gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

change type of rule_id, object_id, item_id from (long long) to (uuid_t)

Browse Source 
just compile libmaatframe.so, without modifing about test case
This commit is contained in:
root
2024-09-20 11:20:21 +00:00
parent 20de47c873
commit fc99675b40
40 changed files with 972 additions and 934 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
include/maat.h
View File

@@ -23,6 +23,7 @@ extern "C"
#include <stdint.h>
#include <netinet/in.h>
#include <uuid/uuid.h>
/* maat instance handle */
struct maat;
@@ -32,15 +33,15 @@ struct maat_hit_path {
int attribute_id; // 0 is not a attribute.
int negate_option; // 1 means negate condition(condition)
int condition_index; // 0 ~ 7
long long item_id;
long long sub_object_id;
long long top_object_id;
long long rule_id;
uuid_t item_uuid;
uuid_t sub_object_uuid;
uuid_t top_object_uuid;
uuid_t rule_uuid;
};
struct maat_hit_object {
long long item_id;
long long object_id;
uuid_t item_uuid;
uuid_t object_uuid;
int attribute_id;
};
@@ -259,11 +260,11 @@ struct maat_state;
* MAAT_SCAN_HIT
*/
int maat_scan_flag(struct maat *instance, int attribute_id, long long flag,
long long *results, size_t n_result, size_t *n_hit_result,
uuid_t *results, size_t n_result, size_t *n_hit_result,
struct maat_state *state);
int maat_scan_integer(struct maat *instance, int attribute_id, long long integer,
long long *results, size_t n_result, size_t *n_hit_result,
uuid_t *results, size_t n_result, size_t *n_hit_result,
struct maat_state *state);
/**
@@ -271,32 +272,32 @@ int maat_scan_integer(struct maat *instance, int attribute_id, long long integer
* @param port: port in host order. If the port is not specified, use -1. Note that 0 is a valid port.
*/
int maat_scan_ipv4_port(struct maat *instance, int attribute_id, uint32_t ip_addr, int port,
long long *results, size_t n_result, size_t *n_hit_result,
uuid_t *results, size_t n_result, size_t *n_hit_result,
struct maat_state *state);
int maat_scan_ipv6_port(struct maat *instance, int attribute_id, uint8_t *ip_addr, int port,
long long *results, size_t n_result, size_t *n_hit_result,
uuid_t *results, size_t n_result, size_t *n_hit_result,
struct maat_state *state);
int maat_scan_ipv4(struct maat *instance, int attribute_id, uint32_t ip_addr,
long long *results, size_t n_result, size_t *n_hit_result,
uuid_t *results, size_t n_result, size_t *n_hit_result,
struct maat_state *state);
int maat_scan_ipv6(struct maat *instance, int attribute_id, uint8_t *ip_addr,
long long *results, size_t n_result, size_t *n_hit_result,
uuid_t *results, size_t n_result, size_t *n_hit_result,
struct maat_state *state);
int maat_scan_string(struct maat *instance, int attribute_id,
const char *data, size_t data_len,
long long *results, size_t n_result,
uuid_t *results, size_t n_result,
size_t *n_hit_result, struct maat_state *state);
int maat_scan_object(struct maat *instance, int attribute_id,
struct maat_hit_object *objects, size_t n_object,
long long *results, size_t n_result,
uuid_t *results, size_t n_result,
size_t *n_hit_result, struct maat_state *state);
int maat_scan_not_logic(struct maat *instance, int attribute_id,
long long *results, size_t n_result,
uuid_t *results, size_t n_result,
size_t *n_hit_result, struct maat_state *state);
struct maat_stream;
@@ -304,7 +305,7 @@ struct maat_stream *maat_stream_new(struct maat *instance, int attribute_id,
struct maat_state *state);
int maat_stream_scan(struct maat_stream *stream, const char *data, int data_len,
long long *results, size_t n_result, size_t *n_hit_result,
uuid_t *results, size_t n_result, size_t *n_hit_result,
struct maat_state *state);
void maat_stream_free(struct maat_stream *stream);

4
scanner/bool_matcher/bool_matcher.cpp
View File

@@ -46,7 +46,7 @@ struct bool_matcher * bool_matcher_new(struct bool_expr * exprs, size_t expr_num
mem_bytes+=(unsigned int)expr_num*(sizeof(struct bool_expr_match)+sizeof(struct bool_expr_item));
for(unsigned int i=0; i<expr_num; i++)
{
matcher->bool_expr_ids[i].expr_id =exprs[i].expr_id;
uuid_copy(matcher->bool_expr_ids[i].expr_uuid, exprs[i].expr_uuid);
matcher->bool_expr_ids[i].user_tag =exprs[i].user_tag;
matcher->bool_expr_items[i].item_num=exprs[i].item_num;
matcher->bool_expr_items[i].items=new struct bool_item[exprs[i].item_num];
@@ -121,7 +121,7 @@ int res_comp(const void * lhs, const void * rhs)
{
bool_expr_match * _lhs=(bool_expr_match *)lhs;
bool_expr_match * _rhs=(bool_expr_match *)rhs;
return (_lhs->expr_id<_rhs->expr_id) ? 1 : -1;
return (uuid_compare(_lhs->expr_uuid, _rhs->expr_uuid) < 0) ? 1 : -1;
}
int do_match(struct bool_expr_item * expr, unsigned long long * item_ids, size_t item_num)

5
scanner/bool_matcher/bool_matcher.h
View File

@@ -24,6 +24,7 @@ extern "C"
#endif
#include <stddef.h>
#include <uuid/uuid.h>
#define MAX_ITEMS_PER_BOOL_EXPR 8
@@ -37,7 +38,7 @@ extern "C"
/* At least one item's negate_option should be 0. */
struct bool_expr
{
unsigned long long expr_id;
uuid_t expr_uuid;
void *user_tag;
size_t item_num;
struct bool_item items[MAX_ITEMS_PER_BOOL_EXPR];
@@ -45,7 +46,7 @@ extern "C"
struct bool_expr_match
{
unsigned long long expr_id;
uuid_t expr_uuid;
void *user_tag;
};

10
scanner/expr_matcher/expr_matcher.cpp
View File

@@ -144,10 +144,12 @@ static int expr_rule_pattern_count(struct expr_rule *rules, size_t n_rule,
for (size_t i = 0; i < n_rule; i++) {
if (rules[i].n_patterns > MAX_EXPR_PATTERN_NUM) {
char uuid_str[37];
uuid_unparse(rules[i].expr_uuid, uuid_str);
log_fatal(logger, MODULE_EXPR_MATCHER,
"[%s:%d] the number of patterns in expr_rule(rule_id:%lld)"
"[%s:%d] the number of patterns in expr_rule(rule_id:%s)"
" should less than %d", __FUNCTION__, __LINE__,
rules[i].expr_id, MAX_EXPR_PATTERN_NUM);
uuid_str, MAX_EXPR_PATTERN_NUM);
return -1;
}
@@ -224,7 +226,7 @@ static struct bool_expr *bool_exprs_new(struct expr_rule *rules, size_t n_rule,
bool_exprs[i].items[j].negate_option = 0;
}
bool_exprs[i].expr_id = rules[i].expr_id;
uuid_copy(bool_exprs[i].expr_uuid, rules[i].expr_uuid);
bool_exprs[i].item_num = rules[i].n_patterns;
bool_exprs[i].user_tag = rules[i].tag;
}
@@ -432,7 +434,7 @@ static int expr_matcher_bool_matcher_match(struct bool_matcher *bm, struct bool_
}
for (int index = 0; index < bool_matcher_ret; index++) {
result_array[index].rule_id = match_buff[index].expr_id;
uuid_copy(result_array[index].rule_uuid, match_buff[index].expr_uuid);
result_array[index].user_tag = match_buff[index].user_tag;
}
*n_hit_result = bool_matcher_ret;

5
scanner/expr_matcher/expr_matcher.h
View File

@@ -17,6 +17,7 @@ extern "C"
#endif
#include <stddef.h>
#include <uuid/uuid.h>
#include "log/log.h"
@@ -65,13 +66,13 @@ struct expr_pattern {
};
struct expr_scan_result {
long long rule_id;
uuid_t rule_uuid;
void *user_tag;
};
/* logic AND expression, such as (rule1 & rule2) */
struct expr_rule {
long long expr_id; /* AND expression ID */
uuid_t expr_uuid; /* AND expression ID */
size_t n_patterns;
struct expr_pattern patterns[MAX_EXPR_PATTERN_NUM];
void *tag; /* user defined data, return with hit result */

2
scanner/flag_matcher/flag_matcher.cpp
View File

@@ -71,7 +71,7 @@ int flag_matcher_match(struct flag_matcher *flag_matcher, uint64_t flag, struct
{
if (!((flag ^ flag_matcher->rule_table[i].flag) & flag_matcher->rule_table[i].mask))
{
result[result_number].rule_id = flag_matcher->rule_table[i].rule_id;
uuid_copy(result[result_number].rule_uuid, flag_matcher->rule_table[i].rule_uuid);
result[result_number ++].user_tag = flag_matcher->rule_table[i].user_tag;
if (result_number >= n_result)

