gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

rollback to v4.0.31

Browse Source
This commit is contained in:
liuwentan
2023-08-09 19:22:09 +08:00
parent d29eef0423
commit fb0cb5405d
40 changed files with 1907 additions and 5448 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
test/CMakeLists.txt
View File

@@ -3,9 +3,7 @@ include_directories(${PROJECT_SOURCE_DIR}/include)
include_directories(${PROJECT_SOURCE_DIR}/src/inc_internal)
include_directories(${PROJECT_SOURCE_DIR}/deps)
include_directories(${PROJECT_SOURCE_DIR}/scanner)
include_directories(${PROJECT_SOURCE_DIR}/scanner/expr_matcher)
include_directories(${PROJECT_SOURCE_DIR}/scanner/expr_matcher/adapter_hs)
include_directories(${PROJECT_SOURCE_DIR}/scanner/expr_matcher/adapter_rs)
include_directories(${PROJECT_SOURCE_DIR}/scanner/adapter_hs)
include_directories(${PROJECT_SOURCE_DIR}/scanner/ip_matcher)
include_directories(${PROJECT_SOURCE_DIR}/scanner/bool_matcher)
@@ -21,8 +19,8 @@ target_link_libraries(maat_framework_gtest maat_frame_static gtest_static)
add_executable(maat_framework_perf_gtest maat_framework_perf_gtest.cpp)
target_link_libraries(maat_framework_perf_gtest maat_frame_static gtest_static)
add_executable(expr_matcher_gtest expr_matcher_gtest.cpp)
target_link_libraries(expr_matcher_gtest maat_frame_static gtest_static)
add_executable(adapter_hs_gtest adapter_hs_gtest.cpp)
target_link_libraries(adapter_hs_gtest maat_frame_static gtest_static)
add_executable(ip_matcher_gtest ip_matcher_gtest.cpp)
target_link_libraries(ip_matcher_gtest maat_frame_static gtest_static)
@@ -34,7 +32,6 @@ add_executable(maat_ex_data_gtest maat_ex_data_gtest.cpp)
target_link_libraries(maat_ex_data_gtest maat_frame_static gtest_static)
add_subdirectory(group_exclude)
add_subdirectory(benchmark)
file(COPY table_info.conf DESTINATION ./)
file(COPY tsg_table_info.conf DESTINATION ./)
@@ -42,13 +39,13 @@ file(COPY file_test_tableinfo.conf DESTINATION ./)
file(COPY literal_expr.conf DESTINATION ./)
file(COPY regex_expr.conf DESTINATION ./)
file(COPY maat_json.json DESTINATION ./)
file(COPY maat_json.json DESTINATION ../tools/)
file(COPY ntcrule DESTINATION ./)
file(COPY tsgrule DESTINATION ./)
file(COPY testdata DESTINATION ./)
file(COPY test_streamfiles DESTINATION ./)
file(COPY json_update DESTINATION ./)
file(COPY group_exclude DESTINATION ./)
file(COPY benchmark DESTINATION ./)
include(GoogleTest)
gtest_discover_tests(maat_framework_gtest)
gtest_discover_tests(maat_framework_gtest)

