,
"[%s:%d] table: <%s> schema has no virtual_table_name column",
"[%s:%d] table: <%s> schema has no attribute_name column",
__FUNCTION__, __LINE__, table_name);
goto error;
}
@@ -691,7 +691,7 @@ group2rule_item_new(const char *line, struct group2rule_schema *g2c_schema,
{
size_t column_offset = 0;
size_t column_len = 0;
char vtable_name[MAX_NAME_STR_LEN + 1] = {0};
char attribute_name[MAX_NAME_STR_LEN + 1] = {0};
struct group2rule_item *g2c_item = ALLOC(struct group2rule_item, 1);
utarray_new(g2c_item->group_ids, &ut_rule_group_id_icd);
@@ -750,33 +750,33 @@ group2rule_item_new(const char *line, struct group2rule_schema *g2c_schema,
goto error;
}
ret = get_column_pos(line, g2c_schema->vtable_name_column, &column_offset,
ret = get_column_pos(line, g2c_schema->attribute_name_column, &column_offset,
&column_len);
if (ret < 0) {
log_fatal(logger, MODULE_RULE,
"[%s:%d] g2c table:<%s> has no virtual_table_name in line:%s",
"[%s:%d] g2c table:<%s> has no attribute_name in line:%s",
__FUNCTION__, __LINE__, table_name, line);
goto error;
}
if (column_len > MAX_NAME_STR_LEN) {
log_fatal(logger, MODULE_RULE,
"[%s:%d] g2c table:<%s> virtual_table_name length exceed "
"[%s:%d] g2c table:<%s> attribute_name length exceed "
"maxium:%d in line:%s", __FUNCTION__, __LINE__, table_name,
MAX_NAME_STR_LEN, line);
goto error;
}
memset(vtable_name, 0, sizeof(vtable_name));
memcpy(vtable_name, (line + column_offset), column_len);
memset(attribute_name, 0, sizeof(attribute_name));
memcpy(attribute_name, (line + column_offset), column_len);
if (is_valid_table_name(vtable_name)) {
g2c_item->vtable_id = table_manager_get_table_id(g2c_schema->ref_tbl_mgr,
vtable_name);
if (g2c_item->vtable_id < 0) {
if (is_valid_table_name(attribute_name)) {
g2c_item->attribute_id = table_manager_get_table_id(g2c_schema->ref_tbl_mgr,
attribute_name);
if (g2c_item->attribute_id < 0) {
log_fatal(logger, MODULE_RULE,
"[%s:%d] g2c table:<%s> has unknown virtual table:%s in line:%s",
__FUNCTION__, __LINE__, table_name, vtable_name, line);
"[%s:%d] g2c table:<%s> has unknown attribute:%s in line:%s",
__FUNCTION__, __LINE__, table_name, attribute_name, line);
goto error;
}
}
@@ -823,7 +823,7 @@ static void rule_clause_add_literal(struct rule_clause *clause,
struct group2rule_item *g2c_item)
{
struct clause_literal tmp_literal;
tmp_literal.vtable_id = g2c_item->vtable_id;
tmp_literal.attribute_id = g2c_item->attribute_id;
tmp_literal.group_cnt = utarray_len(g2c_item->group_ids);
utarray_sort(g2c_item->group_ids, compare_group_id);
@@ -840,7 +840,7 @@ void rule_clause_remove_literal(struct rule_clause *clause,
for (size_t i = 0; i < utarray_len(clause->literals); i++) {
tmp_literal = (struct clause_literal *)utarray_eltptr(clause->literals, i);
if (tmp_literal->vtable_id == g2c_item->vtable_id) {
if (tmp_literal->attribute_id == g2c_item->attribute_id) {
size_t remove_idx = utarray_eltidx(clause->literals, tmp_literal);
utarray_erase(clause->literals, remove_idx, 1);
break;
@@ -857,7 +857,7 @@ static int maat_rule_clause_find_literal(struct maat_rule *rule,
for (size_t i = 0; i < utarray_len(clause->literals); i++) {
tmp_literal = (struct clause_literal *)utarray_eltptr(clause->literals, i);
if (tmp_literal->vtable_id == g2c_item->vtable_id) {
if (tmp_literal->attribute_id == g2c_item->attribute_id) {
found = 1;
}
}
@@ -944,7 +944,7 @@ maat_rule_bool_matcher_new(struct rule_runtime *rule_rt,
for (size_t it = 0; it < tmp_cl->group_cnt; it++) {
printf("<before bool_matcher_new> rule_rt:%p rule_id:%lld, clause_id:%llu, clause_query_key{%lld: %d, %d}\n",
rule_rt, iter_rule->rule_id, iter_rule->clauses[i].clause_id, tmp_cl->group_ids[it],
tmp_cl->vtable_id, iter_rule->clauses[i].not_flag);
tmp_cl->attribute_id, iter_rule->clauses[i].not_flag);
}
}
#endif
@@ -1011,7 +1011,7 @@ static inline int compare_hit_group(const void *pa, const void *pb)
if (0 == ret) {
ret = la->group_id - lb->group_id;
if (0 == ret) {
ret = la->vtable_id - lb->vtable_id;
ret = la->attribute_id - lb->attribute_id;
}
}
@@ -1076,7 +1076,7 @@ build_clause_id_kv_hash(struct rule_runtime *rule_rt, int not_flag)
for (size_t k = 0; k < tmp_cl->group_cnt; k++) {
struct clause_query_key key =
{tmp_cl->group_ids[k], tmp_cl->vtable_id, clause->not_flag};
{tmp_cl->group_ids[k], tmp_cl->attribute_id, clause->not_flag};
struct clause_id_kv *clause_id_kv = NULL;
HASH_FIND(hh, clause_id_kv_hash, &key, sizeof(struct clause_query_key),
@@ -1283,9 +1283,9 @@ static int maat_add_group_to_rule(struct rcu_hash_table *hash_tbl,
ret = maat_rule_clause_find_literal(rule, g2c_item);
if (ret > 0) {
log_fatal(logger, MODULE_RULE,
"[%s:%d]rule:%lld clause(index:%d) already has vtable_id:%d's "
"[%s:%d]rule:%lld clause(index:%d) already has attribute_id:%d's "
"literal, can't add again", __FUNCTION__, __LINE__, rule->rule_id,
g2c_item->clause_index, g2c_item->vtable_id);
g2c_item->clause_index, g2c_item->attribute_id);
return -1;
}
/* rule found in updating hash(added by rule runtime), it can
@@ -1314,9 +1314,9 @@ static int maat_add_group_to_rule(struct rcu_hash_table *hash_tbl,
ret = maat_rule_clause_find_literal(rule, g2c_item);
if (ret > 0) {
log_fatal(logger, MODULE_RULE,
"[%s:%d]rule:%lld clause(index:%d) already has vtable_id:%d's "
"[%s:%d]rule:%lld clause(index:%d) already has attribute_id:%d's "
"literal, can't add again", __FUNCTION__, __LINE__, rule->rule_id,
g2c_item->clause_index, g2c_item->vtable_id);
g2c_item->clause_index, g2c_item->attribute_id);
return -1;
}
@@ -1362,9 +1362,9 @@ static int maat_remove_group_from_rule(struct rcu_hash_table *hash_tbl,
ret = maat_rule_clause_find_literal(rule, g2c_item);
if (0 == ret) {
log_fatal(logger, MODULE_RULE,
"[%s:%d]rule:%lld clause(index:%d) has no vtable_id:%d's "
"[%s:%d]rule:%lld clause(index:%d) has no attribute_id:%d's "
"literal, can't be removed", __FUNCTION__, __LINE__,
rule->rule_id, g2c_item->clause_index, g2c_item->vtable_id);
rule->rule_id, g2c_item->clause_index, g2c_item->attribute_id);
return -1;
}
@@ -1381,9 +1381,9 @@ static int maat_remove_group_from_rule(struct rcu_hash_table *hash_tbl,
ret = maat_rule_clause_find_literal(rule, g2c_item);
if (0 == ret) {
log_fatal(logger, MODULE_RULE,
"[%s:%d]rule:%lld clause(index:%d) has no vtable_id:%d's "
"[%s:%d]rule:%lld clause(index:%d) has no attribute_id:%d's "
"literal, can't be removed", __FUNCTION__, __LINE__,
rule->rule_id, g2c_item->clause_index, g2c_item->vtable_id);
rule->rule_id, g2c_item->clause_index, g2c_item->attribute_id);
return -1;
}
@@ -1570,7 +1570,7 @@ void rule_state_free(struct rule_state *rule_state,
static void
rule_state_add_internal_hit_path(struct rule_state *rule_state,
long long item_id, long long group_id,
int vtable_id, int NOT_flag, int Nth_scan)
int attribute_id, int NOT_flag, int Nth_scan)
{
if (NULL == rule_state) {
return;
@@ -1580,7 +1580,7 @@ rule_state_add_internal_hit_path(struct rule_state *rule_state,
new_path.item_id = item_id;
new_path.Nth_scan = Nth_scan;
new_path.group_id = group_id;
new_path.vtable_id = vtable_id;
new_path.attribute_id = attribute_id;
new_path.NOT_flag = NOT_flag;
utarray_push_back(rule_state->internal_hit_paths, &new_path);
@@ -1598,7 +1598,7 @@ static int maat_rule_has_clause_query_key(struct maat_rule *rule,
struct clause_literal *tmp_cl = NULL;
for (size_t j = 0; j < utarray_len(clause->literals); j++) {
tmp_cl = (struct clause_literal *)utarray_eltptr(clause->literals, j);
if (tmp_cl->vtable_id != key->vtable_id) {
if (tmp_cl->attribute_id != key->attribute_id) {
continue;
}
@@ -1620,7 +1620,7 @@ static int maat_rule_has_clause_query_key(struct maat_rule *rule,
static size_t
maat_rule_get_hit_clause_index(struct maat_rule *rule,
int vtable_id, long long hit_group_id,
int attribute_id, long long hit_group_id,
int *clause_idx_array, size_t array_size)
{
size_t hit_clause_cnt = 0;
@@ -1635,7 +1635,7 @@ maat_rule_get_hit_clause_index(struct maat_rule *rule,
struct clause_literal *tmp_cl = NULL;
for (size_t j = 0; j < utarray_len(tmp_clause->literals); j++) {
tmp_cl = (struct clause_literal *)utarray_eltptr(tmp_clause->literals, j);
if (tmp_cl->vtable_id != vtable_id) {
if (tmp_cl->attribute_id != attribute_id) {
continue;
}
@@ -1685,7 +1685,7 @@ void populate_hit_path_with_rule(struct maat_hit_path *hit_path_array,
hit_path_array[idx].rule_id = rule->rule_id;
// find out which clause in rule hit
n_clause_index =
maat_rule_get_hit_clause_index(rule, hit_path_array[idx].vtable_id,
maat_rule_get_hit_clause_index(rule, hit_path_array[idx].attribute_id,
hit_path_array[idx].top_group_id,
clause_index_array,
MAX_ITEMS_PER_BOOL_EXPR);
@@ -1706,7 +1706,7 @@ void populate_hit_path_with_rule(struct maat_hit_path *hit_path_array,
hit_path_array[n_hit_path + new_hit_path_cnt] = tmp_path;
new_hit_path_cnt++;
n_clause_index =
maat_rule_get_hit_clause_index(rule, tmp_path.vtable_id, tmp_path.top_group_id,
maat_rule_get_hit_clause_index(rule, tmp_path.attribute_id, tmp_path.top_group_id,
clause_index_array, MAX_ITEMS_PER_BOOL_EXPR);
hit_path_array[n_hit_path + new_hit_path_cnt - 1].clause_index = clause_index_array[0];
if (n_clause_index > 1) {
@@ -1760,7 +1760,7 @@ size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id,
key.group_id = hit_path_array[j].top_group_id;
}
key.vtable_id = hit_path_array[j].vtable_id;