5
scanner/flag_matcher/flag_matcher.h
View File

@@ -10,6 +10,7 @@
#define FLAG_MATCHER_H
#include <stdint.h>
#include <stddef.h>
#include <uuid/uuid.h>
#ifdef __cplusplus
extern "C"
@@ -20,7 +21,7 @@ struct flag_rule
{
uint64_t flag;
uint64_t mask;
uint64_t rule_id; // unique for a rule;
uuid_t rule_uuid; // unique for a rule;
/* A transparent user tag for convenient accessing,
the caller is responsible for its memory management. */
@@ -31,7 +32,7 @@ struct flag_rule
// if matched, return id and tag;
struct flag_result
{
uint64_t rule_id; // unique for a rule;
uuid_t rule_uuid; // unique for a rule;
void *user_tag;
};

6
scanner/fqdn_engine/fqdn_engine.cpp
View File

@@ -84,7 +84,7 @@ static void aligned_free(void * aligned_ptr)
/*************************************************************************************/
struct domain_impl_t
{
unsigned int id;
uuid_t uuid;
int suf_match;
unsigned int len;
unsigned long long hash; /*<2A><>64λ<34><CEBB>ϣֵΨһ<CEA8><D2BB>ʾһ<CABE><D2BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD>*/
@@ -170,7 +170,7 @@ int CHashTrieFQDN::initialize(const struct FQDN_rule * rules, size_t n_rule)
FOR(k, m_num)
{
m_domains[k].id =rules[k].id;
uuid_copy(m_domains[k].uuid, rules[k].uuid);
m_domains[k].suf_match=rules[k].is_suffix_match;
m_domains[k].len=rules[k].len;
m_domains[k].next=NULL;
@@ -307,7 +307,7 @@ int CHashTrieFQDN::search(const char * FQDN, size_t FQDN_len, struct FQDN_match
if(pt->len+P[t]==FQDN_len && pt->hash==HASH[t])
{
//if(match_num>0 && P[t]!=results[match_num-1].offset) return match_num;
results[match_num].id=pt->id;
uuid_copy(results[match_num].uuid, pt->uuid);
results[match_num].offset=P[t];
results[match_num].user_tag=pt->utag;
++match_num;

5
scanner/fqdn_engine/fqdn_engine.h
View File

@@ -23,10 +23,11 @@ extern "C" {
#endif
#include <stddef.h>
#include <uuid/uuid.h>
struct FQDN_rule
{
unsigned int id;
uuid_t uuid;
int is_suffix_match; /* is_suffix_match==0: exact match; is_suffix_match==1: longest suffix matching. */
size_t len;
char * FQDN; /* Non-ASCII character is allowed. */
@@ -39,7 +40,7 @@ extern "C" {
struct FQDN_match
{
unsigned int id;
uuid_t uuid;
unsigned int offset; /* offset==0 for exact matching; offset>0 for longest suffix matching. */
void * user_tag;
};

3
scanner/interval_matcher/interval_matcher.h
View File

@@ -8,6 +8,7 @@
#define INTERVAL_MATCHER_H
#include <stdint.h>
#include <stddef.h>
#include <uuid/uuid.h>
#ifdef __cplusplus
extern "C"
@@ -17,7 +18,7 @@ extern "C"
// if matched, return id and tag;
struct interval_result
{
uint64_t rule_id;
uuid_t rule_uuid;
/* A transparent user tag for convenient accessing,
the caller is responsible for its memory management. */

5
scanner/ip_matcher/ip_matcher.cpp
View File

@@ -57,11 +57,10 @@ struct ip_matcher *ip_matcher_new(struct ip_rule *rules, size_t rule_num,
map<long long, struct ip_rule> ipv4_rules;
map<long long, struct ip_rule> ipv6_rules;
for (size_t i = 0; i < rule_num; i++) {
long long id = rules[i].rule_id;
if(rules[i].type == IPv4)
ipv4_rules[id] = rules[i];
ipv4_rules[i] = rules[i];
if(rules[i].type == IPv6 )
ipv6_rules[id] = rules[i];
ipv6_rules[i] = rules[i];
}
//<2F><><EFBFBD><EFBFBD>ipv4ɨ<34><C9A8><EFBFBD><EFBFBD>

5
scanner/ip_matcher/ip_matcher.h
View File

@@ -19,6 +19,7 @@
#define H_IP_MATCHER_H
#include <stddef.h>
#include <uuid/uuid.h>
#include "../../deps/log/log.h"
@@ -45,7 +46,7 @@ struct ipv6_range {
/* common type for ip rule */
struct ip_rule {
enum IP_TYPE type; /* IPv4 or IPv6 */
long long rule_id; /* rule id */
uuid_t rule_uuid; /* rule id */
void *user_tag; /* point to user-defined data which will return with hit results */
union {
struct ipv4_range ipv4_rule;
@@ -64,7 +65,7 @@ struct ip_data {
/* data type for scan result */
struct scan_result {
long long rule_id; /* rule id */
uuid_t rule_uuid; /* rule id */
void *tag; /* point to the same address as user_tag in struct ip_rule which has same rule_id */
};

4
scanner/ip_matcher/ipv4_match.cpp
View File

@@ -66,7 +66,7 @@ long long CIPv4Match::initialize(const map<long long, struct ip_rule>& rules)
{
struct ipv4_range arule = it->second.ipv4_rule;
m_rules[i].rule = arule;
m_rules[i].rule_id = it->first;
uuid_copy(m_rules[i].rule_uuid, it->second.rule_uuid);
m_rules[i++].tag = it->second.user_tag;
}
@@ -106,7 +106,7 @@ int CIPv4Match::search_rule(const struct ip_data * data, struct scan_result * pr
return hit_num;
unsigned int index = m_v[i];
presult[hit_num].rule_id = m_rules[index].rule_id;
uuid_copy(presult[hit_num].rule_uuid, m_rules[index].rule_uuid);
presult[hit_num++].tag = m_rules[index].tag;
}

2
scanner/ip_matcher/ipv4_match.h
View File

@@ -26,7 +26,7 @@ typedef struct _ipv4_rule_t{
struct ipv4_range rule;
void * tag;
long long rule_id;
uuid_t rule_uuid;
}ipv4_rule_t;
class CIPv4Match : public CRuleMatch

4
scanner/ip_matcher/ipv6_match.cpp
View File

@@ -75,7 +75,7 @@ long long CIPv6Match::initialize(const map<long long, struct ip_rule>& rules)
for (map<long long, struct ip_rule>::const_iterator it = rules.begin(); it != rules.end(); ++it) {
struct ipv6_range arule = it->second.ipv6_rule;;
m_rules[i].rule = arule;
m_rules[i].rule_id = it->first;
uuid_copy(m_rules[i].rule_uuid, it->second.rule_uuid);
m_rules[i++].tag = it->second.user_tag;
}
@@ -119,7 +119,7 @@ int CIPv6Match::search_rule(const struct ip_data * data, struct scan_result * pr
if(hit_num == size)
return hit_num;
unsigned int index = m_v[i];
presult[hit_num].rule_id = m_rules[index].rule_id;
uuid_copy(presult[hit_num].rule_uuid, m_rules[index].rule_uuid);
presult[hit_num++].tag = m_rules[index].tag;
}

2
scanner/ip_matcher/ipv6_match.h
View File

@@ -26,7 +26,7 @@
typedef struct _ipv6_rule_t{
struct ipv6_range rule;
long long rule_id;
uuid_t rule_uuid;
void * tag;
}ipv6_rule_t;

6
scanner/ipport_matcher/ipport_matcher.c
View File

@@ -15,7 +15,7 @@
#include "ipport_matcher.h"
struct port_range {
long long rule_id;
uuid_t rule_uuid;
void *tag;
uint16_t min_port; /* host order */
uint16_t max_port; /* host order */
@@ -105,7 +105,7 @@ struct ipport_matcher *ipport_matcher_new(struct ipport_rule *rules, size_t rule
struct port_range range;
range.min_port = rules[i].min_port;
range.max_port = rules[i].max_port;
range.rule_id = rules[i].rule_id;
uuid_copy(range.rule_uuid, rules[i].rule_uuid);
range.tag = rules[i].user_tag;
utarray_push_back(node->port_range_list, &range);
}
@@ -151,7 +151,7 @@ int ipport_matcher_match(struct ipport_matcher *matcher, const struct ip_addr *i
tmp_range = (struct port_range *)utarray_find(node->port_range_list,
&range, compare_port_range_for_find);
if (tmp_range != NULL) {
result_array[0].rule_id = tmp_range->rule_id;
uuid_copy(result_array[0].rule_uuid, tmp_range->rule_uuid);
result_array[0].tag = tmp_range->tag;
return 1;
}