730
test/adapter_hs_gtest.cpp Normal file
View File

@@ -0,0 +1,730 @@
#include <gtest/gtest.h>
#include "log/log.h"
#include "adapter_hs.h"
#include "maat_utils.h"
#include "cJSON/cJSON.h"
struct log_handle *g_logger = NULL;
enum hs_match_mode match_method_to_match_mode(const char *method)
{
enum hs_match_mode mode = HS_MATCH_MODE_INVALID;
if (strcmp(method, "sub") == 0) {
mode = HS_MATCH_MODE_SUB;
} else if (strcmp(method, "exactly") == 0) {
mode = HS_MATCH_MODE_EXACTLY;
} else if (strcmp(method, "prefix") == 0) {
mode = HS_MATCH_MODE_PREFIX;
} else if (strcmp(method, "suffix") == 0) {
mode = HS_MATCH_MODE_SUFFIX;
} else {
assert(0);
}
return mode;
}
enum hs_case_sensitive case_sensitive_str_to_enum(const char *str)
{
enum hs_case_sensitive case_sensitive = HS_CASE_SENSITIVE;
if (strcmp(str, "yes") == 0) {
case_sensitive = HS_CASE_SENSITIVE;
} else if (strcmp(str, "no") == 0) {
case_sensitive = HS_CASE_INSENSITIVE;
} else {
assert(0);
}
return case_sensitive;
}
int is_hexbin_str_to_int(const char *str)
{
int ret = 0;
if (strcmp(str, "yes") == 0) {
ret = 1;
}
return ret;
}
static int convertHextoint(char srctmp)
{
if (isdigit(srctmp)) {
return srctmp - '0';
} else {
char temp = toupper(srctmp);
temp = temp - 'A' + 10;
return temp;
}
}
static size_t hex2bin(char *hex, int hex_len, char *binary, size_t size)
{
size_t resultlen = 0;
int high,low;
for (int i = 0; i < hex_len && size > resultlen; i += 2, resultlen++) {
high = convertHextoint(hex[i]);
low = convertHextoint(hex[i+1]);
binary[resultlen] = high * 16 + low;
}
size = resultlen;
binary[resultlen] = '\0';
return resultlen;
}
enum hs_pattern_type pattern_type_str_to_enum(const char *str)
{
enum hs_pattern_type pattern_type;
if (strcmp(str, "regex") == 0) {
pattern_type = HS_PATTERN_TYPE_REG;
} else if (strcmp(str, "literal") == 0) {
pattern_type = HS_PATTERN_TYPE_STR;
} else {
assert(0);
}
return pattern_type;
}
int parse_config_file(const char *filename, struct expr_rule exprs[], size_t *n_expr)
{
unsigned char *json_buff = NULL;
size_t json_buff_size = 0;
int ret = load_file_to_memory(filename, &json_buff, &json_buff_size);
if (ret < 0) {
printf("load file:%s to memory failed.\n", filename);
return -1;
}
size_t rule_cnt = 0;
cJSON *rules_obj = NULL;
cJSON *root = cJSON_Parse((const char *)json_buff);
if (NULL == root) {
printf("Error before: %-200.200s\n", cJSON_GetErrorPtr());
ret = -1;
goto next;
}
rules_obj = cJSON_GetObjectItem(root, "expr_rules");
if (NULL == rules_obj) {
printf("Error before: %-200.200s\n", cJSON_GetErrorPtr());
ret = -1;
goto next;
}
rule_cnt = cJSON_GetArraySize(rules_obj);
for (size_t i = 0; i < rule_cnt; i++) {
cJSON *expr_obj = cJSON_GetArrayItem(rules_obj, i);
cJSON *tmp_item = cJSON_GetObjectItem(expr_obj, "expr_id");
if (tmp_item != NULL && tmp_item->type == cJSON_Number) {
exprs[i].expr_id = tmp_item->valueint;
}
tmp_item = cJSON_GetObjectItem(expr_obj, "pattern_num");
if (tmp_item != NULL && tmp_item->type == cJSON_Number) {
exprs[i].n_patterns = tmp_item->valueint;
}
tmp_item = cJSON_GetObjectItem(expr_obj, "patterns");
if (NULL == tmp_item || tmp_item->type != cJSON_Array) {
printf("json has no patterns array.\n");
ret = -1;
goto next;
}
size_t pattern_cnt = cJSON_GetArraySize(tmp_item);
for (size_t j = 0; j < pattern_cnt; j++) {
cJSON *pat_item = cJSON_GetArrayItem(tmp_item, j);
cJSON *item = cJSON_GetObjectItem(pat_item, "pattern_type");
if (item != NULL && item->type == cJSON_String) {
exprs[i].patterns[j].pattern_type = pattern_type_str_to_enum(item->valuestring);
}
item = cJSON_GetObjectItem(pat_item, "match_method");
if (item != NULL && item->type == cJSON_String) {
exprs[i].patterns[j].match_mode = match_method_to_match_mode(item->valuestring);
}
item = cJSON_GetObjectItem(pat_item, "case_sensitive");
if (item != NULL && item->type == cJSON_String) {
exprs[i].patterns[j].case_sensitive = case_sensitive_str_to_enum(item->valuestring);
}
item = cJSON_GetObjectItem(pat_item, "is_hexbin");
if (item != NULL && item->type == cJSON_String) {
exprs[i].patterns[j].is_hexbin = is_hexbin_str_to_int(item->valuestring);
}
item = cJSON_GetObjectItem(pat_item, "pattern");
if (item != NULL && item->type == cJSON_String) {
exprs[i].patterns[j].pat = ALLOC(char, strlen(item->valuestring) + 1);
if (exprs[i].patterns[j].is_hexbin == 1) {
size_t pat_str_len = strlen(item->valuestring) + 1;
char *pat_str = ALLOC(char, pat_str_len);
pat_str_len = hex2bin(item->valuestring, strlen(item->valuestring),
pat_str, pat_str_len);
memcpy(exprs[i].patterns[j].pat, pat_str, pat_str_len);
free(pat_str);
exprs[i].patterns[j].pat_len = pat_str_len;
} else {
memcpy(exprs[i].patterns[j].pat, item->valuestring,
strlen(item->valuestring));
exprs[i].patterns[j].pat_len = strlen(item->valuestring);
}
}
if (exprs[i].patterns->match_mode == HS_MATCH_MODE_SUB) {
item = cJSON_GetObjectItem(pat_item, "offset");
if (item != NULL && item->type == cJSON_String) {
int key_left_offset = -1;
int key_right_offset = -1;
sscanf(item->valuestring, "%d~%d", &key_left_offset, &key_right_offset);
if (key_left_offset < -1 || key_right_offset < -1) {
printf("Error: offset should not less than -1, left_offset:%d, right_offset:%d\n",
key_left_offset, key_right_offset);
}
exprs[i].patterns[j].start_offset = key_left_offset;
exprs[i].patterns[j].end_offset = key_right_offset;
} else {
exprs[i].patterns[j].start_offset = -1;
exprs[i].patterns[j].end_offset = -1;
}
}
if (exprs[i].patterns->match_mode == HS_MATCH_MODE_EXACTLY) {
exprs[i].patterns[j].start_offset = 0;
exprs[i].patterns[j].end_offset = exprs[i].patterns[j].pat_len - 1;
}
}
exprs[i].n_patterns = pattern_cnt;
}
*n_expr = rule_cnt;
next:
cJSON_Delete(root);
FREE(json_buff);
return ret;
}
void expr_array_free(struct expr_rule rules[], size_t n_rule)
{
for (size_t i = 0; i < n_rule; i++) {
for (size_t j = 0; j < rules[i].n_patterns; j++) {
if (rules[i].patterns[j].pat != NULL) {
free(rules[i].patterns[j].pat);
rules[i].patterns[j].pat = NULL;
}
}
}
}
TEST(adapter_hs_init, invalid_input_parameter)
{
struct expr_rule rules[64];
size_t n_rule = 0;
struct adapter_hs *hs_instance = adapter_hs_new(NULL, 0, 1, g_logger);
EXPECT_TRUE(hs_instance == NULL);
hs_instance = adapter_hs_new(rules, n_rule, 1, g_logger);
EXPECT_TRUE(hs_instance == NULL);
n_rule = 1;
rules[0].expr_id = 101;
rules[0].n_patterns = 10;
hs_instance = adapter_hs_new(rules, n_rule, 1, g_logger);
EXPECT_TRUE(hs_instance == NULL);
memset(rules, 0, sizeof(rules));
n_rule = 1;
rules[0].expr_id = 101;
rules[0].n_patterns = 1;
hs_instance = adapter_hs_new(rules, n_rule, 1, g_logger);
EXPECT_TRUE(hs_instance == NULL);
}
TEST(adapter_hs_scan, literal_sub_has_normal_offset)
{
struct expr_rule rules[64] = {0};
size_t n_rule = 0;
int ret = parse_config_file("./literal_expr.conf", rules, &n_rule);
EXPECT_EQ(ret, 0);
struct adapter_hs *hs_instance = adapter_hs_new(rules, n_rule, 1, g_logger);
EXPECT_TRUE(hs_instance != NULL);
expr_array_free(rules, n_rule);
char scan_data1[64] = "hello aaa";
struct hs_scan_result result[64] = {0};
size_t n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data1, strlen(scan_data1), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 0);
char scan_data2[64] = "Ahello aaa";
memset(result, 0, sizeof(result));
n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data2, strlen(scan_data2), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 1);
EXPECT_EQ(result[0].rule_id, 101);
char scan_data3[64] = "Aahello aaa";
memset(result, 0, sizeof(result));
n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data3, strlen(scan_data3), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 1);
EXPECT_EQ(result[0].rule_id, 101);
char scan_data4[64] = "Aaahello aaa";
memset(result, 0, sizeof(result));
n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data4, strlen(scan_data4), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 0);
adapter_hs_free(hs_instance);
hs_instance = NULL;
}
TEST(adapter_hs_scan, literal_sub_has_left_unlimit_offset)
{
struct expr_rule rules[64] = {0};
size_t n_rule = 0;
int ret = parse_config_file("./literal_expr.conf", rules, &n_rule);
EXPECT_EQ(ret, 0);
struct adapter_hs *hs_instance = adapter_hs_new(rules, n_rule, 1, g_logger);
EXPECT_TRUE(hs_instance != NULL);
expr_array_free(rules, n_rule);
char scan_data1[64] = "hello bbb";
struct hs_scan_result result[64] = {0};
size_t n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data1, strlen(scan_data1), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 1);
EXPECT_EQ(result[0].rule_id, 102);
char scan_data2[64] = "Ahello bbb";
memset(result, 0, sizeof(result));
n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data2, strlen(scan_data2), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 1);
EXPECT_EQ(result[0].rule_id, 102);
char scan_data3[64] = "Aahello bbb";
memset(result, 0, sizeof(result));
n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data3, strlen(scan_data3), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 1);
EXPECT_EQ(result[0].rule_id, 102);
char scan_data4[64] = "Aaahello bbb";
memset(result, 0, sizeof(result));
n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data4, strlen(scan_data4), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 0);
adapter_hs_free(hs_instance);
hs_instance = NULL;
}
TEST(adapter_hs_scan, literal_sub_has_right_unlimit_offset)
{
struct expr_rule rules[64] = {0};
size_t n_rule = 0;
int ret = parse_config_file("./literal_expr.conf", rules, &n_rule);
EXPECT_EQ(ret, 0);
struct adapter_hs *hs_instance = adapter_hs_new(rules, n_rule, 1, g_logger);
EXPECT_TRUE(hs_instance != NULL);
expr_array_free(rules, n_rule);
char scan_data1[64] = "hello ccc";
struct hs_scan_result result[64] = {0};