key.attribute_id = hit_path_array[j].attribute_id;
key.not_flag = hit_path_array[j].NOT_flag;
if (maat_rule_has_clause_query_key(rule, &key)) {
populate_hit_path_with_rule(hit_path_array, j, n_hit_path,
@@ -1775,7 +1775,7 @@ size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id,
static void
rule_state_add_direct_hit_groups(struct rule_state *rule_state,
struct maat_item *hit_items,
size_t n_hit_items, int vtable_id)
size_t n_hit_items, int attribute_id)
{
if (NULL == rule_state || NULL == hit_items) {
return;
@@ -1785,7 +1785,7 @@ rule_state_add_direct_hit_groups(struct rule_state *rule_state,
for (size_t i = 0; i < n_hit_items; i++) {
hit_group.item_id = hit_items[i].item_id;
hit_group.group_id = hit_items[i].group_id;
hit_group.vtable_id = vtable_id;
hit_group.attribute_id = attribute_id;
utarray_push_back(rule_state->direct_hit_groups, &hit_group);
}
}
@@ -1793,7 +1793,7 @@ rule_state_add_direct_hit_groups(struct rule_state *rule_state,
static void
rule_state_add_indirect_hit_groups(struct rule_state *rule_state,
long long *group_ids,
size_t n_group_ids, int vtable_id)
size_t n_group_ids, int attribute_id)
{
if (NULL == rule_state || NULL == group_ids) {
return;
@@ -1803,7 +1803,7 @@ rule_state_add_indirect_hit_groups(struct rule_state *rule_state,
for (size_t i = 0; i < n_group_ids; i++) {
hit_group.item_id = 0;
hit_group.group_id = group_ids[i];
hit_group.vtable_id = vtable_id;
hit_group.attribute_id = attribute_id;
utarray_push_back(rule_state->indirect_hit_groups, &hit_group);
}
}
@@ -1887,13 +1887,13 @@ rule_state_add_hit_not_clauses(struct rule_state *rule_state,
static void
rule_state_update_hit_clauses(struct rule_state *rule_state,
struct rule_runtime *rule_rt,
long long group_id, int vtable_id)
long long group_id, int attribute_id)
{
if (NULL == rule_state || NULL == rule_rt) {
return;
}
struct clause_query_key key = {group_id, vtable_id, 0};
struct clause_query_key key = {group_id, attribute_id, 0};
struct clause_id_kv *clause_id_kv = NULL;
HASH_FIND(hh, rule_rt->clause_id_kv_hash, &key, sizeof(key), clause_id_kv);
@@ -1912,7 +1912,7 @@ static void
rule_state_cache_hit_not_groups(struct rule_state *rule_state,
struct rule_runtime *rule_rt,
long long *hit_group_ids,
size_t n_hit_group_id, int vtable_id)
size_t n_hit_group_id, int attribute_id)
{
if (NULL == rule_state || NULL == rule_rt) {
return;
@@ -1923,7 +1923,7 @@ rule_state_cache_hit_not_groups(struct rule_state *rule_state,
}
struct table_group *tbl_group = NULL;
HASH_FIND(hh, rule_state->hit_not_tbl_groups, &vtable_id, sizeof(int), tbl_group);
HASH_FIND(hh, rule_state->hit_not_tbl_groups, &attribute_id, sizeof(int), tbl_group);
if (tbl_group != NULL) {
for (size_t i = 0; i < n_hit_group_id; i++) {
long long *group_id = (long long *)utarray_find(tbl_group->group_ids,
@@ -1939,7 +1939,7 @@ rule_state_cache_hit_not_groups(struct rule_state *rule_state,
struct clause_id_kv *clause_id_kv = NULL, *tmp_clause_id_kv = NULL;
HASH_ITER(hh, rule_rt->not_clause_id_kv_hash, clause_id_kv, tmp_clause_id_kv) {
if (clause_id_kv->key.vtable_id != vtable_id) {
if (clause_id_kv->key.attribute_id != attribute_id) {
continue;
}
@@ -1952,9 +1952,9 @@ rule_state_cache_hit_not_groups(struct rule_state *rule_state,
if (NULL == tbl_group) {
tbl_group = ALLOC(struct table_group, 1);
tbl_group->vtable_id = vtable_id;
tbl_group->attribute_id = attribute_id;
utarray_new(tbl_group->group_ids, &ut_rule_group_id_icd);
HASH_ADD_INT(rule_state->hit_not_tbl_groups, vtable_id, tbl_group);
HASH_ADD_INT(rule_state->hit_not_tbl_groups, attribute_id, tbl_group);
}
if (!utarray_find(tbl_group->group_ids, &(clause_id_kv->key.group_id),
@@ -2189,9 +2189,9 @@ static int validate_table_not_clause(struct group2rule_runtime *g2c_rt,
//add
if (NULL == not_clause) {
not_clause = ALLOC(struct table_clause, 1);
not_clause->vtable_id = table_id;
not_clause->attribute_id = table_id;
not_clause->actual_clause_num++;
HASH_ADD_INT(g2c_rt->tbl_not_clause_hash, vtable_id, not_clause);
HASH_ADD_INT(g2c_rt->tbl_not_clause_hash, attribute_id, not_clause);
} else {
if (not_clause->actual_clause_num >= MAX_NOT_CLAUSE_NUM) {
const char *table_name = table_manager_get_table_name(tbl_mgr, table_id);
@@ -2239,7 +2239,7 @@ int group2rule_runtime_update(void *g2c_runtime, void *g2c_schema,
if (1 == g2c_item->not_flag) {
ret = validate_table_not_clause(g2c_rt, schema->ref_tbl_mgr,
g2c_item->vtable_id, is_valid,
g2c_item->attribute_id, is_valid,
rule_rt->logger);
if (ret < 0) {
log_fatal(rule_rt->logger, MODULE_RULE,
@@ -2478,7 +2478,7 @@ int rule_runtime_match(struct rule_runtime *rule_rt, long long *rule_ids,
}
int rule_state_update(struct rule_state *rule_state, struct maat *maat_inst,
int vtable_id, int custom_rule_tbl_id, int Nth_scan,
int attribute_id, int custom_rule_tbl_id, int Nth_scan,
struct maat_item *hit_items, size_t n_hit_item)
{
size_t i = 0, j = 0;
@@ -2495,7 +2495,7 @@ int rule_state_update(struct rule_state *rule_state, struct maat *maat_inst,
hit_group.item_id = hit_items[i].item_id;
hit_group.group_id = hit_items[i].group_id;
hit_group.vtable_id = vtable_id;
hit_group.attribute_id = attribute_id;
utarray_push_back(rule_state->last_hit_groups, &hit_group);
}
@@ -2509,21 +2509,21 @@ int rule_state_update(struct rule_state *rule_state, struct maat *maat_inst,
for (i = 0; i < super_group_cnt; i++) {
hit_group.item_id = 0;
hit_group.group_id = super_group_ids[i];
hit_group.vtable_id = vtable_id;
hit_group.attribute_id = attribute_id;
utarray_push_back(rule_state->last_hit_groups, &hit_group);
}
if (1 == maat_inst->opts.hit_path_on && hit_cnt > 0) {
for (i = 0; i < hit_cnt; i++) {
rule_state_add_internal_hit_path(rule_state, hit_items[i].item_id,
hit_items[i].group_id, vtable_id, 0, Nth_scan);
hit_items[i].group_id, attribute_id, 0, Nth_scan);
}
}
if (1 == maat_inst->opts.hit_group_on) {
rule_state_add_direct_hit_groups(rule_state, hit_items, hit_cnt, vtable_id);
rule_state_add_direct_hit_groups(rule_state, hit_items, hit_cnt, attribute_id);
rule_state_add_indirect_hit_groups(rule_state, super_group_ids,
super_group_cnt, vtable_id);
super_group_cnt, attribute_id);
}
/* update hit clause */
@@ -2544,11 +2544,11 @@ int rule_state_update(struct rule_state *rule_state, struct maat *maat_inst,
for (i = 0; i < hit_cnt; i++) {
rule_state_update_hit_clauses(rule_state, rule_rt,
hit_group_ids[i], vtable_id);
hit_group_ids[i], attribute_id);
}
rule_state_cache_hit_not_groups(rule_state, rule_rt, hit_group_ids,
hit_cnt, vtable_id);
hit_cnt, attribute_id);
return hit_cnt;
}
@@ -2563,7 +2563,7 @@ void rule_state_clear_last_hit_group(struct rule_state *rule_state)
void rule_state_not_logic_update(struct rule_state *rule_state,
struct rule_runtime *rule_rt,
struct maat *maat_inst, int vtable_id,
struct maat *maat_inst, int attribute_id,
int Nth_scan)
{
if (NULL == rule_state || NULL == maat_inst) {
@@ -2575,7 +2575,7 @@ void rule_state_not_logic_update(struct rule_state *rule_state,
utarray_clear(rule_state->this_scan_hit_not_clauses);
struct table_group *tbl_group = NULL;
HASH_FIND(hh, rule_state->hit_not_tbl_groups, &vtable_id, sizeof(int), tbl_group);
HASH_FIND(hh, rule_state->hit_not_tbl_groups, &attribute_id, sizeof(int), tbl_group);
if (NULL == tbl_group) {
return;
}
@@ -2583,7 +2583,7 @@ void rule_state_not_logic_update(struct rule_state *rule_state,
struct clause_id_kv *clause_id_kv = NULL;
for (size_t i = 0; i < utarray_len(tbl_group->group_ids); i++) {
long long *group_id = utarray_eltptr(tbl_group->group_ids, i);
struct clause_query_key key = {*group_id, vtable_id, 1};
struct clause_query_key key = {*group_id, attribute_id, 1};
HASH_FIND(hh, rule_rt->not_clause_id_kv_hash, &key, sizeof(key), clause_id_kv);
if (NULL == clause_id_kv) {
@@ -2593,7 +2593,7 @@ void rule_state_not_logic_update(struct rule_state *rule_state,
rule_state_add_hit_not_clauses(rule_state, clause_id_kv->clause_ids);
if (1 == maat_inst->opts.hit_path_on) {
rule_state_add_internal_hit_path(rule_state, -1, *group_id,
vtable_id, 1, Nth_scan);
attribute_id, 1, Nth_scan);
}
}
}
@@ -2609,7 +2609,7 @@ size_t rule_state_get_indirect_hit_groups(struct rule_state *rule_state,
(struct maat_hit_group *)utarray_eltptr(rule_state->indirect_hit_groups, i);
group_array[i].item_id = hit_group->item_id;
group_array[i].group_id = hit_group->group_id;
group_array[i].vtable_id = hit_group->vtable_id;
group_array[i].attribute_id = hit_group->attribute_id;
}
utarray_clear(rule_state->indirect_hit_groups);
@@ -2653,7 +2653,7 @@ size_t rule_state_get_direct_hit_groups(struct rule_state *rule_state,
group = (struct maat_hit_group *)utarray_eltptr(direct_hit_group, i);
group_array[i].item_id = group->item_id;
group_array[i].group_id = group->group_id;
group_array[i].vtable_id = group->vtable_id;
group_array[i].attribute_id = group->attribute_id;
}
utarray_clear(rule_state->direct_hit_groups);
@@ -2712,7 +2712,7 @@ size_t rule_state_get_internal_hit_paths(struct rule_state *rule_state,
tmp_path.item_id = internal_path->item_id;
tmp_path.sub_group_id = internal_path->group_id;
tmp_path.top_group_id = *p;
tmp_path.vtable_id = internal_path->vtable_id;
tmp_path.attribute_id = internal_path->attribute_id;
tmp_path.NOT_flag = internal_path->NOT_flag;
tmp_path.clause_index = -1;
tmp_path.rule_id = -1;