4
scanner/ipport_matcher/ipport_matcher.h
View File

@@ -21,7 +21,7 @@ extern "C"
#include "maat.h"
struct ipport_rule {
long long rule_id; /* rule id */
uuid_t rule_uuid; /* rule id */
void *user_tag; /* point to user-defined data which will return with hit results */
struct ip_addr ip;
uint16_t min_port; /* host order */
@@ -29,7 +29,7 @@ struct ipport_rule {
};
struct ipport_result {
long long rule_id; /* matched rule id */
uuid_t rule_uuid; /* matched rule id */
void *tag; /* point to the same address as user_tag in struct ipport_rule which has same rule_id */
};

4
src/inc_internal/maat_core.h
View File

@@ -53,8 +53,8 @@ enum tag_match {
};
struct maat_item {
long long item_id;
long long object_id;
uuid_t item_uuid;
uuid_t object_uuid;
};
struct maat_runtime {

22
src/inc_internal/maat_object.h
View File

@@ -28,28 +28,28 @@ struct object2object_runtime;
/* object2object schema API */
void *object2object_schema_new(cJSON *json, struct table_manager *tbl_mgr,
const char *table_name, struct log_handle *logger);
void object2object_schema_free(void *g2g_schema);
void object2object_schema_free(void *o2o_schema);
/* object2object runtime API */
void *object2object_runtime_new(void *g2g_schema, size_t max_thread_num,
void *object2object_runtime_new(void *o2o_schema, size_t max_thread_num,
struct maat_garbage_bin *garbage_bin,
struct log_handle *logger);
void object2object_runtime_free(void *g2g_runtime);
void object2object_runtime_free(void *o2o_runtime);
int object2object_runtime_update(void *g2g_runtime, void *g2g_schema, const char *table_name,
int object2object_runtime_update(void *o2o_runtime, void *o2o_schema, const char *table_name,
const char *line, enum maat_operation op);
int object2object_runtime_commit(void *g2g_runtime, const char *table_name, long long maat_rt_version);
int object2object_runtime_commit(void *o2o_runtime, const char *table_name, long long maat_rt_version);
size_t object2object_runtime_get_super_objects(void *g2g_runtime, long long *object_ids,
size_t n_object_ids, long long *super_object_ids,
size_t super_object_ids_size);
size_t object2object_runtime_get_super_objects(void *o2o_runtime, uuid_t *object_uuids,
size_t n_object_uuids, uuid_t *super_object_uuids,
size_t super_object_uuids_size);
long long object2object_runtime_rule_count(void *g2g_runtime);
long long object2object_runtime_rule_count(void *o2o_runtime);
long long object2object_runtime_exclude_rule_count(void *g2g_runtime);
long long object2object_runtime_exclude_rule_count(void *o2o_runtime);
long long object2object_runtime_update_err_count(void *g2g_runtime);
long long object2object_runtime_update_err_count(void *o2o_runtime);
#ifdef __cplusplus
}

4
src/inc_internal/maat_rule.h
View File

@@ -51,7 +51,7 @@ long long rule_runtime_rule_count(void *rule_runtime);
long long rule_runtime_update_err_count(void *rule_runtime);
int rule_runtime_match(struct rule_runtime *rule_rt, long long *rule_ids,
int rule_runtime_match(struct rule_runtime *rule_rt, uuid_t *rule_uuids,
size_t rule_ids_size, struct maat_state *state);
size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id,
@@ -81,7 +81,7 @@ void rule_compile_state_not_logic_update(struct rule_compile_state *rule_compile
size_t rule_compile_state_get_internal_hit_paths(struct rule_compile_state *rule_compile_state,
struct rule_runtime *rule_rt,
struct object2object_runtime *g2g_rt,
struct object2object_runtime *o2o_rt,
struct maat_hit_path *hit_path_array,
size_t array_size);

32
src/maat_api.c
View File

@@ -1184,7 +1184,7 @@ string_scan(struct table_manager *tbl_mgr, int thread_id,
}
static size_t
object_to_rule(struct maat *maat_inst, long long *results, size_t n_result,
object_to_rule(struct maat *maat_inst, uuid_t *results, size_t n_result,
struct maat_state *state)
{
int rule_table_id =
@@ -1205,7 +1205,7 @@ object_to_rule(struct maat *maat_inst, long long *results, size_t n_result,
}
int maat_scan_flag(struct maat *maat_inst, int attribute_id,
long long flag, long long *results, size_t n_result,
long long flag, uuid_t *results, size_t n_result,
size_t *n_hit_result, struct maat_state *state)
{
if ((NULL == maat_inst) || attribute_id < 0 || attribute_id >= MAX_ATTRIBUTE_NUM ||
@@ -1284,7 +1284,7 @@ int maat_scan_flag(struct maat *maat_inst, int attribute_id,
}
int maat_scan_integer(struct maat *maat_inst, int attribute_id,
long long integer, long long *results, size_t n_result,
long long integer, uuid_t *results, size_t n_result,
size_t *n_hit_result, struct maat_state *state)
{
if ((NULL == maat_inst) || attribute_id < 0 || attribute_id >= MAX_ATTRIBUTE_NUM ||
@@ -1364,7 +1364,7 @@ int maat_scan_integer(struct maat *maat_inst, int attribute_id,
}
int maat_scan_ipv4_port(struct maat *maat_inst, int attribute_id, uint32_t ip_addr,
int port, long long *results, size_t n_result,
int port, uuid_t *results, size_t n_result,
size_t *n_hit_result, struct maat_state *state)
{
if ((NULL == maat_inst) || attribute_id < 0 || attribute_id >= MAX_ATTRIBUTE_NUM ||
@@ -1443,7 +1443,7 @@ int maat_scan_ipv4_port(struct maat *maat_inst, int attribute_id, uint32_t ip_ad
}
int maat_scan_ipv6_port(struct maat *maat_inst, int attribute_id, uint8_t *ip_addr,
int port, long long *results, size_t n_result,
int port, uuid_t *results, size_t n_result,
size_t *n_hit_result, struct maat_state *state)
{
if ((NULL == maat_inst) || attribute_id < 0 || attribute_id >= MAX_ATTRIBUTE_NUM ||
@@ -1523,7 +1523,7 @@ int maat_scan_ipv6_port(struct maat *maat_inst, int attribute_id, uint8_t *ip_ad
#define PORT_IGNORED -1
inline int maat_scan_ipv6(struct maat *instance, int attribute_id, uint8_t *ip_addr,
long long *results, size_t n_result, size_t *n_hit_result,
uuid_t *results, size_t n_result, size_t *n_hit_result,
struct maat_state *state)
{
return maat_scan_ipv6_port(instance, attribute_id, ip_addr, PORT_IGNORED,
@@ -1531,7 +1531,7 @@ inline int maat_scan_ipv6(struct maat *instance, int attribute_id, uint8_t *ip_a
}
inline int maat_scan_ipv4(struct maat *instance, int attribute_id, uint32_t ip_addr,
long long *results, size_t n_result, size_t *n_hit_result,
uuid_t *results, size_t n_result, size_t *n_hit_result,
struct maat_state *state)
{
return maat_scan_ipv4_port(instance, attribute_id, ip_addr, PORT_IGNORED,
@@ -1540,7 +1540,7 @@ inline int maat_scan_ipv4(struct maat *instance, int attribute_id, uint32_t ip_a
int maat_scan_string(struct maat *maat_inst, int attribute_id,
const char *data, size_t data_len,
long long *results, size_t n_result,
uuid_t *results, size_t n_result,
size_t *n_hit_result, struct maat_state *state)
{
if ((NULL == maat_inst) || attribute_id < 0 || attribute_id >= MAX_ATTRIBUTE_NUM ||
@@ -1642,8 +1642,8 @@ static void maat_state_add_hit_object(struct maat_state *state, int attribute_id
struct maat_item hit_items[n_hit_item];
for (size_t i = 0; i < n_hit_item; i++) {
hit_items[i].item_id = objects[i].item_id;
hit_items[i].object_id = objects[i].object_id;
uuid_copy(hit_items[i].item_uuid, objects[i].item_uuid);
uuid_copy(hit_items[i].object_uuid, objects[i].object_uuid);
}
rule_compile_state_update(state->rule_compile_state, maat_inst, attribute_id,
@@ -1682,7 +1682,7 @@ maat_state_activate_hit_not_object(struct maat_state *state, int attribute_id)
int maat_scan_object(struct maat *maat_inst, int attribute_id,
struct maat_hit_object *objects, size_t n_object,
long long *results, size_t n_result,
uuid_t *results, size_t n_result,
size_t *n_hit_result, struct maat_state *state)
{
if ((NULL == maat_inst) || attribute_id < 0 || attribute_id >= MAX_ATTRIBUTE_NUM ||
@@ -1724,7 +1724,7 @@ int maat_scan_object(struct maat *maat_inst, int attribute_id,
}
int maat_scan_not_logic(struct maat *maat_inst, int attribute_id,
long long *results, size_t n_result,
uuid_t *results, size_t n_result,
size_t *n_hit_result, struct maat_state *state)
{
if ((NULL == maat_inst) || attribute_id < 0 || attribute_id >= MAX_ATTRIBUTE_NUM ||
@@ -1848,7 +1848,7 @@ static int expr_stream_scan(struct maat_stream *stream, const char *data,
}
int maat_stream_scan(struct maat_stream *maat_stream, const char *data, int data_len,
long long *results, size_t n_result, size_t *n_hit_result,
uuid_t *results, size_t n_result, size_t *n_hit_result,
struct maat_state *state)
{
if ((NULL == maat_stream) || (NULL == data) || (0 == data_len)
@@ -2135,13 +2135,13 @@ int maat_state_get_hit_paths(struct maat_state *state, struct maat_hit_path *pat
return -1;
}
int g2g_table_id = table_manager_get_object2object_table_id(maat_inst->tbl_mgr);
void *g2g_runtime = table_manager_get_runtime(maat_inst->tbl_mgr, g2g_table_id);
int o2o_table_id = table_manager_get_object2object_table_id(maat_inst->tbl_mgr);
void *o2o_runtime = table_manager_get_runtime(maat_inst->tbl_mgr, o2o_table_id);
size_t hit_path_cnt =
rule_compile_state_get_internal_hit_paths(state->rule_compile_state,
(struct rule_runtime *)rule_rt,
(struct object2object_runtime *)g2g_runtime,
(struct object2object_runtime *)o2o_runtime,
path_array, array_size);
return rule_runtime_get_hit_paths((struct rule_runtime *)rule_rt,