size_t n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data1, strlen(scan_data1), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 0);
char scan_data2[64] = "1234hello ccc";
memset(result, 0, sizeof(result));
n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data2, strlen(scan_data2), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 0);
char scan_data3[64] = "12345hello ccc";
memset(result, 0, sizeof(result));
n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data3, strlen(scan_data3), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 1);
EXPECT_EQ(result[0].rule_id, 103);
char scan_data4[64] = "12345hello cccAaBb";
memset(result, 0, sizeof(result));
n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data4, strlen(scan_data4), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 1);
EXPECT_EQ(result[0].rule_id, 103);
char scan_data5[64] = "123456hello cccAaBb";
memset(result, 0, sizeof(result));
n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data5, strlen(scan_data5), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 1);
EXPECT_EQ(result[0].rule_id, 103);
adapter_hs_free(hs_instance);
hs_instance = NULL;
}
TEST(adapter_hs_scan, literal_sub_with_no_offset)
{
struct expr_rule rules[64] = {0};
size_t n_rule = 0;
int ret = parse_config_file("./literal_expr.conf", rules, &n_rule);
EXPECT_EQ(ret, 0);
struct adapter_hs *hs_instance = adapter_hs_new(rules, n_rule, 1, g_logger);
EXPECT_TRUE(hs_instance != NULL);
expr_array_free(rules, n_rule);
char scan_data1[64] = "hello ddd";
struct hs_scan_result result[64] = {0};
size_t n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data1, strlen(scan_data1), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 1);
EXPECT_EQ(result[0].rule_id, 104);
char scan_data2[64] = "123hello ddd";
memset(result, 0, sizeof(result));
n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data2, strlen(scan_data2), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 1);
EXPECT_EQ(result[0].rule_id, 104);
char scan_data3[64] = "123hello ddd456";
memset(result, 0, sizeof(result));
n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data3, strlen(scan_data3), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 1);
EXPECT_EQ(result[0].rule_id, 104);
char scan_data4[64] = "helloddd";
memset(result, 0, sizeof(result));
n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data4, strlen(scan_data4), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 0);
adapter_hs_free(hs_instance);
hs_instance = NULL;
}
TEST(adapter_hs_scan, literal_exactly)
{
struct expr_rule rules[64] = {0};
size_t n_rule = 0;
int ret = parse_config_file("./literal_expr.conf", rules, &n_rule);
EXPECT_EQ(ret, 0);
struct adapter_hs *hs_instance = adapter_hs_new(rules, n_rule, 1, g_logger);
EXPECT_TRUE(hs_instance != NULL);
expr_array_free(rules, n_rule);
char scan_data1[64] = "hello eee";
struct hs_scan_result result[64] = {0};
size_t n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data1, strlen(scan_data1), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 1);
EXPECT_EQ(result[0].rule_id, 105);
char scan_data2[64] = "Ahello eee";
memset(result, 0, sizeof(result));
n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data2, strlen(scan_data2), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 0);
char scan_data3[64] = "hello eeeB";
memset(result, 0, sizeof(result));
n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data3, strlen(scan_data3), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 0);
adapter_hs_free(hs_instance);
hs_instance = NULL;
}
TEST(adapter_hs_scan, literal_prefix)
{
struct expr_rule rules[64] = {0};
size_t n_rule = 0;
int ret = parse_config_file("./literal_expr.conf", rules, &n_rule);
EXPECT_EQ(ret, 0);
struct adapter_hs *hs_instance = adapter_hs_new(rules, n_rule, 1, g_logger);
EXPECT_TRUE(hs_instance != NULL);
expr_array_free(rules, n_rule);
char scan_data1[64] = "hello fff";
struct hs_scan_result result[64] = {0};
size_t n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data1, strlen(scan_data1), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 1);
EXPECT_EQ(result[0].rule_id, 106);
char scan_data2[64] = "Ahello fff";
memset(result, 0, sizeof(result));
n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data2, strlen(scan_data2), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 0);
char scan_data3[64] = "Ahello fffBCD";
memset(result, 0, sizeof(result));
n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data3, strlen(scan_data3), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 0);
char scan_data4[64] = "hello fffBCD";
memset(result, 0, sizeof(result));
n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data4, strlen(scan_data4), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 1);
EXPECT_EQ(result[0].rule_id, 106);
adapter_hs_free(hs_instance);
hs_instance = NULL;
}
TEST(adapter_hs_scan, literal_suffix)
{
struct expr_rule rules[64] = {0};
size_t n_rule = 0;
int ret = parse_config_file("./literal_expr.conf", rules, &n_rule);
EXPECT_EQ(ret, 0);
struct adapter_hs *hs_instance = adapter_hs_new(rules, n_rule, 1, g_logger);
EXPECT_TRUE(hs_instance != NULL);
expr_array_free(rules, n_rule);
char scan_data1[64] = "hello ggg";
struct hs_scan_result result[64] = {0};
size_t n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data1, strlen(scan_data1), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 1);
EXPECT_EQ(result[0].rule_id, 107);
char scan_data2[64] = "ABChello ggg";
memset(result, 0, sizeof(result));
n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data2, strlen(scan_data2), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 1);
EXPECT_EQ(result[0].rule_id, 107);
char scan_data3[64] = "ABChello gggDEF";
memset(result, 0, sizeof(result));
n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data3, strlen(scan_data3), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 0);
char scan_data4[64] = "hello gggDEF";
memset(result, 0, sizeof(result));
n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data4, strlen(scan_data4), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 0);
adapter_hs_free(hs_instance);
hs_instance = NULL;
}
TEST(adapter_hs_scan, literal_sub_with_hexbin)
{
struct expr_rule rules[64] = {0};
size_t n_rule = 0;
int ret = parse_config_file("./literal_expr.conf", rules, &n_rule);
EXPECT_EQ(ret, 0);
struct adapter_hs *hs_instance = adapter_hs_new(rules, n_rule, 1, g_logger);
EXPECT_TRUE(hs_instance != NULL);
expr_array_free(rules, n_rule);
char scan_data1[64] = "Content-Type: /html";
struct hs_scan_result result[64] = {0};
size_t n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data1, strlen(scan_data1), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 1);
EXPECT_EQ(result[0].rule_id, 108);
char scan_data2[64] = " html";
memset(result, 0, sizeof(result));
n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data2, strlen(scan_data2), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 0);
adapter_hs_free(hs_instance);
hs_instance = NULL;
}
TEST(adapter_hs_scan, literal_with_chinese)
{
struct expr_rule rules[64] = {0};
size_t n_rule = 0;
int ret = parse_config_file("./literal_expr.conf", rules, &n_rule);
EXPECT_EQ(ret, 0);
struct adapter_hs *hs_instance = adapter_hs_new(rules, n_rule, 1, g_logger);
EXPECT_TRUE(hs_instance != NULL);
expr_array_free(rules, n_rule);
char data0[64] = "#中国 你好";
struct hs_scan_result result0[64] = {0};
size_t n_result0 = 0;
ret = adapter_hs_scan(hs_instance, 0, data0, strlen(data0), result0, 64, &n_result0);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result0, 1);
EXPECT_EQ(result0[0].rule_id, 110);
adapter_hs_free(hs_instance);
hs_instance = NULL;
}
TEST(adapter_hs_scan, same_pattern_different_offset)
{
struct expr_rule rules[64] = {0};
size_t n_rule = 0;
int ret = parse_config_file("./literal_expr.conf", rules, &n_rule);
EXPECT_EQ(ret, 0);
struct adapter_hs *hs_instance = adapter_hs_new(rules, n_rule, 1, g_logger);
EXPECT_TRUE(hs_instance != NULL);
expr_array_free(rules, n_rule);
char data[64] = "onetoday,anothertoday";
struct hs_scan_result result[64] = {0};
size_t n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, data, strlen(data), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 1);
EXPECT_EQ(result[0].rule_id, 112);
adapter_hs_free(hs_instance);
hs_instance = NULL;
}
TEST(adapter_hs_scan, long_scan_data)
{
struct expr_rule rules[64] = {0};
size_t n_rule = 0;
int ret = parse_config_file("./literal_expr.conf", rules, &n_rule);
EXPECT_EQ(ret, 0);
struct adapter_hs *hs_instance = adapter_hs_new(rules, n_rule, 1, g_logger);
EXPECT_TRUE(hs_instance != NULL);
expr_array_free(rules, n_rule);
const char* scan_data = "A directed path in a directed graph is a finite or infinite\
sequence of edges which joins a sequence of distinct vertices, but with the added restriction\
that the edges be all directed in the same direction.";
struct hs_scan_result result[64] = {0};
size_t n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data, strlen(scan_data), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 1);
EXPECT_EQ(result[0].rule_id, 113);
adapter_hs_free(hs_instance);
hs_instance = NULL;
}
TEST(adapter_hs_scan, regex_expression_check)
{
struct expr_rule rules[64] = {0};
size_t n_rule = 0;
int ret = parse_config_file("./regex_expr.conf", rules, &n_rule);
EXPECT_EQ(ret, 0);
for (size_t i = 0; i < n_rule; i++) {
for (size_t j = 0; j < rules[i].n_patterns; j++) {
adapter_hs_verify_regex_expression(rules[i].patterns[j].pat, g_logger);
}
}
expr_array_free(rules, n_rule);
}
int main(int argc, char **argv)
{
int ret = 0;
::testing::InitGoogleTest(&argc, argv);
g_logger = log_handle_create("./adapter_hs_gtest.log", 0);
ret = RUN_ALL_TESTS();
log_handle_destroy(g_logger);
return ret;
}