2
src/maat_stat.c
View File

@@ -320,7 +320,7 @@ static void fs_table_row_refresh(struct maat_stat *stat, int perf_on)
fieldstat_easy_counter_set(stat->fs_handle, 0,
stat->fs_column_id[COLUMN_HIT_ITEM_NUM],
&cell_tag, 1, hit_item_num);
if (table_type != TABLE_TYPE_VIRTUAL) {
if (table_type != TABLE_TYPE_ATTRIBUTE) {
total_regv6_num += regex_rule_num;
total_regv6_num += ipv6_rule_num;
total_rule_num += rule_num;

32
src/maat_table.c
View File

@@ -27,7 +27,7 @@
#include "maat_bool_plugin.h"
#include "maat_fqdn_plugin.h"
#include "maat_interval.h"
#include "maat_virtual.h"
#include "maat_attribute.h"
#include "expr_matcher/expr_matcher.h"
#define MODULE_TABLE module_name_str("maat.table")
@@ -264,18 +264,18 @@ struct table_operations table_ops[TABLE_TYPE_MAX] = {
.update_err_count = bool_plugin_runtime_update_err_count
},
{
.type = TABLE_TYPE_VIRTUAL,
.new_schema = virtual_schema_new,
.free_schema = virtual_schema_free,
.new_runtime = virtual_runtime_new,
.free_runtime = virtual_runtime_free,
.type = TABLE_TYPE_ATTRIBUTE,
.new_schema = attribute_schema_new,
.free_schema = attribute_schema_free,
.new_runtime = attribute_runtime_new,
.free_runtime = attribute_runtime_free,
.update_runtime = NULL,
.commit_runtime = NULL,
.scan_times = virtual_runtime_scan_times,
.scan_bytes = virtual_runtime_scan_bytes,
.scan_cpu_time = virtual_runtime_scan_cpu_time,
.hit_times = virtual_runtime_hit_times,
.hit_item_num = virtual_runtime_hit_item_num
.scan_times = attribute_runtime_scan_times,
.scan_bytes = attribute_runtime_scan_bytes,
.scan_cpu_time = attribute_runtime_scan_cpu_time,
.hit_times = attribute_runtime_hit_times,
.hit_item_num = attribute_runtime_hit_item_num
},
{
.type = TABLE_TYPE_RULE,
@@ -514,7 +514,7 @@ static void register_reserved_word(struct maat_kv_store *reserved_word_map)
maat_kv_register(reserved_word_map, "ipport_plugin", TABLE_TYPE_IPPORT_PLUGIN);
maat_kv_register(reserved_word_map, "bool_plugin", TABLE_TYPE_BOOL_PLUGIN);
maat_kv_register(reserved_word_map, "fqdn_plugin", TABLE_TYPE_FQDN_PLUGIN);
maat_kv_register(reserved_word_map, "virtual", TABLE_TYPE_VIRTUAL);
maat_kv_register(reserved_word_map, "attribute", TABLE_TYPE_ATTRIBUTE);
}
static struct maat_table *
@@ -598,7 +598,7 @@ maat_table_new(cJSON *json, struct maat_kv_store *reserved_word_map,
item = cJSON_GetObjectItem(json, "valid_column");
if (NULL == item || item->type != cJSON_Number) {
if (ptable->table_type != TABLE_TYPE_VIRTUAL) {
if (ptable->table_type != TABLE_TYPE_ATTRIBUTE) {
log_fatal(logger, MODULE_TABLE,
"[%s:%d] table:%s has no valid column",
__FUNCTION__, __LINE__, ptable->table_name);
@@ -912,10 +912,10 @@ table_manager_create(const char *table_info_path, const char *accept_tags,
tbl_mgr->tbl[maat_tbl->table_id] = maat_tbl;
tbl_mgr->n_table++;
if (maat_tbl->table_type == TABLE_TYPE_VIRTUAL) {
int phy_table_id = vtable_get_physical_table_id(tbl_mgr, maat_tbl->table_id);
if (maat_tbl->table_type == TABLE_TYPE_ATTRIBUTE) {
int phy_table_id = attribute_get_physical_table_id(tbl_mgr, maat_tbl->table_id);
log_info(logger, MODULE_TABLE,
"successfully register virtual table[%s]->vtable_id:%d,"
"successfully register attribute[%s]->attribute_id:%d,"
" physical_table_id:%d", maat_tbl->table_name, maat_tbl->table_id,
phy_table_id);
} else {

4
test/benchmark/benchmark_gtest.cpp
View File

@@ -137,7 +137,7 @@ void generate_rule_sample(const char *table_name, int sample_count)
fclose(fp);
}
void generate_group2rule_sample(const char *table_name, const char *vtable_name,
void generate_group2rule_sample(const char *table_name, const char *attribute_name,
int sample_count)
{
FILE *fp = fopen(table_name, "w+");
@@ -149,7 +149,7 @@ void generate_group2rule_sample(const char *table_name, const char *vtable_name,
fprintf(fp, "%d\n", sample_count);
for (int i = 0; i < sample_count; i++) {
fprintf(fp, "%d\t%d\t0\t%s\t1\t1\n", i+1, 100+i, vtable_name);
fprintf(fp, "%d\t%d\t0\t%s\t1\t1\n", i+1, 100+i, attribute_name);
}
fclose(fp);

2
test/benchmark/benchmark_table_info.conf
View File

@@ -573,7 +573,7 @@
"group_id":1,
"rule_id":2,
"not_flag":3,
"virtual_table_name":4,
"attribute_name":4,
"clause_index":5
}
},

2
test/file_test_tableinfo.conf
View File

@@ -55,7 +55,7 @@
"group_id":1,
"rule_id":2,
"not_flag":4,
"virtual_table_name":5,
"attribute_name":5,
"clause_index":6
}
},

2
test/json_update/new.json
View File

@@ -13,7 +13,7 @@
"is_valid": "yes",
"groups": [
{
"virtual_table": "HTTP_URL",
"attribute": "HTTP_URL",
"regions": [
{
"table_name": "HTTP_URL",

2
test/json_update/old.json
View File

@@ -14,7 +14,7 @@
"groups": [
{
"group_name": "Untitled",
"virtual_table": "HTTP_URL",
"attribute": "HTTP_URL",
"regions": [
{
"table_name": "HTTP_URL",