2
src/maat_bool_plugin.c
View File

@@ -314,7 +314,7 @@ bool_plugin_expr_new(struct bool_plugin_schema *schema, const char *table_name,
__LINE__, table_name, schema->key_name, cJSON_Print(json));
goto error;
}
bool_expr->expr_id = atoll(tmp_obj->valuestring);
uuid_parse(tmp_obj->valuestring, bool_expr->expr_uuid);
tmp_obj = cJSON_GetObjectItem(json, "bool_expr");
if (NULL == tmp_obj || tmp_obj->type != cJSON_String) {

4
src/maat_config_monitor.c
View File

@@ -153,7 +153,9 @@ void config_monitor_traverse(long long current_version, const cJSON *json_root,
}
}
config_load_json_content(json_root, object2object_table->valuestring, "object_groups", u_param, update_fn);
if (object2object_table) {
config_load_json_content(json_root, object2object_table->valuestring, "object_groups", u_param, update_fn);
}
config_load_json_content(json_root, rule_table->valuestring, "rules", u_param, update_fn);
if (finish_fn != NULL) {

74
src/maat_expr.c
View File

@@ -57,8 +57,8 @@ enum match_method {
};
struct expr_item {
long long item_id;
long long object_id;
uuid_t item_uuid;
uuid_t object_uuid;
char keywords[MAX_KEYWORDS_STR_LEN + 1];
enum expr_type expr_type;
void *user_data;
@@ -152,7 +152,7 @@ int expr_runtime_set_scan_district(struct expr_runtime *expr_rt, const char *dis
static struct expr_item *
expr_item_new(struct expr_schema *expr_schema, const char *table_name,
const cJSON *json, struct expr_runtime *expr_rt, long long item_id)
const cJSON *json, struct expr_runtime *expr_rt, uuid_t item_uuid)
{
int expr_type = -1;
enum table_type table_type = TABLE_TYPE_INVALID;
@@ -161,18 +161,16 @@ expr_item_new(struct expr_schema *expr_schema, const char *table_name,
size_t len = 0;
int ret;
expr_item->item_id = item_id;
uuid_copy(expr_item->item_uuid, item_uuid);
tmp_obj = cJSON_GetObjectItem(json, "object_id");
if (tmp_obj != NULL && tmp_obj->type == cJSON_String) {
expr_item->object_id = tmp_obj->valueint;
} else {
tmp_obj = cJSON_GetObjectItem(json, "object_uuid");
if (tmp_obj == NULL && tmp_obj->type != cJSON_String) {
log_fatal(expr_rt->logger, MODULE_EXPR,
"[%s:%d] expr table:<%s> has no object_id in line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
goto error;
}
expr_item->object_id = atoll(tmp_obj->valuestring);
uuid_parse(tmp_obj->valuestring, expr_item->object_uuid);
tmp_obj = cJSON_GetObjectItem(json, "keywords");
if (tmp_obj == NULL || tmp_obj->type != cJSON_String) {
@@ -209,10 +207,12 @@ expr_item_new(struct expr_schema *expr_schema, const char *table_name,
} else if (expr_item->expr_type == EXPR_TYPE_REGEX) {
ret = expr_matcher_verify_regex_expression(expr_item->keywords, expr_rt->logger);
if (0 == ret) {
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(item_uuid, uuid_str);
log_fatal(expr_rt->logger, MODULE_EXPR,
"[%s:%d] expr table:<%s> regex expression(item_id:%lld):%s illegal,"
"[%s:%d] expr table:<%s> regex expression(item_id:%s):%s illegal,"
" will be dropped", __FUNCTION__, __LINE__, table_name,
expr_item->item_id, expr_item->keywords);
uuid_str, expr_item->keywords);
goto error;
}
}
@@ -432,9 +432,11 @@ static int expr_runtime_update_row(struct expr_runtime *expr_rt, char *key,
//add
ret = rcu_hash_add(expr_rt->item_hash, key, key_len, (void *)item);
if (ret < 0) {
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(item->item_uuid, uuid_str);
log_debug(expr_rt->logger, MODULE_EXPR,
"[%s:%d] expr item(item_id:%lld) add to item_hash failed",
__FUNCTION__, __LINE__, item->item_id);
"[%s:%d] expr item(item_id:%s) add to item_hash failed",
__FUNCTION__, __LINE__, uuid_str);
return -1;
}
}
@@ -602,6 +604,9 @@ static int expr_item_to_expr_rule(struct expr_item *expr_item,
char *tmp = NULL;
char *saveptr = NULL;
char tmp_keywords[MAX_KEYWORDS_STR_LEN + 1];
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(expr_item->item_uuid, uuid_str);
memcpy(tmp_keywords, expr_item->keywords, MAX_KEYWORDS_STR_LEN + 1);
@@ -615,17 +620,17 @@ static int expr_item_to_expr_rule(struct expr_item *expr_item,
if (i >= MAAT_MAX_EXPR_ITEM_NUM) {
log_fatal(logger, MODULE_EXPR,
"[%s:%d]abandon config expr_item(item_id:%d) "
"[%s:%d]abandon config expr_item(item_id:%s) "
"too many patterns", __FUNCTION__, __LINE__,
expr_item->item_id);
uuid_str);
return -1;
}
if (expr_keywords_to_expr_pattern(tmp, &expr_rule->patterns[i], logger) < 0) {
log_fatal(logger, MODULE_EXPR,
"[%s:%d]abandon config expr_item(item_id:%d) "
"[%s:%d]abandon config expr_item(item_id:%s) "
"has invalid pattern %s", __FUNCTION__, __LINE__,
expr_item->item_id, tmp);
uuid_str, tmp);
return -1;
}
expr_rule->patterns[i].type = EXPR_PATTERN_TYPE_STR;
@@ -646,13 +651,13 @@ static int expr_item_to_expr_rule(struct expr_item *expr_item,
break;
default:
log_fatal(logger, MODULE_EXPR,
"[%s:%d]abandon config expr_item(item_id:%lld) has "
"[%s:%d]abandon config expr_item(item_id:%s) has "
"invalid expr type=%d", __FUNCTION__, __LINE__,
expr_item->item_id, expr_item->expr_type);
uuid_str, expr_item->expr_type);
return -1;
}
expr_rule->expr_id = expr_item->item_id;
uuid_copy(expr_rule->expr_uuid, expr_item->item_uuid);
expr_rule->tag = expr_item->user_data;
expr_rule->n_patterns = sub_expr_cnt;
@@ -681,7 +686,7 @@ int expr_runtime_update(void *expr_runtime, void *expr_schema,
return -1;
}
tmp_obj = cJSON_GetObjectItem(json, "item_id");
tmp_obj = cJSON_GetObjectItem(json, "uuid");
if (tmp_obj == NULL || tmp_obj->type != cJSON_String) {
log_fatal(expr_rt->logger, MODULE_EXPR,
"[%s:%d] expr table:<%s> has no item_id in line:%s",
@@ -690,8 +695,9 @@ int expr_runtime_update(void *expr_runtime, void *expr_schema,
goto ERROR;
}
long long item_id = atoll(tmp_obj->valuestring);
if (item_id < 0) {
uuid_t item_uuid;
uuid_parse(tmp_obj->valuestring, item_uuid);
if (uuid_is_null(item_uuid)) {
log_fatal(expr_rt->logger, MODULE_EXPR,
"[%s:%d] expr table:<%s> item_id wrong"
" in table_line:%s", __FUNCTION__, __LINE__, table_name,
@@ -703,7 +709,7 @@ int expr_runtime_update(void *expr_runtime, void *expr_schema,
struct expr_item *expr_item = NULL;
if (MAAT_OP_ADD == op) {
//add
expr_item = expr_item_new(schema, table_name, json, expr_rt, item_id);
expr_item = expr_item_new(schema, table_name, json, expr_rt, item_uuid);
if (NULL == expr_item) {
expr_rt->update_err_cnt++;
goto ERROR;
@@ -715,7 +721,7 @@ int expr_runtime_update(void *expr_runtime, void *expr_schema,
expr_item->user_data = item_district_id;
}
int ret = expr_runtime_update_row(expr_rt, (char *)&item_id, sizeof(long long),
int ret = expr_runtime_update_row(expr_rt, (char *)&item_uuid, sizeof(item_uuid),
expr_item, op);
if (ret < 0) {
if (expr_item != NULL) {
@@ -939,17 +945,16 @@ int expr_runtime_scan(struct expr_runtime *expr_rt, int thread_id,
for (size_t i = 0; i < n_hit_item; i++) {
int tag_district_id = *(int *)(hit_results[i].user_tag);
if (tag_district_id == state->district_id || tag_district_id == DISTRICT_ANY) {
long long item_id = hit_results[i].rule_id;
struct expr_item *expr_item = (struct expr_item *)rcu_hash_find(expr_rt->item_hash,
(char *)&item_id,
sizeof(long long));
(char *)&hit_results[i].rule_uuid,
sizeof(uuid_t));
if (!expr_item) {
// item config has been deleted
continue;
}
hit_maat_items[real_hit_item_num].item_id = item_id;
hit_maat_items[real_hit_item_num].object_id = expr_item->object_id;
uuid_copy(hit_maat_items[real_hit_item_num].item_uuid, expr_item->item_uuid);
uuid_copy(hit_maat_items[real_hit_item_num].object_uuid, expr_item->object_uuid);
real_hit_item_num++;
}
}
@@ -1034,17 +1039,16 @@ int expr_runtime_stream_scan(struct expr_runtime_stream *expr_rt_stream,
}
for (size_t i = 0; i < n_hit_item; i++) {
long long item_id = hit_results[i].rule_id;
expr_item = (struct expr_item *)rcu_hash_find(expr_rt->item_hash,
(char *)&item_id,
sizeof(long long));
(char *)&hit_results[i].rule_uuid,
sizeof(uuid_t));
if (!expr_item) {
// item config has been deleted
continue;
}
hit_maat_items[real_hit_item_cnt].item_id = item_id;
hit_maat_items[real_hit_item_cnt].object_id = expr_item->object_id;
uuid_copy(hit_maat_items[real_hit_item_cnt].item_uuid, expr_item->item_uuid);
uuid_copy(hit_maat_items[real_hit_item_cnt].object_uuid, expr_item->object_uuid);
real_hit_item_cnt++;
}