1330
test/expr_matcher_gtest.cpp
View File

File diff suppressed because it is too large Load Diff

2
test/json_update/corrupted.json
View File

@@ -1,5 +1,5 @@
{
"compile_table": "COMPILE_DEFAULT",
"compile_table": "COMPILE",
"group_table": "GROUP",
"rules": [
{

4
test/json_update/new.json
View File

@@ -1,6 +1,6 @@
{
"compile_table": "COMPILE_DEFAULT",
"group2compile_table": "GROUP2COMPILE_DEFAULT",
"compile_table": "COMPILE",
"group2compile_table": "GROUP2COMPILE",
"group2group_table": "GROUP2GROUP",
"rules": [
{

4
test/json_update/old.json
View File

@@ -1,6 +1,6 @@
{
"compile_table": "COMPILE_DEFAULT",
"group2compile_table": "GROUP2COMPILE_DEFAULT",
"compile_table": "COMPILE",
"group2compile_table": "GROUP2COMPILE",
"group2group_table": "GROUP2GROUP",
"rules": [
{

30
test/literal_expr.conf
View File

@@ -5,7 +5,6 @@
"pattern_num": 1,
"patterns": [
{
"pattern_type": "literal",
"match_method": "sub",
"case_sensitive": "yes",
"is_hexbin": "no",
@@ -19,7 +18,6 @@
"pattern_num": 1,
"patterns": [
{
"pattern_type": "literal",
"match_method": "sub",
"case_sensitive": "yes",
"is_hexbin": "no",
@@ -33,7 +31,6 @@
"pattern_num": 1,
"patterns": [
{
"pattern_type": "literal",
"match_method": "sub",
"case_sensitive": "yes",
"is_hexbin": "no",
@@ -47,7 +44,6 @@
"pattern_num": 1,
"patterns": [
{
"pattern_type": "literal",
"match_method": "sub",
"case_sensitive": "yes",
"is_hexbin": "no",
@@ -60,7 +56,6 @@
"pattern_num": 1,
"patterns": [
{
"pattern_type": "literal",
"match_method": "exactly",
"case_sensitive": "yes",
"is_hexbin": "no",
@@ -73,7 +68,6 @@
"pattern_num": 1,
"patterns": [
{
"pattern_type": "literal",
"match_method": "prefix",
"case_sensitive": "yes",
"is_hexbin": "no",
@@ -86,7 +80,6 @@
"pattern_num": 1,
"patterns": [
{
"pattern_type": "literal",
"match_method": "suffix",
"case_sensitive": "yes",
"is_hexbin": "no",
@@ -99,7 +92,6 @@
"pattern_num": 1,
"patterns": [
{
"pattern_type": "literal",
"match_method": "sub",
"case_sensitive": "yes",
"is_hexbin": "yes",
@@ -113,14 +105,12 @@
"pattern_num": 2,
"patterns": [
{
"pattern_type": "literal",
"match_method": "sub",
"case_sensitive": "yes",
"is_hexbin": "no",
"pattern": "multi"
},
{
"pattern_type": "literal",
"match_method": "sub",
"case_sensitive": "yes",
"is_hexbin": "no",
@@ -133,7 +123,6 @@
"pattern_num": 1,
"patterns": [
{
"pattern_type": "literal",
"match_method": "sub",
"case_sensitive": "yes",
"is_hexbin": "no",
@@ -146,7 +135,6 @@
"pattern_num": 1,
"patterns": [
{
"pattern_type": "literal",
"match_method": "sub",
"case_sensitive": "yes",
"is_hexbin": "no",
@@ -159,7 +147,6 @@
"pattern_num": 2,
"patterns": [
{
"pattern_type": "literal",
"match_method": "sub",
"case_sensitive": "yes",
"is_hexbin": "no",
@@ -167,7 +154,6 @@
"offset": "3~7"
},
{
"pattern_type": "literal",
"match_method": "sub",
"case_sensitive": "yes",
"is_hexbin": "no",
@@ -181,26 +167,12 @@
"pattern_num": 1,
"patterns": [
{
"pattern_type": "literal",
"match_method": "sub",
"case_sensitive": "yes",
"is_hexbin": "no",
"pattern": "a finite or infinite"
}
]
},
{
"expr_id": 114,
"pattern_num": 1,
"patterns": [
{
"pattern_type": "regex",
"match_method": "sub",
"case_sensitive": "yes",
"is_hexbin": "no",
"pattern": "query=(.*)"
}
]
}
]
}
}