246
test/maat_framework_gtest.cpp
View File

@@ -3249,8 +3249,8 @@ TEST_F(IPScan, RuleUpdates) {
TEST_F(IPScan, RuleChangeClauseId) {
//This test is a reproduce of bug OMPUB-1343.
const char *src_table_name = "VIRTUAL_IP_PLUS_SOURCE";
const char *dst_table_name = "VIRTUAL_IP_PLUS_DESTINATION";
const char *src_table_name = "ATTRIBUTE_IP_PLUS_SOURCE";
const char *dst_table_name = "ATTRIBUTE_IP_PLUS_DESTINATION";
const char *phy_ip_table_name = "IP_PLUS_CONFIG";
struct maat *maat_inst = IPScan::_shared_maat_inst;
int thread_id = 0;
@@ -3356,7 +3356,7 @@ TEST_F(IPScan, RuleChangeClauseId) {
struct maat_hit_group group;
group.item_id = 0;
group.vtable_id = 0;
group.attribute_id = 0;
group.group_id = group_id3;
ret = maat_scan_group(maat_inst, app_id_table_id, &group, 1, results, ARRAY_SIZE, &n_hit_result, state);
@@ -3566,7 +3566,7 @@ TEST_F(GroupScan, PhysicalTable) {
struct maat_hit_group hit_group;
hit_group.group_id = 247;
hit_group.vtable_id = table_id;
hit_group.attribute_id = table_id;
int ret = maat_scan_group(maat_inst, table_id, &hit_group, 1, results,
ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
@@ -3578,7 +3578,7 @@ TEST_F(GroupScan, PhysicalTable) {
sleep(2);
}
TEST_F(GroupScan, VirtualTable) {
TEST_F(GroupScan, Attribute) {
long long results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0;
int thread_id = 0;
@@ -3591,7 +3591,7 @@ TEST_F(GroupScan, VirtualTable) {
struct maat_hit_group hit_group;
hit_group.group_id = 259;
hit_group.vtable_id = table_id;
hit_group.attribute_id = table_id;
int ret = maat_scan_group(maat_inst, table_id, &hit_group, 1, results,
ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
@@ -3622,7 +3622,7 @@ TEST_F(GroupScan, SetScanRuleTable) {
struct maat_hit_group hit_group;
hit_group.group_id = 248;
hit_group.vtable_id = table_id;
hit_group.attribute_id = table_id;
ret = maat_scan_group(maat_inst, table_id, &hit_group, 1, results,
ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
@@ -3940,14 +3940,14 @@ TEST_F(NOTLogic, ScanNotIP) {
size_t n_hit_result = 0;
int thread_id = 0;
const char *hit_table_name = "HTTP_URL";
const char *not_hit_table_name = "VIRTUAL_IP_CONFIG";
const char *not_hit_table_name = "ATTRIBUTE_IP_CONFIG";
struct maat *maat_inst = NOTLogic::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
int hit_table_id = maat_get_table_id(maat_inst, hit_table_name);
ASSERT_GT(hit_table_id, 0);
// scan string_should_hit(HTTP_URL) & hit ip(VIRTUAL_IP_CONFIG) => not hit rule
// scan string_should_hit(HTTP_URL) & hit ip(ATTRIBUTE_IP_CONFIG) => not hit rule
int ret = maat_scan_string(maat_inst, hit_table_id, string_should_hit,
strlen(string_should_hit), results, ARRAY_SIZE,
&n_hit_result, state);
@@ -3975,7 +3975,7 @@ TEST_F(NOTLogic, ScanNotIP) {
maat_state_reset(state);
// scan string_should_hit(HTTP_URL) & not hit ip(VIRTUAL_IP_CONFIG) => hit rule145
// scan string_should_hit(HTTP_URL) & not hit ip(ATTRIBUTE_IP_CONFIG) => hit rule145
ret = maat_scan_string(maat_inst, hit_table_id, string_should_hit,
strlen(string_should_hit), results, ARRAY_SIZE,
&n_hit_result, state);
@@ -4002,7 +4002,7 @@ TEST_F(NOTLogic, ScanNotWithDistrict) {
size_t n_hit_result = 0;
int thread_id = 0;
const char *url_table_name = "HTTP_URL";
const char *virtual_table_name = "HTTP_REQUEST_HEADER";
const char *attribute_name = "HTTP_REQUEST_HEADER";
const char *district_str1 = "User-Agent";
struct maat *maat_inst = NOTLogic::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
@@ -4016,18 +4016,18 @@ TEST_F(NOTLogic, ScanNotWithDistrict) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
int virtual_table_id = maat_get_table_id(maat_inst, virtual_table_name);
ASSERT_GT(virtual_table_id, 0);
int attribute_id = maat_get_table_id(maat_inst, attribute_name);
ASSERT_GT(attribute_id, 0);
ret = maat_state_set_scan_district(state, virtual_table_id, district_str1,
ret = maat_state_set_scan_district(state, attribute_id, district_str1,
strlen(district_str1));
ASSERT_EQ(ret, 0);
ret = maat_scan_string(maat_inst, virtual_table_id, string2, strlen(string2),
ret = maat_scan_string(maat_inst, attribute_id, string2, strlen(string2),
results, ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
ret = maat_scan_not_logic(maat_inst, virtual_table_id, results, ARRAY_SIZE,
ret = maat_scan_not_logic(maat_inst, attribute_id, results, ARRAY_SIZE,
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
@@ -4039,15 +4039,15 @@ TEST_F(NOTLogic, ScanNotWithDistrict) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
ret = maat_state_set_scan_district(state, virtual_table_id, district_str1,
ret = maat_state_set_scan_district(state, attribute_id, district_str1,
strlen(district_str1));
ASSERT_EQ(ret, 0);
ret = maat_scan_string(maat_inst, virtual_table_id, string3, strlen(string3),
ret = maat_scan_string(maat_inst, attribute_id, string3, strlen(string3),
results, ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
ret = maat_scan_not_logic(maat_inst, virtual_table_id, results, ARRAY_SIZE,
ret = maat_scan_not_logic(maat_inst, attribute_id, results, ARRAY_SIZE,
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
@@ -4066,7 +4066,7 @@ TEST_F(NOTLogic, NotUrlAndNotIp) {
size_t n_hit_result = 0;
int thread_id = 0;
const char *url_table_name = "HTTP_URL_FILTER";
const char *ip_table_name = "VIRTUAL_IP_CONFIG";
const char *ip_table_name = "ATTRIBUTE_IP_CONFIG";
const char *http_table_name = "HTTP_RESPONSE_KEYWORDS";
struct maat *maat_inst = NOTLogic::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
@@ -4074,7 +4074,7 @@ TEST_F(NOTLogic, NotUrlAndNotIp) {
int url_table_id = maat_get_table_id(maat_inst, url_table_name);
ASSERT_GT(url_table_id, 0);
//scan string_should_half_hit(HTTP_URL_FILTER) & hit ip(VIRTUAL_IP_CONFIG) => not hit rule
//scan string_should_half_hit(HTTP_URL_FILTER) & hit ip(ATTRIBUTE_IP_CONFIG) => not hit rule
int ret = maat_scan_string(maat_inst, url_table_id, string_should_half_hit,
strlen(string_should_half_hit), results, ARRAY_SIZE,
&n_hit_result, state);
@@ -4100,7 +4100,7 @@ TEST_F(NOTLogic, NotUrlAndNotIp) {
maat_state_reset(state);
// scan string_should_half_hit(HTTP_RESPONSE_KEYWORDS) & not hit ip(VIRTUAL_IP_CONFIG) => not hit rule
// scan string_should_half_hit(HTTP_RESPONSE_KEYWORDS) & not hit ip(ATTRIBUTE_IP_CONFIG) => not hit rule
int http_table_id = maat_get_table_id(maat_inst, http_table_name);
ASSERT_GT(http_table_id, 0);
@@ -4124,7 +4124,7 @@ TEST_F(NOTLogic, NotUrlAndNotIp) {
maat_state_reset(state);
// scan scan string_should_half_hit(HTTP_URL_FILTER) & not hit ip(VIRTUAL_IP_CONFIG) => hit rule146
// scan scan string_should_half_hit(HTTP_URL_FILTER) & not hit ip(ATTRIBUTE_IP_CONFIG) => hit rule146
ret = maat_scan_string(maat_inst, url_table_id, string_should_half_hit,
strlen(string_should_half_hit), results, ARRAY_SIZE,
&n_hit_result, state);
@@ -4162,15 +4162,15 @@ TEST_F(NOTLogic, NotPhysicalTable) {
size_t n_hit_result = 0;
int thread_id = 0;
const char *phy_table_name = "KEYWORDS_TABLE";
const char *vtable_name = "HTTP_RESPONSE_KEYWORDS";
const char *attribute_name = "HTTP_RESPONSE_KEYWORDS";
struct maat *maat_inst = NOTLogic::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
int phy_table_id = maat_get_table_id(maat_inst, phy_table_name);
ASSERT_GT(phy_table_id, 0);
int vtable_id = maat_get_table_id(maat_inst, vtable_name);
ASSERT_GT(vtable_id, 0);
int attribute_id = maat_get_table_id(maat_inst, attribute_name);
ASSERT_GT(attribute_id, 0);
// scan hit string1(KEYWORDS_TABLE) & hit string2(HTTP_RESPONSE_KEYWORDS) => not hit rule
int ret = maat_scan_string(maat_inst, phy_table_id, string1,
@@ -4182,7 +4182,7 @@ TEST_F(NOTLogic, NotPhysicalTable) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
ret = maat_scan_string(maat_inst, vtable_id, string2, strlen(string2),
ret = maat_scan_string(maat_inst, attribute_id, string2, strlen(string2),
results, ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
@@ -4197,7 +4197,7 @@ TEST_F(NOTLogic, NotPhysicalTable) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
ret = maat_scan_string(maat_inst, vtable_id, string2, strlen(string2),
ret = maat_scan_string(maat_inst, attribute_id, string2, strlen(string2),
results, ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
@@ -4762,7 +4762,7 @@ TEST_F(NOTLogic, MultiLiteralsInOneNotClause) {
state = NULL;
}
TEST_F(NOTLogic, SameVtableInMultiClause) {
TEST_F(NOTLogic, SameAttributeInMultiClause) {
const char *src_asn1 = "AS1234";
const char *src_asn2 = "AS9002";
const char *src_asn3 = "AS9003";
@@ -5062,13 +5062,13 @@ TEST_F(ExcludeLogic, ScanIrrelavantAtLast) {
state = NULL;
}
TEST_F(ExcludeLogic, ScanVirtualTable) {
TEST_F(ExcludeLogic, ScanAttribute) {
long long results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0;
int thread_id = 0;
struct maat *maat_inst = ExcludeLogic::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
const char *table_name = "VIRTUAL_IP_PLUS_TABLE";
const char *table_name = "ATTRIBUTE_IP_PLUS_TABLE";
int table_id = maat_get_table_id(maat_inst, table_name);
ASSERT_GT(table_id, 0);
@@ -5130,7 +5130,7 @@ TEST_F(ExcludeLogic, ScanWithMultiClause) {
int thread_id = 0;
struct maat *maat_inst = ExcludeLogic::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