38
src/maat_flag.c
View File

@@ -30,8 +30,8 @@ struct flag_schema {
};
struct flag_item {
long long item_id;
long long object_id;
uuid_t item_uuid;
uuid_t object_uuid;
long long flag;
long long flag_mask;
void *user_data;
@@ -197,9 +197,11 @@ static int flag_runtime_update_row(struct flag_runtime *flag_rt, char *key,
//add
ret = rcu_hash_add(flag_rt->item_hash, key, key_len, (void *)item);
if (ret < 0) {
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(item->item_uuid, uuid_str);
log_debug(flag_rt->logger, MODULE_FLAG,
"[%s:%d] flag item(item_id:%lld) add to item_hash failed",
__FUNCTION__, __LINE__, item->item_id);
"[%s:%d] flag item(item_uuid:%s) add to item_hash failed",
__FUNCTION__, __LINE__, uuid_str);
return -1;
}
}
@@ -242,22 +244,22 @@ int flag_runtime_set_scan_district(struct flag_runtime *flag_rt, const char *dis
static struct flag_item *
flag_item_new(struct flag_schema *schema, const char *table_name,
const cJSON *json, struct flag_runtime *flag_rt, long long item_id)
const cJSON *json, struct flag_runtime *flag_rt, uuid_t item_uuid)
{
cJSON *tmp_obj = NULL;
enum table_type table_type = TABLE_TYPE_INVALID;
struct flag_item *item = ALLOC(struct flag_item, 1);
item->item_id = item_id;
uuid_copy(item->item_uuid, item_uuid);
tmp_obj = cJSON_GetObjectItem(json, "object_id");
tmp_obj = cJSON_GetObjectItem(json, "object_uuid");
if (tmp_obj == NULL || tmp_obj->type != cJSON_String) {
log_fatal(flag_rt->logger, MODULE_FLAG,
"[%s:%d] flag table:<%s> has no object_id in json:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
goto error;
}
item->object_id = atoll(tmp_obj->valuestring);
uuid_parse(tmp_obj->valuestring, item->object_uuid);
table_type = table_manager_get_table_type(schema->ref_tbl_mgr, schema->table_id);
if (table_type == TABLE_TYPE_INTERVAL_PLUS) {
@@ -316,7 +318,7 @@ static struct flag_rule flag_item_to_flag_rule(struct flag_item *item)
{
struct flag_rule rule;
rule.rule_id = item->item_id;
uuid_copy(rule.rule_uuid, item->item_uuid);
rule.flag = item->flag;
rule.mask = item->flag_mask;
rule.user_tag = item->user_data;
@@ -344,7 +346,7 @@ int flag_runtime_update(void *flag_runtime, void *flag_schema,
return -1;
}
cJSON *item = cJSON_GetObjectItem(json, "item_id");
cJSON *item = cJSON_GetObjectItem(json, "uuid");
if (NULL == item || item->type != cJSON_String) {
log_fatal(flag_rt->logger, MODULE_FLAG,
"[%s:%d] flag table:<%s> line:%s has no item_id",
@@ -352,11 +354,12 @@ int flag_runtime_update(void *flag_runtime, void *flag_schema,
goto ERROR;
}
long long item_id = atoll(item->valuestring);
uuid_t item_uuid;
uuid_parse(item->valuestring, item_uuid);
struct flag_item *flag_item = NULL;
if (MAAT_OP_ADD == op) {
flag_item = flag_item_new(schema, table_name, json, flag_rt, item_id);
flag_item = flag_item_new(schema, table_name, json, flag_rt, item_uuid);
if (NULL == flag_item) {
flag_rt->update_err_cnt++;
goto ERROR;
@@ -368,7 +371,7 @@ int flag_runtime_update(void *flag_runtime, void *flag_schema,
flag_item->user_data = item_district_id;
}
int ret = flag_runtime_update_row(flag_rt, (char *)&item_id, sizeof(long long),
int ret = flag_runtime_update_row(flag_rt, (char *)&item_uuid, sizeof(item_uuid),
flag_item, op);
if (ret < 0) {
if (flag_item != NULL) {
@@ -520,18 +523,17 @@ int flag_runtime_scan(struct flag_runtime *flag_rt, int thread_id,
int tag_district_id = *(int *)(hit_results[i].user_tag);
if (tag_district_id == state->district_id ||
tag_district_id == DISTRICT_ANY) {
long long item_id = hit_results[i].rule_id;
struct flag_item *flag_item =
(struct flag_item *)rcu_hash_find(flag_rt->item_hash,
(char *)&item_id,
sizeof(long long));
(char *)&hit_results[i].rule_uuid,
sizeof(hit_results[i].rule_uuid));
if (!flag_item) {
// item config has been deleted
continue;
}
hit_maat_items[real_hit_item_cnt].item_id = item_id;
hit_maat_items[real_hit_item_cnt].object_id = flag_item->object_id;
uuid_copy(hit_maat_items[real_hit_item_cnt].item_uuid, hit_results[i].rule_uuid);
uuid_copy(hit_maat_items[real_hit_item_cnt].object_uuid, flag_item->object_uuid);
real_hit_item_cnt++;
}
}

2
src/maat_fqdn_plugin.c
View File

@@ -265,7 +265,7 @@ fqdn_plugin_rule_new(const cJSON *json, struct fqdn_plugin_schema *schema,
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
goto error;
}
fqdn_plugin_rule->id = atoi(tmp_obj->valuestring);
uuid_parse(tmp_obj->valuestring, fqdn_plugin_rule->uuid);
tmp_obj = cJSON_GetObjectItem(json, "fqdn");
if (NULL == tmp_obj || tmp_obj->type != cJSON_String) {