2
test/maat_ex_data_gtest.cpp
View File

@@ -163,4 +163,4 @@ int main(int argc, char ** argv)
maat_free(g_maat_inst);
g_maat_inst = NULL;
return ret;
}
}

1450
test/maat_framework_gtest.cpp
View File

File diff suppressed because it is too large Load Diff

575
test/maat_framework_perf_gtest.cpp
View File

@@ -55,6 +55,7 @@ int make_serial_rule(const char *table_name, const char *line, void *u_para)
char *buff = ALLOC(char, strlen(line) + 1);
memcpy(buff, line, strlen(line) + 1);
while (buff[strlen(buff) - 1] == '\n' || buff[strlen(buff) - 1] == '\t') {
buff[strlen(buff) - 1] = '\0';
}
@@ -256,79 +257,33 @@ static int ip_table_set_line(struct maat *maat_inst, const char *table_name, enu
return maat_cmd_set_line(maat_inst, &line_rule);
}
static int integer_table_set_line(struct maat *maat_inst, const char *table_name,
enum maat_operation op, long long item_id,
long long group_id, int low_bound, int up_bound,
int expire_after)
{
char table_line[1024] = {0};
int table_id = maat_get_table_id(maat_inst, table_name);
if (table_id < 0) {
return 0;
}
sprintf(table_line, "%lld\t%lld\t%d\t%d\t%d",
item_id, group_id, low_bound, up_bound, op);
struct maat_cmd_line line_rule;
line_rule.rule_id = item_id;
line_rule.table_line = table_line;
line_rule.table_name = table_name;
line_rule.expire_after = expire_after;
return maat_cmd_set_line(maat_inst, &line_rule);
}
static int flag_table_set_line(struct maat *maat_inst, const char *table_name,
enum maat_operation op, long long item_id,
long long group_id, long long flag,
long long flag_mask, int expire_after)
{
char table_line[1024] = {0};
int table_id = maat_get_table_id(maat_inst, table_name);
if (table_id < 0) {
return 0;
}
sprintf(table_line, "%lld\t%lld\t%lld\t%lld\t%d",
item_id, group_id, flag, flag_mask, op);
struct maat_cmd_line line_rule;
line_rule.rule_id = item_id;
line_rule.table_line = table_line;
line_rule.table_name = table_name;
line_rule.expire_after = expire_after;
return maat_cmd_set_line(maat_inst, &line_rule);
}
static void test_add_expr_command(struct maat *maat_inst, const char *table_name,
const char *keywords)
void test_add_expr_command(struct maat *maat_inst, const char *table_name,
const char *keywords)
{
long long compile_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1);
int ret = compile_table_set_line(maat_inst, "COMPILE_DEFAULT", MAAT_OP_ADD, compile_id, "null", 1, 0);
int ret = compile_table_set_line(maat_inst, "COMPILE", MAAT_OP_ADD, compile_id, "null", 1, 0);
EXPECT_EQ(ret, 1);
long long group_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1);
ret = group2compile_table_set_line(maat_inst, "GROUP2COMPILE_DEFAULT", MAAT_OP_ADD, group_id,
ret = group2compile_table_set_line(maat_inst, "GROUP2COMPILE", MAAT_OP_ADD, group_id,
compile_id, 0, "null", 1, 0);
EXPECT_EQ(ret, 1);
long long item_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1);
ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item_id, group_id,
keywords, "null", 1, 0, 0, 0);
keywords, NULL, 1, 0, 0, 0);
EXPECT_EQ(ret, 1);
}
static void test_add_ip_command(struct maat *maat_inst, const char *table_name,
const char *ip, uint16_t port)
void test_add_ip_command(struct maat *maat_inst, const char *table_name,
const char *ip, uint16_t port)
{
long long compile_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1);
int ret = compile_table_set_line(maat_inst, "COMPILE_DEFAULT", MAAT_OP_ADD, compile_id, "null", 1, 0);
int ret = compile_table_set_line(maat_inst, "COMPILE", MAAT_OP_ADD, compile_id, "null", 1, 0);
EXPECT_EQ(ret, 1);
long long group_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1);
ret = group2compile_table_set_line(maat_inst, "GROUP2COMPILE_DEFAULT", MAAT_OP_ADD, group_id,
ret = group2compile_table_set_line(maat_inst, "GROUP2COMPILE", MAAT_OP_ADD, group_id,
compile_id, 0, "null", 1, 0);
EXPECT_EQ(ret, 1);
@@ -338,42 +293,6 @@ static void test_add_ip_command(struct maat *maat_inst, const char *table_name,
EXPECT_EQ(ret, 1);
}
static void test_add_integer_command(struct maat *maat_inst, const char *table_name,
int low_bound, int up_bound)
{
long long compile_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1);
int ret = compile_table_set_line(maat_inst, "COMPILE_DEFAULT", MAAT_OP_ADD, compile_id, "null", 1, 0);
EXPECT_EQ(ret, 1);
long long group_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1);
ret = group2compile_table_set_line(maat_inst, "GROUP2COMPILE_DEFAULT", MAAT_OP_ADD, group_id,
compile_id, 0, "null", 1, 0);
EXPECT_EQ(ret, 1);
long long item_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1);
ret = integer_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item_id, group_id,
low_bound, up_bound, 0);
EXPECT_EQ(ret, 1);
}
static void test_add_flag_command(struct maat *maat_inst, const char *table_name,
long long flag, long long flag_mask)
{
long long compile_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1);
int ret = compile_table_set_line(maat_inst, "COMPILE_DEFAULT", MAAT_OP_ADD, compile_id, "null", 1, 0);
EXPECT_EQ(ret, 1);
long long group_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1);
ret = group2compile_table_set_line(maat_inst, "GROUP2COMPILE_DEFAULT", MAAT_OP_ADD, group_id,
compile_id, 0, "null", 1, 0);
EXPECT_EQ(ret, 1);
long long item_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1);
ret = flag_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item_id, group_id,
flag, flag_mask, 0);
EXPECT_EQ(ret, 1);
}
class MaatPerfStringScan : public testing::Test
{
protected:
@@ -426,7 +345,7 @@ void *perf_string_scan_thread(void *arg)
struct maat *maat_inst = param->maat_inst;
const char *table_name = param->table_name;
struct timespec start, end;
const char *scan_data = "today and yesterday should hit";
const char *scan_data = "String TEST should hit";
long long results[ARRAY_SIZE] = {0};
int hit_times = 0;
size_t n_hit_result = 0;
@@ -474,67 +393,13 @@ void *perf_string_update_thread(void *arg)
return is_all_hit;
}
void *perf_regex_scan_thread(void *arg)
{
struct thread_param *param = (struct thread_param *)arg;
struct maat *maat_inst = param->maat_inst;
const char *table_name = param->table_name;
struct timespec start, end;
const char *scan_data = "http://www.cyberessays.com/search_results.php?action=search&query=username,abckkk,1234567";
long long results[ARRAY_SIZE] = {0};
int hit_times = 0;
size_t n_hit_result = 0;
struct maat_state *state = maat_state_new(maat_inst, param->thread_id);
int table_id = maat_get_table_id(maat_inst, table_name);
clock_gettime(CLOCK_MONOTONIC, &start);
for (int i = 0; i < param->test_count; i++) {
int ret = maat_scan_string(maat_inst, table_id, scan_data, strlen(scan_data),
results, ARRAY_SIZE, &n_hit_result, state);
if (ret == MAAT_SCAN_HIT) {
hit_times++;
}
maat_state_reset(state);
}
clock_gettime(CLOCK_MONOTONIC, &end);
param->time_elapse_ms = (end.tv_sec - start.tv_sec) * 1000 + (end.tv_nsec - start.tv_nsec) / 1000000;
int *is_all_hit = ALLOC(int, 1);
*is_all_hit = (hit_times == param->test_count ? 1 : 0);
log_info(param->logger, MODULE_FRAMEWORK_PERF_GTEST,
"thread_id:%d regex_scan time_elapse:%lldms hit_times:%d",
param->thread_id, param->time_elapse_ms, hit_times);
return is_all_hit;
}
void *perf_regex_update_thread(void *arg)
{
struct thread_param *param = (struct thread_param *)arg;
struct maat *maat_inst = param->maat_inst;
const char *table_name = param->table_name;
const int CMD_EXPR_NUM = 10;
char keyword_buf[128];
for (int i = 0; i < CMD_EXPR_NUM; i++) {
random_keyword_generate(keyword_buf, sizeof(keyword_buf));
test_add_expr_command(maat_inst, table_name, keyword_buf);
sleep(1);
}
int *is_all_hit = ALLOC(int, 1);
*is_all_hit = 1;
return is_all_hit;
}
void *perf_ip_scan_thread(void *arg)
{
struct thread_param *param = (struct thread_param *)arg;
struct maat *maat_inst = param->maat_inst;
const char *table_name = param->table_name;
struct timespec start, end;
char ip_str[32] = "10.0.0.1";
char ip_str[32] = "10.0.7.100";
uint32_t ip_addr;
uint16_t port = htons(65530);
@@ -597,113 +462,8 @@ void *perf_ip_update_thread(void *arg)
return is_all_hit;
}
void *perf_integer_scan_thread(void *arg)
{
struct thread_param *param = (struct thread_param *)arg;
struct maat *maat_inst = param->maat_inst;
const char *table_name = param->table_name;
struct timespec start, end;
int hit_times = 0;
long long results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0;
struct maat_state *state = maat_state_new(maat_inst, param->thread_id);
int table_id = maat_get_table_id(maat_inst, table_name);
clock_gettime(CLOCK_MONOTONIC, &start);
for (int i = 0; i < param->test_count; i++) {
int ret = maat_scan_integer(maat_inst, table_id, 3000, results,
ARRAY_SIZE, &n_hit_result, state);
if (ret == MAAT_SCAN_HIT) {
hit_times++;
}
maat_state_reset(state);
}
clock_gettime(CLOCK_MONOTONIC, &end);
param->time_elapse_ms = (end.tv_sec - start.tv_sec) * 1000 +
(end.tv_nsec - start.tv_nsec) / 1000000;
int *is_all_hit = ALLOC(int, 1);
*is_all_hit = (hit_times == param->test_count ? 1 : 0);
log_info(param->logger, MODULE_FRAMEWORK_PERF_GTEST,
"thread_id:%d integer_scan time_elapse:%lldms hit_times:%d",
param->thread_id, param->time_elapse_ms, hit_times);
return is_all_hit;
}
void *perf_integer_update_thread(void *arg)
{
struct thread_param *param = (struct thread_param *)arg;
struct maat *maat_inst = param->maat_inst;
const char *table_name = param->table_name;
const int CMD_EXPR_NUM = 10;
for (int i = 0; i < CMD_EXPR_NUM; i++) {
test_add_integer_command(maat_inst, table_name, 3001+i, 3001+i);
sleep(1);
}
int *is_all_hit = ALLOC(int, 1);
*is_all_hit = 1;
return is_all_hit;
}
void *perf_flag_scan_thread(void *arg)
{
struct thread_param *param = (struct thread_param *)arg;
struct maat *maat_inst = param->maat_inst;
const char *table_name = param->table_name;
struct timespec start, end;
int hit_times = 0;
long long results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0;
long long scan_data = 15;
struct maat_state *state = maat_state_new(maat_inst, param->thread_id);
int table_id = maat_get_table_id(maat_inst, table_name);
clock_gettime(CLOCK_MONOTONIC, &start);
for (int i = 0; i < param->test_count; i++) {
int ret = maat_scan_flag(maat_inst, table_id, scan_data, results,
ARRAY_SIZE, &n_hit_result, state);
if (ret == MAAT_SCAN_HIT) {
hit_times++;
}
maat_state_reset(state);
}
clock_gettime(CLOCK_MONOTONIC, &end);
param->time_elapse_ms = (end.tv_sec - start.tv_sec) * 1000 +
(end.tv_nsec - start.tv_nsec) / 1000000;
int *is_all_hit = ALLOC(int, 1);
*is_all_hit = (hit_times == param->test_count ? 1 : 0);
log_info(param->logger, MODULE_FRAMEWORK_PERF_GTEST,
"thread_id:%d flag_scan time_elapse:%lldms hit_times:%d",
param->thread_id, param->time_elapse_ms, hit_times);
return is_all_hit;
}
void *perf_flag_update_thread(void *arg)
{
struct thread_param *param = (struct thread_param *)arg;
struct maat *maat_inst = param->maat_inst;
const char *table_name = param->table_name;
const int CMD_EXPR_NUM = 10;
for (int i = 0; i < CMD_EXPR_NUM; i++) {
test_add_flag_command(maat_inst, table_name, i, 15);
sleep(1);
}
int *is_all_hit = ALLOC(int, 1);
*is_all_hit = 1;
return is_all_hit;
}
TEST_F(MaatPerfStringScan, LiteralMultiThread) {
const char *table_name = "EXPR_LITERAL_PERF_CONFIG";
TEST_F(MaatPerfStringScan, MultiThread) {
const char *table_name = "KEYWORDS_TABLE";
struct maat *maat_inst = MaatPerfStringScan::_shared_maat_inst;
int table_id = maat_get_table_id(maat_inst, table_name);
@@ -743,58 +503,12 @@ TEST_F(MaatPerfStringScan, LiteralMultiThread) {
free(is_all_hit);
}
scan_per_second = scan_count * 1000 / time_elapse_ms;
//EXPECT_GT(scan_per_second, 800 * 1000);
log_info(maat_inst->logger, MODULE_FRAMEWORK_PERF_GTEST,
"StringScan match rate on %d-threads speed %lld lookups/s/thread",
PERF_THREAD_NUM, scan_per_second);
}
TEST_F(MaatPerfStringScan, RegexMultiThread) {
const char *table_name = "EXPR_REGEX_PERF_CONFIG";