const char *ip_table_name = "VIRTUAL_IP_PLUS_TABLE";
const char *ip_table_name = "ATTRIBUTE_IP_PLUS_TABLE";
int ip_table_id = maat_get_table_id(maat_inst, ip_table_name);
ASSERT_GT(ip_table_id, 0);
@@ -5191,7 +5191,7 @@ TEST_F(ExcludeLogic, ExcludeInDifferentLevel) {
int thread_id = 0;
struct maat *maat_inst = ExcludeLogic::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
const char *ip_table_name = "VIRTUAL_IP_PLUS_TABLE";
const char *ip_table_name = "ATTRIBUTE_IP_PLUS_TABLE";
int ip_table_id = maat_get_table_id(maat_inst, ip_table_name);
ASSERT_GT(ip_table_id, 0);
@@ -6082,7 +6082,7 @@ TEST_F(BoolPluginTable, EX_DATA) {
EXPECT_EQ(result[0]->id, 305);
}
class VirtualTable : public testing::Test
class Attribute : public testing::Test
{
protected:
static void SetUpTestCase() {
@@ -6111,7 +6111,7 @@ protected:
maat_options_free(opts);
if (NULL == _shared_maat_inst) {
log_fatal(logger, MODULE_FRAMEWORK_GTEST,
"[%s:%d] create maat instance in VirtualTable failed.",
"[%s:%d] create maat instance in Attribute failed.",
__FUNCTION__, __LINE__);
}
}
@@ -6125,15 +6125,15 @@ protected:
static struct maat *_shared_maat_inst;
};
struct maat *VirtualTable::_shared_maat_inst;
struct log_handle *VirtualTable::logger;
struct maat *Attribute::_shared_maat_inst;
struct log_handle *Attribute::logger;
TEST_F(VirtualTable, basic) {
TEST_F(Attribute, basic) {
long long results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0;
int thread_id = 0;
const char *table_name = "HTTP_RESPONSE_KEYWORDS";
struct maat *maat_inst = VirtualTable::_shared_maat_inst;
struct maat *maat_inst = Attribute::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
int table_id = maat_get_table_id(maat_inst, table_name);
@@ -6271,33 +6271,33 @@ TEST_F(TableSchemaTag, RuleTable) {
EXPECT_EQ(ret, 0);
//HTTP_RESPONSE_KEYWORDS
const char *vtable_name = "HTTP_RESPONSE_KEYWORDS";
int vtable_id = maat_get_table_id(maat_inst, vtable_name);
EXPECT_EQ(vtable_id, 25);
const char *attribute_name = "HTTP_RESPONSE_KEYWORDS";
int attribute_id = maat_get_table_id(maat_inst, attribute_name);
EXPECT_EQ(attribute_id, 25);
const char *tag7 = maat_get_table_schema_tag(maat_inst, vtable_id);
const char *tag7 = maat_get_table_schema_tag(maat_inst, attribute_id);
EXPECT_TRUE(tag7 != NULL);
ret = strcmp(tag7, "{\"http_response_keywords\": \"virtual\"}");
ret = strcmp(tag7, "{\"http_response_keywords\": \"attribute\"}");
EXPECT_EQ(ret, 0);
//VIRTUAL_IP_PLUS_TABLE
const char *vtable1_name = "VIRTUAL_IP_PLUS_TABLE";
int vtable1_id = maat_get_table_id(maat_inst, vtable1_name);
EXPECT_EQ(vtable1_id, 28);
//ATTRIBUTE_IP_PLUS_TABLE
const char *attribute1_name = "ATTRIBUTE_IP_PLUS_TABLE";
int attribute1_id = maat_get_table_id(maat_inst, attribute1_name);
EXPECT_EQ(attribute1_id, 28);
const char *vtable2_name = "VIRTUAL_IP_PLUS_SOURCE";
int vtable2_id = maat_get_table_id(maat_inst, vtable2_name);
EXPECT_EQ(vtable2_id, 28);
const char *attribute2_name = "ATTRIBUTE_IP_PLUS_SOURCE";
int attribute2_id = maat_get_table_id(maat_inst, attribute2_name);
EXPECT_EQ(attribute2_id, 28);
const char *vtable3_name = "VIRTUAL_IP_PLUS_DESTINATION";
int vtable3_id = maat_get_table_id(maat_inst, vtable3_name);
EXPECT_EQ(vtable3_id, 28);
const char *attribute3_name = "ATTRIBUTE_IP_PLUS_DESTINATION";
int attribute3_id = maat_get_table_id(maat_inst, attribute3_name);
EXPECT_EQ(attribute3_id, 28);
const char *tag8 = maat_get_table_schema_tag(maat_inst, vtable1_id);
const char *tag8 = maat_get_table_schema_tag(maat_inst, attribute1_id);
EXPECT_TRUE(tag8 != NULL);
ret = strcmp(tag8, "{\"virtual_ip_plus_table\": \"virtual\"}");
ret = strcmp(tag8, "{\"attribute_ip_plus_table\": \"attribute\"}");
EXPECT_EQ(ret, 0);
}
@@ -6745,37 +6745,37 @@ TEST_F(Policy, EvaluationOrder) {
size_t n_hit_path = maat_state_get_hit_paths(state, hit_path, 128);
EXPECT_EQ(n_hit_path, 6);
EXPECT_EQ(hit_path[0].vtable_id, table_id);
EXPECT_EQ(hit_path[0].attribute_id, table_id);
EXPECT_EQ(hit_path[0].sub_group_id, 158);
EXPECT_EQ(hit_path[0].top_group_id, 158);
EXPECT_EQ(hit_path[0].clause_index, 2);
EXPECT_EQ(hit_path[0].rule_id, 168);
EXPECT_EQ(hit_path[1].vtable_id, table_id);
EXPECT_EQ(hit_path[1].attribute_id, table_id);
EXPECT_EQ(hit_path[1].sub_group_id, 157);
EXPECT_EQ(hit_path[1].top_group_id, 157);
EXPECT_EQ(hit_path[1].clause_index, 0);
EXPECT_EQ(hit_path[1].rule_id, 166);
EXPECT_EQ(hit_path[2].vtable_id, table_id);
EXPECT_EQ(hit_path[2].attribute_id, table_id);
EXPECT_EQ(hit_path[2].sub_group_id, 155);
EXPECT_EQ(hit_path[2].top_group_id, -1);
EXPECT_EQ(hit_path[2].clause_index, -1);
EXPECT_EQ(hit_path[2].rule_id, -1);
EXPECT_EQ(hit_path[3].vtable_id, table_id);
EXPECT_EQ(hit_path[3].attribute_id, table_id);
EXPECT_EQ(hit_path[3].sub_group_id, 158);
EXPECT_EQ(hit_path[3].top_group_id, 158);
EXPECT_EQ(hit_path[3].clause_index, 6);
EXPECT_EQ(hit_path[3].rule_id, 168);
EXPECT_EQ(hit_path[4].vtable_id, table_id);
EXPECT_EQ(hit_path[4].attribute_id, table_id);
EXPECT_EQ(hit_path[4].sub_group_id, 158);
EXPECT_EQ(hit_path[4].top_group_id, 158);
EXPECT_EQ(hit_path[4].clause_index, 1);
EXPECT_EQ(hit_path[4].rule_id, 167);
EXPECT_EQ(hit_path[5].vtable_id, table_id);
EXPECT_EQ(hit_path[5].attribute_id, table_id);
EXPECT_EQ(hit_path[5].sub_group_id, 158);
EXPECT_EQ(hit_path[5].top_group_id, 158);
EXPECT_EQ(hit_path[5].clause_index, 3);
@@ -6807,7 +6807,7 @@ TEST_F(Policy, EvaluationOrder) {
TEST_F(Policy, NotClauseHitPath) {
const char *url_table_name = "HTTP_URL";
const char *ip_table_name = "VIRTUAL_IP_CONFIG";
const char *ip_table_name = "ATTRIBUTE_IP_CONFIG";
const char *url = "www.youtube.com";
long long results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0;
@@ -6844,7 +6844,7 @@ TEST_F(Policy, NotClauseHitPath) {
EXPECT_EQ(n_hit_path, 4);
EXPECT_EQ(hit_path[0].Nth_scan, 1);
EXPECT_EQ(hit_path[0].vtable_id, url_table_id);
EXPECT_EQ(hit_path[0].attribute_id, url_table_id);
EXPECT_EQ(hit_path[0].NOT_flag, 0);
EXPECT_EQ(hit_path[0].clause_index, 1);
EXPECT_EQ(hit_path[0].sub_group_id, 249);
@@ -6852,7 +6852,7 @@ TEST_F(Policy, NotClauseHitPath) {
EXPECT_EQ(hit_path[0].rule_id, 228);
EXPECT_EQ(hit_path[1].Nth_scan, 2);
EXPECT_EQ(hit_path[1].vtable_id, ip_table_id);
EXPECT_EQ(hit_path[1].attribute_id, ip_table_id);
EXPECT_EQ(hit_path[1].NOT_flag, 1);
EXPECT_EQ(hit_path[1].clause_index, -1);
EXPECT_EQ(hit_path[1].sub_group_id, 100);
@@ -6860,7 +6860,7 @@ TEST_F(Policy, NotClauseHitPath) {
EXPECT_EQ(hit_path[1].rule_id, -1);
EXPECT_EQ(hit_path[2].Nth_scan, 2);
EXPECT_EQ(hit_path[2].vtable_id, ip_table_id);
EXPECT_EQ(hit_path[2].attribute_id, ip_table_id);
EXPECT_EQ(hit_path[2].NOT_flag, 1);
EXPECT_EQ(hit_path[2].clause_index, -1);
EXPECT_EQ(hit_path[2].sub_group_id, 100);
@@ -6868,7 +6868,7 @@ TEST_F(Policy, NotClauseHitPath) {
EXPECT_EQ(hit_path[2].rule_id, -1);
EXPECT_EQ(hit_path[3].Nth_scan, 2);
EXPECT_EQ(hit_path[3].vtable_id, ip_table_id);
EXPECT_EQ(hit_path[3].attribute_id, ip_table_id);
EXPECT_EQ(hit_path[3].NOT_flag, 1);
EXPECT_EQ(hit_path[3].clause_index, 2);
EXPECT_EQ(hit_path[3].sub_group_id, 250);
@@ -7114,7 +7114,7 @@ protected:
struct maat *GroupHierarchy::_shared_maat_inst;
struct log_handle *GroupHierarchy::logger;
TEST_F(GroupHierarchy, VirtualOfOnePhysical)
TEST_F(GroupHierarchy, AttributeOfOnePhysical)
{
const char *http_content = "Batman\\:Take me Home.Superman/:Fine,stay with me.";
const char *http_url = "https://blog.csdn.net/littlefang/article/details/8213058";
@@ -7167,7 +7167,7 @@ TEST_F(GroupHierarchy, VirtualOfOnePhysical)
state = NULL;
}
TEST_F(GroupHierarchy, VirtualWithVirtual) {
TEST_F(GroupHierarchy, AttributeWithAttribute) {
const char *http_req_hdr_ua = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) "
"AppleWebKit/537.36 (KHTML, like Gecko) "
"Chrome/78.0.3904.108 Safari/537.36";
@@ -7220,7 +7220,7 @@ TEST_F(GroupHierarchy, VirtualWithVirtual) {
state = NULL;
}
TEST_F(GroupHierarchy, OneGroupInTwoVirtual) {
TEST_F(GroupHierarchy, OneGroupInTwoAttribute) {
const char *http_resp_hdr_cookie = "sessionid=888888;BDORZ=B490B5EBF6F3CD402E515D22BCDA1598; sugstore=1;";
const char *req_table_name = "HTTP_REQUEST_HEADER";
const char *res_table_name = "HTTP_RESPONSE_HEADER";
@@ -7708,7 +7708,7 @@ TEST_F(MaatCmd, GroupScan) {
struct maat_hit_group hit_group;
hit_group.group_id = group_id;
hit_group.vtable_id = table_id;
hit_group.attribute_id = table_id;
ret = maat_scan_group(maat_inst, table_id, &hit_group, 1, results, ARRAY_SIZE,
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
@@ -7720,11 +7720,11 @@ TEST_F(MaatCmd, GroupScan) {
}
/**
* Filter such as URL: http://filtermenot.com => {vtable_id, group_id}
* Filter such as URL: http://filtermenot.com => {attribute_id, group_id}
One rule reference this filter twice, the rule should be hit.
*/
TEST_F(MaatCmd, SameFilterRefByOneRule) {
const char *vtable_name = "HTTP_URL_FILTER";
const char *attribute_name = "HTTP_URL_FILTER";
const char *scan_data = "http://filtermenot.com";
const char *keywords = "menot.com";
const char *rule_table_name = "RULE_DEFAULT";
@@ -7735,7 +7735,7 @@ TEST_F(MaatCmd, SameFilterRefByOneRule) {
struct maat *maat_inst = MaatCmd::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