40
src/maat_interval.c
View File

@@ -27,8 +27,8 @@ struct interval_schema {
};
struct interval_item {
long long item_id;
long long object_id;
uuid_t item_uuid;
uuid_t object_uuid;
int low_boundary;
int up_boundary;
void *user_data;
@@ -215,23 +215,23 @@ int interval_runtime_set_scan_district(struct interval_runtime *interval_rt,
static struct interval_item *
interval_item_new(struct interval_schema *schema, const char *table_name,
const cJSON *json, struct interval_runtime *interval_rt, long long item_id)
const cJSON *json, struct interval_runtime *interval_rt, uuid_t item_uuid)
{
enum table_type table_type = TABLE_TYPE_INVALID;
char port_str[16] = {0};
struct interval_item *item = ALLOC(struct interval_item, 1);
cJSON *tmp_obj = NULL;
item->item_id = item_id;
uuid_copy(item->item_uuid, item_uuid);
tmp_obj = cJSON_GetObjectItem(json, "object_id");
tmp_obj = cJSON_GetObjectItem(json, "object_uuid");
if (NULL == tmp_obj || tmp_obj->type != cJSON_String) {
log_fatal(interval_rt->logger, MODULE_INTERVAL,
"[%s:%d] interval table:<%s> has no object_id in line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
goto error;
}
item->object_id = atoll(tmp_obj->valuestring);
uuid_parse(tmp_obj->valuestring, item->object_uuid);
table_type = table_manager_get_table_type(schema->ref_tbl_mgr, schema->table_id);
if (table_type == TABLE_TYPE_INTERVAL_PLUS) {
@@ -289,7 +289,7 @@ interval_item_to_interval_rule(struct interval_item *item)
rule.start = item->low_boundary;
rule.end = item->up_boundary;
rule.result.rule_id = item->item_id;
uuid_copy(rule.result.rule_uuid, item->item_uuid);
rule.result.user_tag = item->user_data;
return rule;
@@ -308,10 +308,12 @@ static int interval_runtime_update_row(struct interval_runtime *interval_rt,
//add
ret = rcu_hash_add(interval_rt->item_hash, key, key_len, (void *)item);
if (ret < 0) {
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(item->item_uuid, uuid_str);
log_debug(interval_rt->logger, MODULE_INTERVAL,
"[%s:%d] interval item(item_id:%lld) add to "
"[%s:%d] interval item(item_id:%s) add to "
"interavl_item_hash failed", __FUNCTION__, __LINE__,
item->item_id);
uuid_str);
return -1;
}
}
@@ -342,7 +344,7 @@ int interval_runtime_update(void *interval_runtime, void *interval_schema,
goto ERROR;
}
tmp_obj = cJSON_GetObjectItem(json, "item_id");
tmp_obj = cJSON_GetObjectItem(json, "uuid");
if (NULL == tmp_obj || tmp_obj->type != cJSON_String) {
log_fatal(interval_rt->logger, MODULE_INTERVAL,
"[%s:%d] interval table:<%s> has no item_id in line:%s",
@@ -351,8 +353,9 @@ int interval_runtime_update(void *interval_runtime, void *interval_schema,
goto ERROR;
}
long long item_id = atoll(tmp_obj->valuestring);
if (item_id < 0) {
uuid_t item_uuid;
uuid_parse(tmp_obj->valuestring, item_uuid);
if (uuid_is_null(item_uuid)) {
log_fatal(interval_rt->logger, MODULE_INTERVAL,
"[%s:%d] interval table:<%s> item_id wrong"
" in table_line:%s", __FUNCTION__, __LINE__, table_name,
@@ -364,7 +367,7 @@ int interval_runtime_update(void *interval_runtime, void *interval_schema,
struct interval_item *interval_item = NULL;
if (MAAT_OP_ADD == op) {
//add
interval_item = interval_item_new(schema, table_name, json, interval_rt, item_id);
interval_item = interval_item_new(schema, table_name, json, interval_rt, item_uuid);
if (NULL == interval_item) {
interval_rt->update_err_cnt++;
goto ERROR;
@@ -376,7 +379,7 @@ int interval_runtime_update(void *interval_runtime, void *interval_schema,
interval_item->user_data = item_district_id;
}
int ret = interval_runtime_update_row(interval_rt, (char *)&item_id, sizeof(long long),
int ret = interval_runtime_update_row(interval_rt, (char *)&item_uuid, sizeof(uuid_t),
interval_item, op);
if (ret < 0) {
if (interval_item != NULL) {
@@ -531,18 +534,17 @@ int interval_runtime_scan(struct interval_runtime *interval_rt, int thread_id,
int tag_district_id = *(int *)(hit_results[i].user_tag);
if (tag_district_id == state->district_id ||
tag_district_id == DISTRICT_ANY) {
long long item_id = hit_results[i].rule_id;
struct interval_item *int_item =
(struct interval_item *)rcu_hash_find(interval_rt->item_hash,
(char *)&item_id,
sizeof(long long));
(char *)&hit_results[i].rule_uuid,
sizeof(uuid_t));
if (!int_item) {
// item config has been deleted
continue;
}
hit_maat_items[real_hit_item_cnt].item_id = item_id;
hit_maat_items[real_hit_item_cnt].object_id = int_item->object_id;
uuid_copy(hit_maat_items[real_hit_item_cnt].item_uuid, int_item->item_uuid);
uuid_copy(hit_maat_items[real_hit_item_cnt].object_uuid, int_item->object_uuid);
real_hit_item_cnt++;
}
}

39
src/maat_ip.c
View File

@@ -39,8 +39,8 @@ struct ipv6_item_rule {
};
struct ip_item {
long long item_id;
long long object_id;
uuid_t item_uuid;
uuid_t object_uuid;
int addr_type;
union {
struct ipv4_item_rule ipv4;
@@ -98,23 +98,23 @@ void ip_schema_free(void *ip_schema)
static struct ip_item *
ip_item_new(struct ip_schema *ip_schema, const char *table_name,
const cJSON *json, struct log_handle *logger, long long item_id)
const cJSON *json, struct log_handle *logger, uuid_t item_uuid)
{
char ip_str[128] = {0};
struct ip_item *ip_item = ALLOC(struct ip_item, 1);
cJSON *tmp_obj = NULL;
int ret = 0;
ip_item->item_id = item_id;
uuid_copy(ip_item->item_uuid, item_uuid);
tmp_obj = cJSON_GetObjectItem(json, "object_id");
tmp_obj = cJSON_GetObjectItem(json, "object_uuid");
if (NULL == tmp_obj || tmp_obj->type != cJSON_String) {
log_fatal(logger, MODULE_IP,
"[%s:%d] ip table:<%s> has no object_id in line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
goto error;
}
ip_item->object_id = atoll(tmp_obj->valuestring);
uuid_parse(tmp_obj->valuestring, ip_item->object_uuid);
tmp_obj = cJSON_GetObjectItem(json, "ip");
if (NULL == tmp_obj || tmp_obj->type != cJSON_String) {
@@ -268,7 +268,7 @@ static void ip_item_to_ip_rule(struct ip_item *item, struct ip_rule *rule)
memcpy(rule->ipv6_rule.end_ip, item->ipv6.max_ip,
sizeof(item->ipv6.max_ip));
}
rule->rule_id = item->item_id;
uuid_copy(rule->rule_uuid, item->item_uuid);
}
static int ip_runtime_update_row(struct ip_runtime *ip_rt, char *key, size_t key_len,
@@ -283,9 +283,11 @@ static int ip_runtime_update_row(struct ip_runtime *ip_rt, char *key, size_t key
// add
ret = rcu_hash_add(ip_rt->item_hash, key, key_len, (void *)item);
if (ret < 0) {
char uuid_str[37] = {0};
uuid_unparse(item->item_uuid, uuid_str);
log_debug(ip_rt->logger, MODULE_IP,
"[%s:%d] ip item(item_id:%lld) add to ip runtime htable failed",
__FUNCTION__, __LINE__, item->item_id);
"[%s:%d] ip item(item_id:%s) add to ip runtime htable failed",
__FUNCTION__, __LINE__, uuid_str);
return -1;
}
}
@@ -315,7 +317,7 @@ int ip_runtime_update(void *ip_runtime, void *ip_schema,
goto ERROR;
}
tmp_obj = cJSON_GetObjectItem(json, "item_id");
tmp_obj = cJSON_GetObjectItem(json, "uuid");
if (NULL == tmp_obj || tmp_obj->type != cJSON_String) {
log_fatal(ip_rt->logger, MODULE_IP,
"[%s:%d] ip table:<%s> has no item_id in line:%s",
@@ -323,19 +325,21 @@ int ip_runtime_update(void *ip_runtime, void *ip_schema,
ip_rt->update_err_cnt++;
goto ERROR;
}
long long item_id = atoll(tmp_obj->valuestring);
uuid_t item_uuid;
uuid_parse(tmp_obj->valuestring, item_uuid);
struct ip_item *ip_item = NULL;
if (MAAT_OP_ADD == op) {
//add
ip_item = ip_item_new(schema, table_name, json, ip_rt->logger, item_id);
ip_item = ip_item_new(schema, table_name, json, ip_rt->logger, item_uuid);
if (NULL == ip_item) {
ip_rt->update_err_cnt++;
goto ERROR;
}
}
int ret = ip_runtime_update_row(ip_rt, (char *)&item_id, sizeof(long long),
int ret = ip_runtime_update_row(ip_rt, (char *)&item_uuid, sizeof(uuid_t),
ip_item, op);
if (ret < 0) {
if (ip_item != NULL) {
@@ -505,10 +509,9 @@ int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type,
}
for (size_t i = 0; i < n_hit_ip_item; i++) {
long long item_id = ip_results[i].rule_id;
struct ip_item *ip_item = (struct ip_item *)rcu_hash_find(ip_rt->item_hash,
(char *)&item_id,
sizeof(long long));
(char *)&ip_results[i].rule_uuid,
sizeof(uuid_t));
if (!ip_item) {
// item config has been deleted
continue;
@@ -524,8 +527,8 @@ int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type,
continue;
}
hit_maat_items[real_hit_item_cnt].item_id = ip_results[i].rule_id;
hit_maat_items[real_hit_item_cnt].object_id = ip_item->object_id;
uuid_copy(hit_maat_items[real_hit_item_cnt].item_uuid, ip_item->item_uuid);
uuid_copy(hit_maat_items[real_hit_item_cnt].object_uuid, ip_item->object_uuid);
real_hit_item_cnt++;
}