struct maat *maat_inst = MaatPerfStringScan::_shared_maat_inst;
int table_id = maat_get_table_id(maat_inst, table_name);
ASSERT_GT(table_id, 0);
pthread_t threads[PERF_THREAD_NUM + 1];
struct thread_param thread_params[PERF_THREAD_NUM + 1];
int i = 0;
int *is_all_hit = NULL;
for (i = 0; i < PERF_THREAD_NUM + 1; i++) {
thread_params[i].maat_inst = maat_inst;
thread_params[i].thread_id = i;
thread_params[i].table_name = table_name;
thread_params[i].test_count = PERF_SCAN_COUNT;
thread_params[i].time_elapse_ms = 0;
thread_params[i].logger = logger;
if (i < PERF_THREAD_NUM) {
pthread_create(&threads[i], NULL, perf_regex_scan_thread, thread_params+i);
} else {
thread_params[i].test_count = 0;
pthread_create(&threads[i], NULL, perf_regex_update_thread, thread_params+i);
}
}
long long time_elapse_ms = 0;
long long scan_count = 0;
long long scan_per_second = 0;
for (i = 0; i < PERF_THREAD_NUM + 1; i++) {
pthread_join(threads[i], (void **)&is_all_hit);
time_elapse_ms += thread_params[i].time_elapse_ms;
scan_count += thread_params[i].test_count;
EXPECT_EQ(*is_all_hit, 1);
*is_all_hit = 0;
free(is_all_hit);
}
scan_per_second = scan_count * 1000 / time_elapse_ms;
log_info(maat_inst->logger, MODULE_FRAMEWORK_PERF_GTEST,
"RegexScan match rate on %d-threads speed %lld lookups/s/thread",
PERF_THREAD_NUM, scan_per_second);
}
class MaatPerfStreamScan : public testing::Test
{
protected:
@@ -847,31 +561,34 @@ void *perf_stream_scan_thread(void *arg)
struct maat *maat_inst = param->maat_inst;
const char *table_name = param->table_name;
struct timespec start, end;
const char *scan_data = "http://www.cyberessays.com/search_results.php?today and yesterday";
const char *scan_data = "http://www.cyberessays.com/search_results.php?action=search&query=yulingjing,abckkk,1234567";
long long results[ARRAY_SIZE] = {0};
int ret = 0, hit_times = 0;
size_t n_hit_result = 0;
struct maat_state *state_array[ARRAY_SIZE];
struct maat_stream *sp[ARRAY_SIZE];
int table_id = maat_get_table_id(maat_inst, table_name);
struct maat_state *state = maat_state_new(maat_inst, param->thread_id);
struct maat_stream *sp = maat_stream_new(maat_inst, table_id, state);
clock_gettime(CLOCK_MONOTONIC, &start);
for (int i = 0; i < param->test_count; i++) {
ret = maat_stream_scan(sp, scan_data, strlen(scan_data), results, ARRAY_SIZE,
&n_hit_result, state);
if (ret == MAAT_SCAN_HIT) {
hit_times++;
for (int j = 0; j < ARRAY_SIZE; j++) {
state_array[j] = maat_state_new(maat_inst, param->thread_id);
sp[j] = maat_stream_new(maat_inst, table_id, state_array[j]);
ret = maat_stream_scan(sp[j], scan_data, strlen(scan_data), results, ARRAY_SIZE,
&n_hit_result, state_array[j]);
if (ret == MAAT_SCAN_HIT) {
hit_times++;
}
maat_stream_free(sp[j]);
maat_state_free(state_array[j]);
}
maat_state_reset(state);
}
clock_gettime(CLOCK_MONOTONIC, &end);
maat_stream_free(sp);
maat_state_free(state);
param->time_elapse_ms = (end.tv_sec - start.tv_sec) * 1000 + (end.tv_nsec - start.tv_nsec) / 1000000;
int *is_all_hit = ALLOC(int, 1);
*is_all_hit = ((hit_times == param->test_count) ? 1 : 0);
*is_all_hit = ((hit_times == param->test_count*ARRAY_SIZE) ? 1 : 0);
log_info(param->logger, MODULE_FRAMEWORK_PERF_GTEST,
"thread_id:%d stream_scan time_elapse:%lldms hit_times:%d",
@@ -879,40 +596,64 @@ void *perf_stream_scan_thread(void *arg)
return is_all_hit;
}
void *perf_stream_update_thread(void *arg)
{
struct thread_param *param = (struct thread_param *)arg;
struct maat *maat_inst = param->maat_inst;
const char *table_name = param->table_name;
const int CMD_EXPR_NUM = 10;
char keyword_buf[128];
for (int i = 0; i < CMD_EXPR_NUM; i++) {
random_keyword_generate(keyword_buf, sizeof(keyword_buf));
test_add_expr_command(maat_inst, table_name, keyword_buf);
sleep(1);
}
int *is_all_hit = ALLOC(int, 1);
*is_all_hit = 1;
return is_all_hit;
}
TEST_F(MaatPerfStreamScan, MultiThread) {
const char *table_name = "EXPR_LITERAL_PERF_CONFIG";
const char *table_name = "HTTP_URL";
struct maat *maat_inst = MaatPerfStreamScan::_shared_maat_inst;
int table_id = maat_get_table_id(maat_inst, table_name);
ASSERT_GT(table_id, 0);
pthread_t threads[PERF_THREAD_NUM];
struct thread_param thread_params[PERF_THREAD_NUM];
pthread_t threads[PERF_THREAD_NUM + 1];
struct thread_param thread_params[PERF_THREAD_NUM + 1];
int i = 0;
int *is_all_hit = NULL;
for (i = 0; i < PERF_THREAD_NUM; i++) {
for (i = 0; i < PERF_THREAD_NUM + 1; i++) {
thread_params[i].maat_inst = maat_inst;
thread_params[i].thread_id = i;
thread_params[i].table_name = table_name;
thread_params[i].test_count = PERF_SCAN_COUNT;
thread_params[i].test_count = PERF_SCAN_COUNT / 10;
thread_params[i].time_elapse_ms = 0;
thread_params[i].logger = logger;
if (i < PERF_THREAD_NUM) {
pthread_create(&threads[i], NULL, perf_stream_scan_thread, thread_params+i);
}
} else {
thread_params[i].test_count = 0;
pthread_create(&threads[i], NULL, perf_stream_update_thread, thread_params+i);
}
}
long long time_elapse_ms = 0;
long long scan_count = 0;
long long scan_per_second = 0;
for (i = 0; i < PERF_THREAD_NUM; i++) {
for (i = 0; i < PERF_THREAD_NUM + 1; i++) {
pthread_join(threads[i], (void **)&is_all_hit);
time_elapse_ms += thread_params[i].time_elapse_ms;
scan_count += thread_params[i].test_count;
//maybe expr_runtime rebuild in stream_scan, so should not expect is_all_hit always 1
EXPECT_EQ(*is_all_hit, 1);
//EXPECT_EQ(*is_all_hit, 1);
*is_all_hit = 0;
free(is_all_hit);
}
scan_per_second = scan_count * 1000 / time_elapse_ms;
@@ -970,7 +711,7 @@ struct log_handle *MaatPerfIPScan::logger;
TEST_F(MaatPerfIPScan, MultiThread)
{
const char *table_name = "IP_PERF_CONFIG";
const char *table_name = "IP_PLUS_CONFIG";
struct maat *maat_inst = MaatPerfIPScan::_shared_maat_inst;
int table_id = maat_get_table_id(maat_inst, table_name);
@@ -1016,192 +757,6 @@ TEST_F(MaatPerfIPScan, MultiThread)
PERF_THREAD_NUM, scan_per_second);
}
class MaatPerfIntegerScan : public testing::Test
{
protected:
static void SetUpTestCase() {
const char *accept_tags = "{\"tags\":[{\"tag\":\"location\",\"value\":\"北京/朝阳/华严北里/甲22号\"},"
"{\"tag\":\"isp\",\"value\":\"移动\"},{\"tag\":\"location\",\"value\":\"Astana\"}]}";
char redis_ip[64] = "127.0.0.1";
int redis_port = 6379;
int redis_db = 0;
logger = log_handle_create("./maat_framework_perf_gtest.log", 0);
int ret = write_config_to_redis(redis_ip, redis_port, redis_db, logger);
if (ret < 0) {
log_error(logger, MODULE_FRAMEWORK_PERF_GTEST,
"[%s:%d] write config to redis failed.", __FUNCTION__, __LINE__);
}
struct maat_options *opts = maat_options_new();
maat_options_set_stat_file(opts, "./stat.log");
maat_options_set_perf_on(opts);
maat_options_set_redis(opts, redis_ip, redis_port, redis_db);
maat_options_set_logger(opts, "./maat_framework_perf_gtest.log", LOG_LEVEL_INFO);
maat_options_set_accept_tags(opts, accept_tags);
maat_options_set_caller_thread_number(opts, 5);
_shared_maat_inst = maat_new(opts, table_info_path);
maat_options_free(opts);
if (NULL == _shared_maat_inst) {
log_error(logger, MODULE_FRAMEWORK_PERF_GTEST,
"[%s:%d] create maat instance in MaatFlagScan failed.",
__FUNCTION__, __LINE__);
}
}
static void TearDownTestCase() {
maat_free(_shared_maat_inst);
log_handle_destroy(logger);
}
static struct log_handle *logger;
static struct maat *_shared_maat_inst;
};
struct maat *MaatPerfIntegerScan::_shared_maat_inst;
struct log_handle *MaatPerfIntegerScan::logger;
TEST_F(MaatPerfIntegerScan, MultiThread) {
const char *table_name = "INTEGER_PERF_CONFIG";
struct maat *maat_inst = MaatPerfIntegerScan::_shared_maat_inst;
int table_id = maat_get_table_id(maat_inst, table_name);
ASSERT_GT(table_id, 0);
pthread_t threads[PERF_THREAD_NUM + 1];
struct thread_param thread_params[PERF_THREAD_NUM + 1];
int i = 0;
int *is_all_hit = NULL;
for (i = 0; i < PERF_THREAD_NUM + 1; i++) {
thread_params[i].maat_inst = maat_inst;
thread_params[i].thread_id = i;
thread_params[i].table_name = table_name;
thread_params[i].test_count = PERF_SCAN_COUNT;
thread_params[i].time_elapse_ms = 0;
thread_params[i].logger = logger;
if (i < PERF_THREAD_NUM) {
pthread_create(&threads[i], NULL, perf_integer_scan_thread, thread_params+i);
} else {
thread_params[i].test_count = 0;
pthread_create(&threads[i], NULL, perf_integer_update_thread, thread_params+i);
}
}
long long time_elapse_ms = 0;
long long scan_count = 0;
long long scan_per_second = 0;
for (i = 0; i < PERF_THREAD_NUM + 1; i++) {
pthread_join(threads[i], (void **)&is_all_hit);
time_elapse_ms += thread_params[i].time_elapse_ms;
scan_count += thread_params[i].test_count;
EXPECT_EQ(*is_all_hit, 1);
*is_all_hit = 0;
free(is_all_hit);
}
scan_per_second = scan_count * 1000 / time_elapse_ms;
log_info(maat_inst->logger, MODULE_FRAMEWORK_PERF_GTEST,
"IntegerScan match rate on %d-threads speed %lld lookups/s/thread",
PERF_THREAD_NUM, scan_per_second);
}
class MaatPerfFlagScan : public testing::Test
{
protected:
static void SetUpTestCase() {
const char *accept_tags = "{\"tags\":[{\"tag\":\"location\",\"value\":\"北京/朝阳/华严北里/甲22号\"},"
"{\"tag\":\"isp\",\"value\":\"移动\"},{\"tag\":\"location\",\"value\":\"Astana\"}]}";
char redis_ip[64] = "127.0.0.1";
int redis_port = 6379;
int redis_db = 0;
logger = log_handle_create("./maat_framework_perf_gtest.log", 0);
int ret = write_config_to_redis(redis_ip, redis_port, redis_db, logger);
if (ret < 0) {
log_error(logger, MODULE_FRAMEWORK_PERF_GTEST,
"[%s:%d] write config to redis failed.", __FUNCTION__, __LINE__);
}
struct maat_options *opts = maat_options_new();
maat_options_set_stat_file(opts, "./stat.log");
maat_options_set_perf_on(opts);
maat_options_set_redis(opts, redis_ip, redis_port, redis_db);
maat_options_set_logger(opts, "./maat_framework_perf_gtest.log", LOG_LEVEL_INFO);
maat_options_set_accept_tags(opts, accept_tags);
maat_options_set_caller_thread_number(opts, 5);
_shared_maat_inst = maat_new(opts, table_info_path);
maat_options_free(opts);
if (NULL == _shared_maat_inst) {
log_error(logger, MODULE_FRAMEWORK_PERF_GTEST,
"[%s:%d] create maat instance in MaatFlagScan failed.",
__FUNCTION__, __LINE__);
}
}
static void TearDownTestCase() {
maat_free(_shared_maat_inst);
log_handle_destroy(logger);
}
static struct log_handle *logger;
static struct maat *_shared_maat_inst;
};
struct maat *MaatPerfFlagScan::_shared_maat_inst;
struct log_handle *MaatPerfFlagScan::logger;
TEST_F(MaatPerfFlagScan, MultiThread) {
const char *table_name = "FLAG_PERF_CONFIG";
struct maat *maat_inst = MaatPerfFlagScan::_shared_maat_inst;
int table_id = maat_get_table_id(maat_inst, table_name);
ASSERT_GT(table_id, 0);
pthread_t threads[PERF_THREAD_NUM + 1];
struct thread_param thread_params[PERF_THREAD_NUM + 1];
int i = 0;
int *is_all_hit = NULL;
for (i = 0; i < PERF_THREAD_NUM + 1; i++) {
thread_params[i].maat_inst = maat_inst;
thread_params[i].thread_id = i;
thread_params[i].table_name = table_name;
thread_params[i].test_count = PERF_SCAN_COUNT;
thread_params[i].time_elapse_ms = 0;
thread_params[i].logger = logger;
if (i < PERF_THREAD_NUM) {
pthread_create(&threads[i], NULL, perf_flag_scan_thread, thread_params+i);
} else {
thread_params[i].test_count = 0;
pthread_create(&threads[i], NULL, perf_flag_update_thread, thread_params+i);
}
}
long long time_elapse_ms = 0;
long long scan_count = 0;
long long scan_per_second = 0;
for (i = 0; i < PERF_THREAD_NUM + 1; i++) {
pthread_join(threads[i], (void **)&is_all_hit);
time_elapse_ms += thread_params[i].time_elapse_ms;
scan_count += thread_params[i].test_count;
EXPECT_EQ(*is_all_hit, 1);
*is_all_hit = 0;
free(is_all_hit);
}
scan_per_second = scan_count * 1000 / time_elapse_ms;
log_info(maat_inst->logger, MODULE_FRAMEWORK_PERF_GTEST,
"FlagScan match rate on %d-threads speed %lld lookups/s/thread",
PERF_THREAD_NUM, scan_per_second);
}
class MaatPerfFQDNPluginScan : public testing::Test
{
protected:
@@ -1777,4 +1332,4 @@ int main(int argc, char ** argv)
ret=RUN_ALL_TESTS();
return ret;
}
}