int table_id = maat_get_table_id(maat_inst, vtable_name);
int table_id = maat_get_table_id(maat_inst, attribute_name);
ASSERT_GT(table_id, 0);
long long rule_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1);
@@ -7743,14 +7743,14 @@ TEST_F(MaatCmd, SameFilterRefByOneRule) {
rule_id, "null", 2, 0); // rule has two clause
EXPECT_EQ(ret, 1);
//clause1 & clause2 has same filter => {vtable_id, group_id}
//clause1 & clause2 has same filter => {attribute_id, group_id}
long long group_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1);
ret = group2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
group_id, rule_id, 0, vtable_name, 1, 0);
group_id, rule_id, 0, attribute_name, 1, 0);
EXPECT_EQ(ret, 1);
ret = group2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
group_id, rule_id, 0, vtable_name, 2, 0);
group_id, rule_id, 0, attribute_name, 2, 0);
EXPECT_EQ(ret, 1);
long long item_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1);
@@ -8138,7 +8138,7 @@ TEST_F(MaatCmd, RefGroup) {
state = NULL;
}
TEST_F(MaatCmd, VirtualTable) {
TEST_F(MaatCmd, Attribute) {
const char* rule_table_name = "RULE_DEFAULT";
const char* g2c_table_name = "GROUP2RULE_DEFAULT";
const char* table_name="HTTP_SIGNATURE";
@@ -9187,7 +9187,7 @@ TEST_F(MaatCmd, HitGroup) {
EXPECT_EQ(n_hit_group, 1);
EXPECT_EQ(hit_groups[0].item_id, item1_id);
EXPECT_EQ(hit_groups[0].group_id, group1_id);
EXPECT_EQ(hit_groups[0].vtable_id, http_req_table_id);
EXPECT_EQ(hit_groups[0].attribute_id, http_req_table_id);
memset(hit_groups, 0, sizeof(hit_groups));
n_hit_group = maat_state_get_indirect_hit_group_cnt(state);
@@ -9195,7 +9195,7 @@ TEST_F(MaatCmd, HitGroup) {
EXPECT_EQ(n_hit_group, 1);
EXPECT_EQ(hit_groups[0].item_id, 0);
EXPECT_EQ(hit_groups[0].group_id, group11_id);
EXPECT_EQ(hit_groups[0].vtable_id, http_req_table_id);
EXPECT_EQ(hit_groups[0].attribute_id, http_req_table_id);
size_t n_last_hit_group = maat_state_get_last_hit_group_cnt(state);
struct maat_hit_group last_hit_groups[128] = {0};
@@ -9204,11 +9204,11 @@ TEST_F(MaatCmd, HitGroup) {
EXPECT_EQ(last_hit_groups[0].item_id, item1_id);
EXPECT_EQ(last_hit_groups[0].group_id, group1_id);
EXPECT_EQ(last_hit_groups[0].vtable_id, http_req_table_id);
EXPECT_EQ(last_hit_groups[0].attribute_id, http_req_table_id);
EXPECT_EQ(last_hit_groups[1].item_id, 0);
EXPECT_EQ(last_hit_groups[1].group_id, group11_id);
EXPECT_EQ(last_hit_groups[1].vtable_id, http_req_table_id);
EXPECT_EQ(last_hit_groups[1].attribute_id, http_req_table_id);
int http_res_table_id = maat_get_table_id(maat_inst, "HTTP_RESPONSE_HEADER");
ASSERT_GT(http_res_table_id, 0);
@@ -9235,7 +9235,7 @@ TEST_F(MaatCmd, HitGroup) {
EXPECT_EQ(hit_groups[0].item_id, item2_id);
EXPECT_EQ(hit_groups[0].group_id, group2_id);
EXPECT_EQ(hit_groups[0].vtable_id, http_res_table_id);
EXPECT_EQ(hit_groups[0].attribute_id, http_res_table_id);
memset(hit_groups, 0, sizeof(hit_groups));
n_hit_group = maat_state_get_indirect_hit_group_cnt(state);
@@ -9243,7 +9243,7 @@ TEST_F(MaatCmd, HitGroup) {
EXPECT_EQ(n_hit_group, 1);
EXPECT_EQ(hit_groups[0].item_id, 0);
EXPECT_EQ(hit_groups[0].group_id, group21_id);
EXPECT_EQ(hit_groups[0].vtable_id, http_res_table_id);
EXPECT_EQ(hit_groups[0].attribute_id, http_res_table_id);
n_last_hit_group = maat_state_get_last_hit_group_cnt(state);
maat_state_get_last_hit_groups(state, last_hit_groups, 128);
@@ -9251,11 +9251,11 @@ TEST_F(MaatCmd, HitGroup) {
EXPECT_EQ(last_hit_groups[0].item_id, item2_id);
EXPECT_EQ(last_hit_groups[0].group_id, group2_id);
EXPECT_EQ(last_hit_groups[0].vtable_id, http_res_table_id);
EXPECT_EQ(last_hit_groups[0].attribute_id, http_res_table_id);
EXPECT_EQ(last_hit_groups[1].item_id, 0);
EXPECT_EQ(last_hit_groups[1].group_id, group21_id);
EXPECT_EQ(last_hit_groups[1].vtable_id, http_res_table_id);
EXPECT_EQ(last_hit_groups[1].attribute_id, http_res_table_id);
const char* keywords1="In graph theory, hit group item forth";
const char *keywords2="To test one group hit group item fifth";
@@ -9289,11 +9289,11 @@ TEST_F(MaatCmd, HitGroup) {
EXPECT_EQ(hit_groups[0].item_id, item4_id);
EXPECT_EQ(hit_groups[0].group_id, group4_id);
EXPECT_EQ(hit_groups[0].vtable_id, keywords_table_id); //physical table(keywords_table) vtable_id is 0
EXPECT_EQ(hit_groups[0].attribute_id, keywords_table_id); //physical table(keywords_table) attribute_id is 0
EXPECT_EQ(hit_groups[1].item_id, item3_id);
EXPECT_EQ(hit_groups[1].group_id, group3_id);
EXPECT_EQ(hit_groups[1].vtable_id, ip_table_id);
EXPECT_EQ(hit_groups[1].attribute_id, ip_table_id);
ret = maat_stream_scan(stream, keywords2, strlen(keywords2), results,
ARRAY_SIZE, &n_hit_result, state);
@@ -9309,11 +9309,11 @@ TEST_F(MaatCmd, HitGroup) {
EXPECT_EQ(hit_groups[0].item_id, item5_id);
EXPECT_EQ(hit_groups[0].group_id, group1_id);
EXPECT_EQ(hit_groups[0].vtable_id, keywords_table_id); //physical table(keywords_table) vtable_id is 0
EXPECT_EQ(hit_groups[0].attribute_id, keywords_table_id); //physical table(keywords_table) attribute_id is 0
EXPECT_EQ(hit_groups[1].item_id, item4_id);
EXPECT_EQ(hit_groups[1].group_id, group4_id);
EXPECT_EQ(hit_groups[1].vtable_id, keywords_table_id); //physical table(keywords_table) vtable_id is 0
EXPECT_EQ(hit_groups[1].attribute_id, keywords_table_id); //physical table(keywords_table) attribute_id is 0
n_last_hit_group = maat_state_get_last_hit_group_cnt(state);
maat_state_get_last_hit_groups(state, last_hit_groups, 128);
@@ -9321,15 +9321,15 @@ TEST_F(MaatCmd, HitGroup) {
EXPECT_EQ(last_hit_groups[0].item_id, item5_id);
EXPECT_EQ(last_hit_groups[0].group_id, group1_id);
EXPECT_EQ(last_hit_groups[0].vtable_id, keywords_table_id);
EXPECT_EQ(last_hit_groups[0].attribute_id, keywords_table_id);
EXPECT_EQ(last_hit_groups[1].item_id, item4_id);
EXPECT_EQ(last_hit_groups[1].group_id, group4_id);
EXPECT_EQ(last_hit_groups[1].vtable_id, keywords_table_id);
EXPECT_EQ(last_hit_groups[1].attribute_id, keywords_table_id);
EXPECT_EQ(last_hit_groups[2].item_id, 0);
EXPECT_EQ(last_hit_groups[2].group_id, group11_id);
EXPECT_EQ(last_hit_groups[2].vtable_id, keywords_table_id);
EXPECT_EQ(last_hit_groups[2].attribute_id, keywords_table_id);
maat_stream_free(stream);
maat_state_free(state);
@@ -9462,7 +9462,7 @@ TEST_F(MaatCmd, HitPathBasic) {
EXPECT_EQ(hit_path[path_idx].item_id, item1_id);
EXPECT_EQ(hit_path[path_idx].sub_group_id, group1_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, group11_id);
EXPECT_EQ(hit_path[path_idx].vtable_id, http_req_table_id);
EXPECT_EQ(hit_path[path_idx].attribute_id, http_req_table_id);
EXPECT_EQ(hit_path[path_idx].rule_id, -1);
path_idx++;
@@ -9470,7 +9470,7 @@ TEST_F(MaatCmd, HitPathBasic) {
EXPECT_EQ(hit_path[path_idx].item_id, item1_id);
EXPECT_EQ(hit_path[path_idx].sub_group_id, group1_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, -1);
EXPECT_EQ(hit_path[path_idx].vtable_id, http_req_table_id);
EXPECT_EQ(hit_path[path_idx].attribute_id, http_req_table_id);
EXPECT_EQ(hit_path[path_idx].rule_id, -1);
int http_res_table_id = maat_get_table_id(maat_inst, "HTTP_RESPONSE_HEADER");
@@ -9519,7 +9519,7 @@ TEST_F(MaatCmd, HitPathBasic) {
EXPECT_EQ(hit_path[path_idx].item_id, item2_id);
EXPECT_EQ(hit_path[path_idx].sub_group_id, group2_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, group21_id);
EXPECT_EQ(hit_path[path_idx].vtable_id, http_res_table_id);
EXPECT_EQ(hit_path[path_idx].attribute_id, http_res_table_id);
EXPECT_EQ(hit_path[path_idx].rule_id, rule1_id);
path_idx++;
@@ -9528,7 +9528,7 @@ TEST_F(MaatCmd, HitPathBasic) {
EXPECT_EQ(hit_path[path_idx].item_id, item2_id);
EXPECT_EQ(hit_path[path_idx].sub_group_id, group2_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, -1);
EXPECT_EQ(hit_path[path_idx].vtable_id, http_res_table_id);
EXPECT_EQ(hit_path[path_idx].attribute_id, http_res_table_id);
EXPECT_EQ(hit_path[path_idx].rule_id, -1);
const char* keywords1="In graph theory, a path in a graph is a finite or infinite \
sequence of edges which joins a sequence of vertices which, by most definitions,\
@@ -9562,7 +9562,7 @@ that the edges be all directed in the same direction.";
EXPECT_EQ(hit_path[path_idx].item_id, item4_id);
EXPECT_EQ(hit_path[path_idx].sub_group_id, group4_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, -1);
EXPECT_EQ(hit_path[path_idx].vtable_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].rule_id, -1);
int ip_table_id = maat_get_table_id(maat_inst, ip_table_name);
@@ -9592,7 +9592,7 @@ that the edges be all directed in the same direction.";
EXPECT_EQ(hit_path[path_idx].item_id, item3_id);
EXPECT_EQ(hit_path[path_idx].sub_group_id, group3_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, -1);
EXPECT_EQ(hit_path[path_idx].vtable_id, ip_table_id);
EXPECT_EQ(hit_path[path_idx].attribute_id, ip_table_id);
EXPECT_EQ(hit_path[path_idx].rule_id, -1);
Nth_scan++;
@@ -9616,7 +9616,7 @@ that the edges be all directed in the same direction.";
EXPECT_EQ(hit_path[path_idx].item_id, item4_id);
EXPECT_EQ(hit_path[path_idx].sub_group_id, group4_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, -1);
EXPECT_EQ(hit_path[path_idx].vtable_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].rule_id, -1);
maat_stream_free(stream);
maat_state_free(state);