2
src/maat_ip_plugin.c
View File

@@ -159,7 +159,7 @@ ip_plugin_rule_new(struct ip_plugin_schema *schema, const char *table_name,
__FUNCTION__, __LINE__, table_name, schema->key_name, cJSON_Print(json));
goto error;
}
ip_plugin_rule->rule_id = atoll(tmp_obj->valuestring);
uuid_parse(tmp_obj->valuestring, ip_plugin_rule->rule_uuid);
tmp_obj = cJSON_GetObjectItem(json, "ip");
if (NULL == tmp_obj || tmp_obj->type != cJSON_String) {

6
src/maat_ipport_plugin.c
View File

@@ -42,7 +42,7 @@ struct ipv6_item {
};
struct ipport_item {
long long item_id;
uuid_t item_uuid;
int ip_type; //IPV4 or IPV6
union {
struct ipv4_item ipv4;
@@ -237,7 +237,7 @@ ipport_item_new(struct ipport_plugin_schema *schema, const char *table_name,
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
goto error;
}
ipport_item->item_id = atoll(tmp_obj->valuestring);
uuid_parse(tmp_obj->valuestring, ipport_item->item_uuid);
tmp_obj = cJSON_GetObjectItem(json, "ip");
if (NULL == tmp_obj || tmp_obj->type != cJSON_String) {
@@ -442,7 +442,7 @@ ipport_item_to_ipport_rule(struct ipport_item *item, struct ipport_rule *rule)
rule->min_port = item->min_port;
rule->max_port = item->max_port;
}
rule->rule_id = item->item_id;
uuid_copy(rule->rule_uuid, item->item_uuid);
}
static void