2
test/maat_input_mode_gtest.cpp
View File

@@ -247,4 +247,4 @@ int main(int argc, char ** argv)
log_handle_destroy(g_logger);
return ret;
}
}

243
test/maat_json.json
View File

@@ -1687,6 +1687,28 @@
}
]
},
{
"compile_id": 175,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "ipv4_composition.match",
"is_valid": "yes",
"groups": [
{
"group_name": "ipv4_composition.source",
"virtual_table": "COMPOSITION_IP_SOURCE",
"not_flag": 0
},
{
"group_name": "ipv4_composition.destination",
"virtual_table": "COMPOSITION_IP_DESTINATION",
"not_flag": 0
}
]
},
{
"compile_id": 176,
"service": 0,
@@ -1719,6 +1741,24 @@
}
]
},
{
"compile_id": 177,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "ipv4_composition.session.match",
"is_valid": "yes",
"groups": [
{
"group_name": "ipv4_composition.session",
"virtual_table": "COMPOSITION_IP_SESSION",
"not_flag": 0,
"clause_index": 1
}
]
},
{
"compile_id": 178,
"service": 1,
@@ -1779,6 +1819,47 @@
}
]
},
{
"compile_id": 180,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "Hierarchy_VirtualWithTwoPhysical",
"is_valid": "yes",
"groups": [
{
"group_name": "FQDN_OBJ1",
"virtual_table": "VIRTUAL_SSL_SNI",
"not_flag": 0,
"clause_index": 0
},
{
"group_name": "FQDN_CAT1",
"virtual_table": "VIRTUAL_SSL_SNI",
"not_flag": 0,
"clause_index": 0
}
]
},
{
"compile_id": 181,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "ipv4_composition.match",
"is_valid": "yes",
"groups": [
{
"group_name": "IPv4-composition-source-only",
"virtual_table": "COMPOSITION_IP_SOURCE",
"not_flag": 0
}
]
},
{
"compile_id": 182,
"service": 1,
@@ -1861,6 +1942,28 @@
}
]
},
{
"compile_id": 185,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "ipv4_composition.NOT_match",
"is_valid": "yes",
"groups": [
{
"group_name": "IPv4-composition-NOT-client-ip",
"virtual_table": "COMPOSITION_IP_SOURCE",
"not_flag": 0
},
{
"group_name": "IPv4-composition-NOT-server-ip",
"virtual_table": "COMPOSITION_IP_DESTINATION",
"not_flag": 1
}
]
},
{
"compile_id": 186,
"service": 1,
@@ -2258,7 +2361,7 @@
"do_blacklist": 1,
"do_log": 1,
"user_region": "Something:I\\bhave\\ba\\bname,7799",
"compile_table_name": "COMPILE_FIREWALL_DEFAULT",
"compile_table_name": "COMPILE_FIREWALL",
"is_valid": "yes",
"groups": [
{
@@ -2870,135 +2973,7 @@
"not_flag": 0
}
]
},
{
"compile_id": 211,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "ip_perf_test",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_type": "ip_plus",
"table_name": "IP_PERF_CONFIG",
"table_content": {
"addr_type": "ipv4",
"addr_format": "range",
"ip1": "10.0.0.1",
"ip2": "10.0.0.6",
"port_format": "range",
"port1": "65530",
"port2": "65535",
"protocol": 6
}
}
],
"not_flag": 0
}
]
},
{
"compile_id": 212,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "integer_perf_test",
"is_valid": "yes",
"groups": [
{
"group_name": "Untitled",
"regions": [
{
"table_name": "INTEGER_PERF_CONFIG",
"table_type": "interval",
"table_content": {
"low_boundary": 3000,
"up_boundary": 3000
}
}
]
}
]
},
{
"compile_id": 213,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "expr_perf_test",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_name": "EXPR_LITERAL_PERF_CONFIG",
"table_type": "expr",
"table_content": {
"keywords": "today&yesterday",
"expr_type": "and",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 214,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "flag_perf_test",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_type": "flag",
"table_name": "FLAG_PERF_CONFIG",
"table_content": {
"flag": 15,
"flag_mask": 15
}
}
]
}
]
},
{
"compile_id": 215,
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "expr_perf_test",
"is_valid": "yes",
"groups": [
{
"regions": [
{
"table_name": "EXPR_REGEX_PERF_CONFIG",
"table_type": "expr",
"table_content": {
"keywords": "action=search\\&query=(.*)",
"expr_type": "regex",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
}
}
],
"plugin_table": [
{
@@ -3009,6 +2984,14 @@
"3\t192.168.1.1\t103\t1"
]
},
{
"table_name": "TEST_PLUGIN_TABLE",
"table_content": [
"1\t3388\t99\t1",
"2\t3355\t66\t1",
"3\tcccc\t11\t1"
]
},
{
"table_name": "TEST_PLUGIN_EXDATA_TABLE",
"table_content": [