@@ -9803,7 +9803,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_EQ(hit_path[path_idx].item_id, item1_id);
EXPECT_EQ(hit_path[path_idx].sub_group_id, group1_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, -1);
EXPECT_EQ(hit_path[path_idx].vtable_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].clause_index, -1);
EXPECT_EQ(hit_path[path_idx].rule_id, -1);
@@ -9822,7 +9822,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_EQ(hit_path[path_idx].item_id, item1_id);
EXPECT_EQ(hit_path[path_idx].sub_group_id, group1_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, group1_id);
EXPECT_EQ(hit_path[path_idx].vtable_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].clause_index, 1);
EXPECT_EQ(hit_path[path_idx].rule_id, rule1_id);
@@ -9832,7 +9832,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_EQ(hit_path[path_idx].item_id, item2_id);
EXPECT_EQ(hit_path[path_idx].sub_group_id, group2_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, group21_id);
EXPECT_EQ(hit_path[path_idx].vtable_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].clause_index, 2);
EXPECT_EQ(hit_path[path_idx].rule_id, rule1_id);
@@ -9842,7 +9842,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_EQ(hit_path[path_idx].item_id, item2_id);
EXPECT_EQ(hit_path[path_idx].sub_group_id, group2_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, -1);
EXPECT_EQ(hit_path[path_idx].vtable_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].clause_index, -1);
EXPECT_EQ(hit_path[path_idx].rule_id, -1);
@@ -9867,7 +9867,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_EQ(hit_path[path_idx].item_id, item1_id);
EXPECT_EQ(hit_path[path_idx].sub_group_id, group1_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, group1_id);
EXPECT_EQ(hit_path[path_idx].vtable_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].clause_index, 1);
EXPECT_EQ(hit_path[path_idx].rule_id, rule1_id);
@@ -9877,7 +9877,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_EQ(hit_path[path_idx].item_id, item2_id);
EXPECT_EQ(hit_path[path_idx].sub_group_id, group2_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, group21_id);
EXPECT_EQ(hit_path[path_idx].vtable_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].clause_index, 3);
EXPECT_EQ(hit_path[path_idx].rule_id, rule2_id);
@@ -9887,7 +9887,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_EQ(hit_path[path_idx].item_id, item2_id);
EXPECT_EQ(hit_path[path_idx].sub_group_id, group2_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, -1);
EXPECT_EQ(hit_path[path_idx].vtable_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].clause_index, -1);
EXPECT_EQ(hit_path[path_idx].rule_id, -1);
@@ -9897,7 +9897,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_EQ(hit_path[path_idx].item_id, item3_id);
EXPECT_EQ(hit_path[path_idx].sub_group_id, group3_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, group3_id);
EXPECT_EQ(hit_path[path_idx].vtable_id, ip_table_id);
EXPECT_EQ(hit_path[path_idx].attribute_id, ip_table_id);
EXPECT_EQ(hit_path[path_idx].clause_index, 4);
EXPECT_EQ(hit_path[path_idx].rule_id, rule2_id);
@@ -9907,7 +9907,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_EQ(hit_path[path_idx].item_id, item2_id);
EXPECT_EQ(hit_path[path_idx].sub_group_id, group2_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, group21_id);
EXPECT_EQ(hit_path[path_idx].vtable_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].clause_index, 2);
EXPECT_EQ(hit_path[path_idx].rule_id, rule1_id);
@@ -9928,7 +9928,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_EQ(hit_path[path_idx].item_id, item1_id);
EXPECT_EQ(hit_path[path_idx].sub_group_id, group1_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, group1_id);
EXPECT_EQ(hit_path[path_idx].vtable_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].clause_index, 1);
EXPECT_EQ(hit_path[path_idx].rule_id, rule1_id);
@@ -9938,7 +9938,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_EQ(hit_path[path_idx].item_id, item2_id);
EXPECT_EQ(hit_path[path_idx].sub_group_id, group2_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, group21_id);
EXPECT_EQ(hit_path[path_idx].vtable_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].clause_index, 3);
EXPECT_EQ(hit_path[path_idx].rule_id, rule2_id);
@@ -9948,7 +9948,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_EQ(hit_path[path_idx].item_id, item2_id);
EXPECT_EQ(hit_path[path_idx].sub_group_id, group2_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, -1);
EXPECT_EQ(hit_path[path_idx].vtable_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].clause_index, -1);
EXPECT_EQ(hit_path[path_idx].rule_id, -1);
@@ -9958,7 +9958,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_EQ(hit_path[path_idx].item_id, item3_id);
EXPECT_EQ(hit_path[path_idx].sub_group_id, group3_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, group3_id);
EXPECT_EQ(hit_path[path_idx].vtable_id, ip_table_id);
EXPECT_EQ(hit_path[path_idx].attribute_id, ip_table_id);
EXPECT_EQ(hit_path[path_idx].clause_index, 5);
EXPECT_EQ(hit_path[path_idx].rule_id, rule3_id);
@@ -9968,7 +9968,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_EQ(hit_path[path_idx].item_id, item4_id);
EXPECT_EQ(hit_path[path_idx].sub_group_id, group4_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, group4_id);
EXPECT_EQ(hit_path[path_idx].vtable_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].clause_index, 6);
EXPECT_EQ(hit_path[path_idx].rule_id, rule3_id);
@@ -9978,7 +9978,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_EQ(hit_path[path_idx].item_id, item3_id);
EXPECT_EQ(hit_path[path_idx].sub_group_id, group3_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, group3_id);
EXPECT_EQ(hit_path[path_idx].vtable_id, ip_table_id);
EXPECT_EQ(hit_path[path_idx].attribute_id, ip_table_id);
EXPECT_EQ(hit_path[path_idx].clause_index, 4);
EXPECT_EQ(hit_path[path_idx].rule_id, rule2_id);
@@ -9988,7 +9988,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_EQ(hit_path[path_idx].item_id, item2_id);
EXPECT_EQ(hit_path[path_idx].sub_group_id, group2_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, group21_id);
EXPECT_EQ(hit_path[path_idx].vtable_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].clause_index, 2);
EXPECT_EQ(hit_path[path_idx].rule_id, rule1_id);
@@ -10121,7 +10121,7 @@ TEST_F(MaatCmd, HitPathHasNotGroup) {
EXPECT_EQ(hit_path[path_idx].item_id, -1);
EXPECT_EQ(hit_path[path_idx].sub_group_id, group1_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, group11_id);
EXPECT_EQ(hit_path[path_idx].vtable_id, http_req_table_id);
EXPECT_EQ(hit_path[path_idx].attribute_id, http_req_table_id);
EXPECT_EQ(hit_path[path_idx].NOT_flag, 1);
EXPECT_EQ(hit_path[path_idx].rule_id, -1);
@@ -10130,7 +10130,7 @@ TEST_F(MaatCmd, HitPathHasNotGroup) {
EXPECT_EQ(hit_path[path_idx].item_id, -1);
EXPECT_EQ(hit_path[path_idx].sub_group_id, group1_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, -1);
EXPECT_EQ(hit_path[path_idx].vtable_id, http_req_table_id);
EXPECT_EQ(hit_path[path_idx].attribute_id, http_req_table_id);
EXPECT_EQ(hit_path[path_idx].NOT_flag, 1);
EXPECT_EQ(hit_path[path_idx].rule_id, -1);
@@ -10182,7 +10182,7 @@ TEST_F(MaatCmd, HitPathHasNotGroup) {
EXPECT_EQ(hit_path[path_idx].item_id, item2_id);
EXPECT_EQ(hit_path[path_idx].sub_group_id, group2_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, group21_id);
EXPECT_EQ(hit_path[path_idx].vtable_id, http_res_table_id);
EXPECT_EQ(hit_path[path_idx].attribute_id, http_res_table_id);
EXPECT_EQ(hit_path[path_idx].NOT_flag, 0);
EXPECT_EQ(hit_path[path_idx].rule_id, rule1_id);
@@ -10192,7 +10192,7 @@ TEST_F(MaatCmd, HitPathHasNotGroup) {
EXPECT_EQ(hit_path[path_idx].item_id, item2_id);
EXPECT_EQ(hit_path[path_idx].sub_group_id, group2_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, -1);
EXPECT_EQ(hit_path[path_idx].vtable_id, http_res_table_id);
EXPECT_EQ(hit_path[path_idx].attribute_id, http_res_table_id);
EXPECT_EQ(hit_path[path_idx].NOT_flag, 0);
EXPECT_EQ(hit_path[path_idx].rule_id, -1);
@@ -10224,7 +10224,7 @@ TEST_F(MaatCmd, HitPathHasNotGroup) {
EXPECT_EQ(hit_path[path_idx].item_id, item4_id);
EXPECT_EQ(hit_path[path_idx].sub_group_id, group4_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, -1);
EXPECT_EQ(hit_path[path_idx].vtable_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].NOT_flag, 0);
EXPECT_EQ(hit_path[path_idx].rule_id, -1);
@@ -10254,7 +10254,7 @@ TEST_F(MaatCmd, HitPathHasNotGroup) {
EXPECT_EQ(hit_path[path_idx].item_id, item3_id);
EXPECT_EQ(hit_path[path_idx].sub_group_id, group3_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, -1);
EXPECT_EQ(hit_path[path_idx].vtable_id, ip_table_id);
EXPECT_EQ(hit_path[path_idx].attribute_id, ip_table_id);
EXPECT_EQ(hit_path[path_idx].NOT_flag, 0);
EXPECT_EQ(hit_path[path_idx].rule_id, -1);
@@ -10279,7 +10279,7 @@ TEST_F(MaatCmd, HitPathHasNotGroup) {
EXPECT_EQ(hit_path[path_idx].item_id, item4_id);
EXPECT_EQ(hit_path[path_idx].sub_group_id, group4_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, -1);
EXPECT_EQ(hit_path[path_idx].vtable_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].NOT_flag, 0);
EXPECT_EQ(hit_path[path_idx].rule_id, -1);