243
test/table_info.conf
View File

@@ -1,10 +1,12 @@
[
{
"table_id":0,
"table_name":"COMPILE_DEFAULT",
"table_name":"COMPILE",
"db_tables":["COMPILE_DEFAULT", "COMPILE_ALIAS"],
"table_type":"compile",
"valid_column":8,
"custom": {
"gc_timeout_s": 3,
"compile_id":1,
"tags":6,
"clause_num":9
@@ -12,20 +14,22 @@
},
{
"table_id":1,
"table_name":"COMPILE_ALIAS",
"table_type":"compile",
"valid_column":8,
"table_name":"GROUP2COMPILE",
"db_tables":["GROUP2COMPILE_DEFAULT", "GROUP2COMPILE_ALIAS"],
"table_type":"group2compile",
"associated_compile_table_id":0,
"valid_column":3,
"custom": {
"compile_id":1,
"tags":6,
"clause_num":9
"group_id":1,
"compile_id":2,
"not_flag":4,
"virtual_table_name":5,
"clause_index":6
}
},
},
{
"table_id":2,
"table_name":"COMPILE_CONJUNCTION",
"db_tables":["COMPILE_DEFAULT", "COMPILE_ALIAS"],
"default_compile_table":1,
"table_name":"COMPILE_FIREWALL",
"table_type":"compile",
"valid_column":8,
"custom": {
@@ -36,8 +40,7 @@
},
{
"table_id":3,
"table_name":"GROUP2COMPILE",
"db_tables":["GROUP2COMPILE_DEFAULT", "GROUP2COMPILE_ALIAS"],
"table_name":"GROUP2COMPILE_FIREWALL",
"table_type":"group2compile",
"associated_compile_table_id":2,
"valid_column":3,
@@ -51,43 +54,6 @@
},
{
"table_id":4,
"table_name":"COMPILE_FIREWALL_DEFAULT",
"table_type":"compile",
"valid_column":8,
"custom": {
"compile_id":1,
"tags":6,
"clause_num":9
}
},
{
"table_id":5,
"table_name":"COMPILE_FIREWALL_CONJUNCTION",
"db_tables":["COMPILE_FIREWALL_DEFAULT"],
"table_type":"compile",
"valid_column":8,
"custom": {
"compile_id":1,
"tags":6,
"clause_num":9
}
},
{
"table_id":6,
"table_name":"GROUP2COMPILE_FIREWALL",
"table_type":"group2compile",
"associated_compile_table_id":5,
"valid_column":3,
"custom": {
"group_id":1,
"compile_id":2,
"not_flag":4,
"virtual_table_name":5,
"clause_index":6
}
},
{
"table_id":7,
"table_name":"GROUP2GROUP",
"table_type":"group2group",
"valid_column":4,
@@ -98,33 +64,7 @@
}
},
{
"table_id":8,
"table_name":"COMPILE_PLUGIN",
"db_tables":["COMPILE_DEFAULT", "COMPILE_ALIAS"],
"table_type":"plugin",
"valid_column":8,
"custom": {
"gc_timeout_s":3,
"key_type":"integer",
"key_len":8,
"key":1
}
},
{
"table_id":9,
"table_name":"COMPILE_FIREWALL_PLUGIN",
"db_tables":["COMPILE_FIREWALL_DEFAULT"],
"table_type":"plugin",
"valid_column":8,
"custom": {
"gc_timeout_s":3,
"key_type":"integer",
"key_len":8,
"key":1
}
},
{
"table_id":10,
"table_id":5,
"table_name":"HTTP_REGION",
"db_tables":["HTTP_URL", "HTTP_HOST"],
"table_type":"expr",
@@ -139,7 +79,7 @@
}
},
{
"table_id":11,
"table_id":6,
"table_name":"KEYWORDS_TABLE",
"table_type":"expr",
"valid_column":7,
@@ -153,7 +93,7 @@
}
},
{
"table_id":12,
"table_id":7,
"table_name":"IP_CONFIG",
"table_type":"ip_plus",
"valid_column":11,
@@ -171,7 +111,7 @@
}
},
{
"table_id":13,
"table_id":8,
"table_name":"CONTENT_SIZE",
"table_type":"intval",
"valid_column":5,
@@ -183,19 +123,18 @@
}
},
{
"table_id":14,
"table_id":9,
"table_name":"QD_ENTRY_INFO",
"table_type":"plugin",
"valid_column":4,
"custom": {
"gc_timeout_s":3,
"key_type":"integer",
"key_len":8,
"key":1
}
},
{
"table_id":15,
"table_id":10,
"table_name":"HTTP_SIGNATURE",
"table_type":"expr_plus",
"valid_column":8,
@@ -210,7 +149,7 @@
}
},
{
"table_id":16,
"table_id":11,
"table_name":"IMAGE_FP",
"table_type":"expr",
"valid_column":7,
@@ -224,12 +163,11 @@
}
},
{
"table_id":17,
"table_id":12,
"table_name":"TEST_EFFECTIVE_RANGE_TABLE",
"table_type":"plugin",
"valid_column":4,
"custom": {
"gc_timeout_s":3,
"key_type":"integer",
"key_len":8,
"key":1,
@@ -237,12 +175,11 @@
}
},
{
"table_id":18,
"table_id":13,
"table_name":"TEST_FOREIGN_KEY",
"table_type":"plugin",
"valid_column":4,
"custom": {
"gc_timeout_s":3,
"key_type":"pointer",
"key":2,
"tag":3,
@@ -250,7 +187,7 @@
}
},
{
"table_id":19,
"table_id":14,
"table_name":"TEST_PLUGIN_EXDATA_TABLE",
"table_type":"plugin",
"valid_column":4,
@@ -262,19 +199,18 @@
}
},
{
"table_id":20,
"table_id":15,
"table_name":"IR_INTERCEPT_IP",
"table_type":"plugin",
"valid_column":14,
"custom": {
"gc_timeout_s":3,
"key_type":"pointer",
"key":2,
"tag":18
}
},
{
"table_id":21,
"table_id":16,
"table_name":"APP_PAYLOAD",
"table_type":"expr_plus",
"valid_column":8,
@@ -289,7 +225,7 @@
}
},
{
"table_id":22,
"table_id":17,
"table_name":"TROJAN_PAYLOAD",
"table_type":"expr",
"valid_column":7,
@@ -304,7 +240,7 @@
}
},
{
"table_id":23,
"table_id":18,
"table_name":"MAIL_ADDR",
"table_type":"expr",
"valid_column":7,
@@ -318,7 +254,7 @@
}
},
{
"table_id":24,
"table_id":19,
"table_name":"IP_PLUS_CONFIG",
"table_type":"ip_plus",
"valid_column":11,
@@ -336,32 +272,32 @@
}
},
{
"table_id":25,
"table_id":20,
"table_name":"HTTP_RESPONSE_KEYWORDS",
"table_type":"virtual",
"physical_table": "KEYWORDS_TABLE"
},
{
"table_id":26,
"table_id":21,
"table_name":"HTTP_REQUEST_HEADER",
"table_type":"virtual",
"physical_table": "HTTP_SIGNATURE"
},
{
"table_id":27,
"table_id":22,
"table_name":"HTTP_RESPONSE_HEADER",
"table_type":"virtual",
"physical_table": "HTTP_SIGNATURE"
},
{
"table_id":28,
"table_id":23,
"table_name":"VIRTUAL_IP_PLUS_TABLE",
"db_tables":["VIRTUAL_IP_PLUS_SOURCE", "VIRTUAL_IP_PLUS_DESTINATION"],
"table_type":"virtual",
"physical_table": "IP_PLUS_CONFIG"
},
{
"table_id":29,
"table_id":24,
"table_name":"TEST_IP_PLUGIN_WITH_EXDATA",
"table_type":"ip_plugin",
"valid_column":6,
@@ -375,7 +311,7 @@
}
},
{
"table_id":30,
"table_id":25,
"table_name":"AS_NUMBER",
"table_type":"expr",
"valid_column":7,
@@ -389,19 +325,19 @@
}
},
{
"table_id":31,
"table_id":26,
"table_name":"SOURCE_IP_ASN",
"table_type":"virtual",
"physical_table":"AS_NUMBER"
},
{
"table_id":32,
"table_id":27,
"table_name":"DESTINATION_IP_ASN",
"table_type":"virtual",
"physical_table":"AS_NUMBER"
},
{
"table_id":33,
"table_id":28,
"table_name":"GeoLocation",
"table_type":"expr",
"valid_column":7,
@@ -415,13 +351,13 @@
}
},
{
"table_id":34,
"table_id":29,
"table_name":"SOURCE_IP_GEO",
"table_type":"virtual",
"physical_table":"GeoLocation"
},
{
"table_id":35,
"table_id":30,
"table_name":"INTERGER_PLUS",
"table_type":"intval_plus",
"valid_column":6,
@@ -434,7 +370,7 @@
}
},
{
"table_id":36,
"table_id":31,
"table_name":"TEST_FQDN_PLUGIN_WITH_EXDATA",
"table_type":"fqdn_plugin",
"valid_column":5,
@@ -446,7 +382,7 @@
}
},
{
"table_id":37,
"table_id":32,
"table_name":"APP_ID",
"table_type":"intval",
"valid_column":5,
@@ -458,7 +394,7 @@
}
},
{
"table_id":38,
"table_id":33,
"table_name":"EMPTY_KEYWORD",
"table_type":"expr",
"valid_column":7,
@@ -472,7 +408,7 @@
}
},
{
"table_id":39,
"table_id":34,
"table_name":"EMPTY_INTERGER",
"table_type":"intval",
"valid_column":5,
@@ -484,7 +420,7 @@
}
},
{
"table_id":40,
"table_id":35,
"table_name":"TEST_BOOL_PLUGIN_WITH_EXDATA",
"table_type":"bool_plugin",
"valid_column":4,
@@ -495,7 +431,7 @@
}
},
{
"table_id":41,
"table_id":36,
"table_name":"FLAG_CONFIG",
"table_type":"flag",
"valid_column":5,
@@ -507,7 +443,7 @@
}
},
{
"table_id":42,
"table_id":37,
"table_name":"FLAG_PLUS_CONFIG",
"table_type":"flag_plus",
"valid_column":6,
@@ -520,12 +456,11 @@
}
},
{
"table_id":43,
"table_id":38,
"table_name":"TEST_PLUGIN_LONG_KEY_TYPE_TABLE",
"table_type":"plugin",
"valid_column":4,
"custom": {
"gc_timeout_s":3,
"key_type":"integer",
"key_len":8,
"key":2,
@@ -533,12 +468,11 @@
}
},
{
"table_id":44,
"table_id":39,
"table_name":"TEST_PLUGIN_INT_KEY_TYPE_TABLE",
"table_type":"plugin",
"valid_column":4,
"custom": {
"gc_timeout_s":3,
"key_type":"integer",
"key_len":4,
"key":2,
@@ -546,91 +480,20 @@
}
},
{
"table_id":45,
"table_id":40,
"table_name":"TEST_PLUGIN_IP_KEY_TYPE_TABLE",
"table_type":"plugin",
"valid_column":4,
"custom": {
"gc_timeout_s":3,
"key_type":"ip_addr",
"addr_type":1,
"key":2
}
},
{
"table_id":46,
"table_id":41,
"table_name":"HTTP_URL_FILTER",
"table_type":"virtual",
"physical_table": "HTTP_URL"
},
{
"table_id":47,
"table_name":"IP_PERF_CONFIG",
"table_type":"ip_plus",
"valid_column":11,
"custom": {
"item_id":1,
"group_id":2,
"addr_type":3,
"addr_format":4,
"ip1":5,
"ip2":6,
"port_format":7,
"port1":8,
"port2":9,
"protocol":10
}
},
{
"table_id":48,
"table_name":"INTEGER_PERF_CONFIG",
"table_type":"intval",
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"low_bound":3,
"up_bound":4
}
},
{
"table_id":49,
"table_name":"EXPR_LITERAL_PERF_CONFIG",
"table_type":"expr",
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
}
},
{
"table_id":50,
"table_name":"EXPR_REGEX_PERF_CONFIG",
"table_type":"expr",
"valid_column":7,
"custom": {
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
}
},
{
"table_id":51,
"table_name":"FLAG_PERF_CONFIG",
"table_type":"flag",
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"flag":3,
"flag_mask":4
}
}
]