354
test/maat_json.json
View File

File diff suppressed because it is too large Load Diff

56
test/table_info.conf
View File

@@ -48,7 +48,7 @@
"group_id":1,
"rule_id":2,
"not_flag":3,
"virtual_table_name":4,
"attribute_name":4,
"clause_index":5
}
},
@@ -85,7 +85,7 @@
"group_id":1,
"rule_id":2,
"not_flag":3,
"virtual_table_name":4,
"attribute_name":4,
"clause_index":5
}
},
@@ -316,29 +316,29 @@
{
"table_id":25,
"table_name":"HTTP_RESPONSE_KEYWORDS",
"table_type":"virtual",
"table_type":"attribute",
"physical_table": "KEYWORDS_TABLE",
"schema_tag": "{\"http_response_keywords\": \"virtual\"}"
"schema_tag": "{\"http_response_keywords\": \"attribute\"}"
},
{
"table_id":26,
"table_name":"HTTP_REQUEST_HEADER",
"table_type":"virtual",
"table_type":"attribute",
"physical_table": "HTTP_SIGNATURE"
},
{
"table_id":27,
"table_name":"HTTP_RESPONSE_HEADER",
"table_type":"virtual",
"table_type":"attribute",
"physical_table": "HTTP_SIGNATURE"
},
{
"table_id":28,
"table_name":"VIRTUAL_IP_PLUS_TABLE",
"db_tables":["VIRTUAL_IP_PLUS_SOURCE", "VIRTUAL_IP_PLUS_DESTINATION"],
"table_type":"virtual",
"table_name":"ATTRIBUTE_IP_PLUS_TABLE",
"db_tables":["ATTRIBUTE_IP_PLUS_SOURCE", "ATTRIBUTE_IP_PLUS_DESTINATION"],
"table_type":"attribute",
"physical_table": "IP_PLUS_CONFIG",
"schema_tag": "{\"virtual_ip_plus_table\": \"virtual\"}"
"schema_tag": "{\"attribute_ip_plus_table\": \"attribute\"}"
},
{
"table_id":29,
@@ -366,13 +366,13 @@
{
"table_id":31,
"table_name":"SOURCE_IP_ASN",
"table_type":"virtual",
"table_type":"attribute",
"physical_table":"AS_NUMBER"
},
{
"table_id":32,
"table_name":"DESTINATION_IP_ASN",
"table_type":"virtual",
"table_type":"attribute",
"physical_table":"AS_NUMBER"
},
{
@@ -390,7 +390,7 @@
{
"table_id":34,
"table_name":"SOURCE_IP_GEO",
"table_type":"virtual",
"table_type":"attribute",
"physical_table":"GeoLocation"
},
{
@@ -527,7 +527,7 @@
{
"table_id":46,
"table_name":"HTTP_URL_FILTER",
"table_type":"virtual",
"table_type":"attribute",
"physical_table": "HTTP_URL"
},
{
@@ -605,80 +605,80 @@
},
{
"table_id":53,
"table_name":"VIRTUAL_IP_CONFIG",
"table_type":"virtual",
"table_name":"ATTRIBUTE_IP_CONFIG",
"table_type":"attribute",
"physical_table": "IP_CONFIG"
},
{
"table_id":54,
"table_name":"HTTP_RESPONSE_KEYWORDS_1",
"table_type":"virtual",
"table_type":"attribute",
"physical_table": "KEYWORDS_TABLE"
},
{
"table_id":55,
"table_name":"HTTP_RESPONSE_KEYWORDS_2",
"table_type":"virtual",
"table_type":"attribute",
"physical_table": "KEYWORDS_TABLE"
},
{
"table_id":56,
"table_name":"HTTP_RESPONSE_KEYWORDS_3",
"table_type":"virtual",
"table_type":"attribute",
"physical_table": "KEYWORDS_TABLE"
},
{
"table_id":57,
"table_name":"HTTP_RESPONSE_KEYWORDS_4",
"table_type":"virtual",
"table_type":"attribute",
"physical_table": "KEYWORDS_TABLE"
},
{
"table_id":58,
"table_name":"HTTP_RESPONSE_KEYWORDS_5",
"table_type":"virtual",
"table_type":"attribute",
"physical_table": "KEYWORDS_TABLE"
},
{
"table_id":59,
"table_name":"HTTP_RESPONSE_KEYWORDS_6",
"table_type":"virtual",
"table_type":"attribute",
"physical_table": "KEYWORDS_TABLE"
},
{
"table_id":60,
"table_name":"HTTP_RESPONSE_KEYWORDS_7",
"table_type":"virtual",
"table_type":"attribute",
"physical_table": "KEYWORDS_TABLE"
},
{
"table_id":61,
"table_name":"HTTP_RESPONSE_KEYWORDS_8",
"table_type":"virtual",
"table_type":"attribute",
"physical_table": "KEYWORDS_TABLE"
},
{
"table_id":62,
"table_name":"HTTP_DUMMY",
"table_type":"virtual",
"table_type":"attribute",
"physical_table": "KEYWORDS_TABLE"
},
{
"table_id":63,
"table_name":"HTTP_NOT_LOGIC",
"table_type":"virtual",
"table_type":"attribute",
"physical_table": "KEYWORDS_TABLE"
},
{
"table_id":64,
"table_name":"HTTP_NOT_LOGIC_1",
"table_type":"virtual",
"table_type":"attribute",
"physical_table": "KEYWORDS_TABLE"
},
{
"table_id":65,
"table_name":"ASN_NOT_LOGIC",
"table_type":"virtual",
"table_type":"attribute",
"physical_table":"AS_NUMBER"
},
{

4
test/test_utils.cpp
View File

@@ -171,12 +171,12 @@ int rule_table_set_line(struct maat *maat_inst, const char *table_name,
int group2rule_table_set_line(struct maat *maat_inst, const char *table_name,
enum maat_operation op, long long group_id,
long long rule_id, int not_flag,
const char *vtable_name, int clause_index,
const char *attribute_name, int clause_index,
int expire_after)
{
char table_line[128] = {0};
sprintf(table_line, "%lld\t%lld\t%d\t%s\t%d\t%d",
group_id, rule_id, not_flag, vtable_name, clause_index, op);
group_id, rule_id, not_flag, attribute_name, clause_index, op);
struct maat_cmd_line line_rule;
line_rule.rule_id = TO_GROUP2X_KEY(group_id, rule_id, clause_index);

2
test/test_utils.h
View File

@@ -21,7 +21,7 @@ int rule_table_set_line(struct maat *maat_inst, const char *table_name,
int group2rule_table_set_line(struct maat *maat_inst, const char *table_name,
enum maat_operation op, long long group_id,
long long rule_id, int not_flag,
const char *vtable_name, int clause_index,
const char *attribute_name, int clause_index,
int expire_after);
int group2group_table_set_line(struct maat *maat_inst, const char *table_name,