791
src/maat_object.c
View File

File diff suppressed because it is too large Load Diff

343
src/maat_rule.c
View File

@@ -43,13 +43,13 @@ struct rule_schema {
struct rule_item {
int condition_num;
long long rule_id;
uuid_t rule_uuid;
char *table_line;
size_t table_line_len;
};
struct condition_query_key {
long long object_id;
uuid_t object_uuid;
int attribute_id;
int negate_option;
};
@@ -70,7 +70,7 @@ struct table_condition {
struct table_object {
int attribute_id;
UT_array *object_ids;
UT_array *object_uuids;
UT_hash_handle hh;
};
@@ -99,7 +99,7 @@ struct condition_literal {
struct rule_condition {
long long condition_id;
long long object_ids[MAX_OBJECT_CNT];
uuid_t object_uuids[MAX_OBJECT_CNT];
int object_cnt;
int attribute_id;
char negate_option; // 1 byte
@@ -109,7 +109,7 @@ struct rule_condition {
struct rule_sort_para {
int condition_num;
long long rule_id;
uuid_t rule_uuid;
};
#define MAAT_RULE_MAGIC 0x4a5b6c7d
@@ -117,21 +117,21 @@ struct maat_rule {
uint32_t magic_num;
int condition_num;
int table_id;
long long rule_id;
uuid_t rule_uuid;
void *user_data; // rule_item
struct rule_condition conditions[MAX_ITEMS_PER_BOOL_EXPR];
};
struct internal_hit_path {
long long item_id;
long long object_id;
uuid_t item_uuid;
uuid_t object_uuid;
int Nth_scan;
int attribute_id;
int negate_option; // 1 means negate condition
};
struct rule2table_id {
long long rule_id;
uuid_t rule_uuid;
int table_id;
};
@@ -153,7 +153,7 @@ struct rule_compile_state {
};
UT_icd ut_condition_id_icd = {sizeof(long long), NULL, NULL, NULL};
UT_icd ut_rule_object_id_icd = {sizeof(long long), NULL, NULL, NULL};
UT_icd ut_rule_object_uuid_icd = {sizeof(uuid_t), NULL, NULL, NULL};
UT_icd ut_maat_hit_object_icd = {sizeof(struct maat_hit_object), NULL, NULL, NULL};
UT_icd ut_hit_path_icd = {sizeof(struct internal_hit_path), NULL, NULL, NULL};
UT_icd ut_hit_rule_table_id_icd = {sizeof(struct rule2table_id), NULL, NULL, NULL};
@@ -226,7 +226,7 @@ static int validate_table_not_condition(struct rule_runtime *rule_rt,
}
static struct maat_rule *maat_rule_new(struct rule_runtime *rule_rt, struct rule_schema *schema,
const char *table_name, long long rule_id,
const char *table_name, uuid_t rule_uuid,
const char *table_line, struct rule_item *rule_item)
{
struct maat_rule *rule = ALLOC(struct maat_rule, 1);
@@ -235,7 +235,7 @@ static struct maat_rule *maat_rule_new(struct rule_runtime *rule_rt, struct rule
cJSON *table_json = cJSON_Parse(table_line);
rule->magic_num = MAAT_RULE_MAGIC;
rule->rule_id = rule_id;
uuid_copy(rule->rule_uuid, rule_uuid);
for(int i = 0; i < MAX_ITEMS_PER_BOOL_EXPR; i++) {
rule->conditions[i].in_use = 0;
@@ -309,7 +309,7 @@ static struct maat_rule *maat_rule_new(struct rule_runtime *rule_rt, struct rule
}
}
tmp_obj = cJSON_GetObjectItem(condition_obj, "object_ids");
tmp_obj = cJSON_GetObjectItem(condition_obj, "object_uuids");
if (tmp_obj && tmp_obj->type == cJSON_Array) {
int n_object_ids = cJSON_GetArraySize(tmp_obj);
@@ -318,8 +318,7 @@ static struct maat_rule *maat_rule_new(struct rule_runtime *rule_rt, struct rule
for (int j = 0; j < n_object_ids; j++) {
cJSON *object_id_obj = cJSON_GetArrayItem(tmp_obj, j);
if (object_id_obj && object_id_obj->type == cJSON_String) {
long long object_id = atoll(object_id_obj->valuestring);
condition->object_ids[j] = object_id;
uuid_parse(object_id_obj->valuestring, condition->object_uuids[j]);
}
}
}
@@ -383,14 +382,14 @@ rule_item_new(const char *table_line, struct rule_schema *schema,
struct rule_item *rule_item = ALLOC(struct rule_item, 1);
cJSON *table_json = cJSON_Parse(table_line);
tmp_obj = cJSON_GetObjectItem(table_json, "rule_id");
tmp_obj = cJSON_GetObjectItem(table_json, "uuid");
if (tmp_obj == NULL && tmp_obj->type != cJSON_String) {
log_fatal(logger, MODULE_RULE,
"[%s:%d] table: <%s> has no rule_id or not string format in line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(table_json));
goto error;
}
rule_item->rule_id = atoll(tmp_obj->valuestring);
uuid_parse(tmp_obj->valuestring, rule_item->rule_uuid);
rule_item->table_line_len = strlen(table_line);
rule_item->table_line = ALLOC(char, rule_item->table_line_len + 1);
@@ -529,17 +528,9 @@ void rule_runtime_init(void *rule_runtime, struct maat_runtime *maat_rt)
rule_rt->ref_maat_rt = maat_rt;
}
static inline int compare_object_id(const void *a, const void *b)
static inline int compare_object_uuid(const void *a, const void *b)
{
long long ret = *(const long long *)a - *(const long long *)b;
if (0 == ret) {
return 0;
} else if(ret < 0) {
return -1;
} else {
return 1;
}
return uuid_compare(*(uuid_t *)a, *(uuid_t *)b);
}
static struct bool_matcher *
@@ -588,7 +579,7 @@ maat_rule_bool_matcher_new(struct rule_runtime *rule_rt,
// some rule may have zero objects, e.g. default policy.
if (j == (size_t)iter_rule->condition_num && j > 0) {
bool_expr_array[expr_cnt].expr_id = iter_rule->rule_id;
uuid_copy(bool_expr_array[expr_cnt].expr_uuid, iter_rule->rule_uuid);
bool_expr_array[expr_cnt].user_tag = iter_rule;
bool_expr_array[expr_cnt].item_num = j;
expr_cnt++;
@@ -634,17 +625,9 @@ static inline int compare_condition_id(const void *a, const void *b)
}
}
static inline int compare_rule_id(const void *a, const void *b)
static inline int compare_rule_uuid(const void *a, const void *b)
{
long long ret = *(const long long *)a - *(const long long *)b;
if (0 == ret) {
return 0;
} else if (ret < 0) {
return -1;
} else {
return 1;
}
return uuid_compare(*(uuid_t *)a, *(uuid_t *)b);
}
/**
@@ -687,9 +670,12 @@ build_condition_id_kv_hash(struct rule_runtime *rule_rt, int negate_option)
}
for (size_t k = 0; k < condition->object_cnt; k++) {
struct condition_query_key key =
{condition->object_ids[k], condition->attribute_id, condition->negate_option};
struct condition_query_key key;
struct condition_id_kv *condition_id_kv = NULL;
key.attribute_id = condition->attribute_id;
key.negate_option = condition->negate_option;
uuid_copy(key.object_uuid, condition->object_uuids[k]);
HASH_FIND(hh, condition_id_kv_hash, &key, sizeof(struct condition_query_key),
condition_id_kv);
@@ -768,13 +754,16 @@ rule_compile_state_if_new_hit_rule(struct rule_compile_state *rule_compile_state
static void
rule_compile_state_update_hit_rule_table_id(struct rule_compile_state *rule_compile_state,
long long rule_id, int table_id)
uuid_t rule_uuid, int table_id)
{
if (!utarray_find(rule_compile_state->hit_rule_table_ids, &rule_id,
compare_rule_id)) {
struct rule2table_id rule_table_id = {rule_id, table_id};
if (!utarray_find(rule_compile_state->hit_rule_table_ids, &rule_uuid,
compare_rule_uuid)) {
struct rule2table_id rule_table_id;
rule_table_id.table_id = table_id;
uuid_copy(rule_table_id.rule_uuid, rule_uuid);
utarray_push_back(rule_compile_state->hit_rule_table_ids, &rule_table_id);
utarray_sort(rule_compile_state->hit_rule_table_ids, compare_rule_id);
utarray_sort(rule_compile_state->hit_rule_table_ids, compare_rule_uuid);
}
}
@@ -808,7 +797,8 @@ maat_rule_bool_matcher_match(struct rule_runtime *rule_rt,
for (int i = 0; i < bool_match_ret && ud_result_cnt < ud_array_size; i++) {
rule = (struct maat_rule *)expr_match[i].user_tag;
assert(rule->magic_num == MAAT_RULE_MAGIC);
assert((unsigned long long)rule->rule_id == expr_match[i].expr_id);
assert(uuid_compare(rule->rule_uuid, expr_match[i].expr_uuid) == 0);
if (0 == rule->condition_num) {
continue;
}
@@ -819,7 +809,7 @@ maat_rule_bool_matcher_match(struct rule_runtime *rule_rt,
if (rule->user_data != NULL && n_new_hit_rule > 0) {
user_data_array[ud_result_cnt] = rule->user_data;
ud_result_cnt++;
rule_compile_state_update_hit_rule_table_id(rule_compile_state, rule->rule_id,
rule_compile_state_update_hit_rule_table_id(rule_compile_state, rule->rule_uuid,
rule->table_id);
}
}
@@ -856,11 +846,11 @@ rule_compile_state_hit_not_tbl_objects_free(struct rule_compile_state *rule_comp
struct table_object *tbl_object = NULL, *tmp_tbl_object = NULL;
HASH_ITER(hh, rule_compile_state->hit_not_tbl_objects, tbl_object, tmp_tbl_object) {
free_bytes +=
(sizeof(tbl_object) + utarray_len(tbl_object->object_ids) * sizeof(long long));
(sizeof(tbl_object) + utarray_len(tbl_object->object_uuids) * sizeof(uuid_t));
HASH_DEL(rule_compile_state->hit_not_tbl_objects, tbl_object);
if (tbl_object->object_ids != NULL) {
utarray_free(tbl_object->object_ids);
tbl_object->object_ids = NULL;
if (tbl_object->object_uuids != NULL) {
utarray_free(tbl_object->object_uuids);
tbl_object->object_uuids = NULL;
}
FREE(tbl_object);
}
@@ -890,7 +880,7 @@ void rule_compile_state_reset(struct rule_compile_state *rule_compile_state)
struct table_object *tbl_object = NULL, *tmp_tbl_object = NULL;
HASH_ITER(hh, rule_compile_state->hit_not_tbl_objects, tbl_object, tmp_tbl_object) {
utarray_clear(tbl_object->object_ids);
utarray_clear(tbl_object->object_uuids);
}
}
@@ -976,7 +966,7 @@ void rule_compile_state_free(struct rule_compile_state *rule_compile_state,
static void
rule_compile_state_add_internal_hit_path(struct rule_compile_state *rule_compile_state,
long long item_id, long long object_id,
uuid_t item_uuid, uuid_t object_uuid,
int attribute_id, int negate_option, int Nth_scan)
{
if (NULL == rule_compile_state) {
@@ -984,9 +974,9 @@ rule_compile_state_add_internal_hit_path(struct rule_compile_state *rule_compile
}
struct internal_hit_path new_path;
new_path.item_id = item_id;
uuid_copy(new_path.item_uuid, item_uuid);
new_path.Nth_scan = Nth_scan;
new_path.object_id = object_id;
uuid_copy(new_path.object_uuid, object_uuid);
new_path.attribute_id = attribute_id;
new_path.negate_option = negate_option;
@@ -1011,10 +1001,10 @@ static int maat_rule_has_condition_query_key(struct maat_rule *rule,
continue;
}
long long *tmp_object_id = bsearch(&(key->object_id), condition->object_ids,
condition->object_cnt, sizeof(long long),
compare_object_id);
if (tmp_object_id != NULL) {
uuid_t *tmp_object_uuid = bsearch(&(key->object_uuid), condition->object_uuids,
condition->object_cnt, sizeof(uuid_t),
compare_object_uuid);
if (tmp_object_uuid != NULL) {
return 1;
}
}
@@ -1024,7 +1014,7 @@ static int maat_rule_has_condition_query_key(struct maat_rule *rule,
static size_t
maat_rule_get_hit_condition_index(struct maat_rule *rule,
int attribute_id, long long hit_object_id,
int attribute_id, uuid_t hit_object_uuid,
int *condition_idx_array, size_t array_size)
{
size_t hit_condition_cnt = 0;
@@ -1041,10 +1031,10 @@ maat_rule_get_hit_condition_index(struct maat_rule *rule,
continue;
}
long long *tmp_object_id = bsearch(&hit_object_id, tmp_condition->object_ids,
tmp_condition->object_cnt, sizeof(long long),
compare_object_id);
if (tmp_object_id != NULL) {
uuid_t *tmp_object_uuid = bsearch(&hit_object_uuid, tmp_condition->object_uuids,
tmp_condition->object_cnt, sizeof(uuid_t),
compare_object_uuid);
if (tmp_object_uuid != NULL) {
condition_idx_array[hit_condition_cnt++] = i;
break;
}
@@ -1077,17 +1067,17 @@ void populate_hit_path_with_rule(struct maat_hit_path *hit_path_array,
size_t new_hit_path_cnt = *n_new_hit_path;
int condition_index_array[MAX_ITEMS_PER_BOOL_EXPR] = {0};
if (hit_path_array[idx].top_object_id < 0) {
hit_path_array[idx].top_object_id = hit_path_array[idx].sub_object_id;
if (uuid_is_null(hit_path_array[idx].top_object_uuid)) {
uuid_copy(hit_path_array[idx].top_object_uuid, hit_path_array[idx].sub_object_uuid);
}
struct maat_hit_path tmp_path;
if (hit_path_array[idx].rule_id < 0) {
hit_path_array[idx].rule_id = rule->rule_id;
if (uuid_is_null(hit_path_array[idx].rule_uuid)) {
uuid_copy(hit_path_array[idx].rule_uuid, rule->rule_uuid);
// find out which condition in rule hit
n_condition_index =
maat_rule_get_hit_condition_index(rule, hit_path_array[idx].attribute_id,
hit_path_array[idx].top_object_id,
hit_path_array[idx].top_object_uuid,
condition_index_array,
MAX_ITEMS_PER_BOOL_EXPR);
hit_path_array[idx].condition_index = condition_index_array[0];
@@ -1102,12 +1092,12 @@ void populate_hit_path_with_rule(struct maat_hit_path *hit_path_array,
} else {
// means same condition_query_id hit more than one rule_id
tmp_path = hit_path_array[idx];
tmp_path.rule_id = rule->rule_id;
uuid_copy(tmp_path.rule_uuid, rule->rule_uuid);
if (!maat_rule_is_hit_path_existed(hit_path_array, n_hit_path + new_hit_path_cnt, &tmp_path)) {
hit_path_array[n_hit_path + new_hit_path_cnt] = tmp_path;
new_hit_path_cnt++;
n_condition_index =
maat_rule_get_hit_condition_index(rule, tmp_path.attribute_id, tmp_path.top_object_id,
maat_rule_get_hit_condition_index(rule, tmp_path.attribute_id, tmp_path.top_object_uuid,
condition_index_array, MAX_ITEMS_PER_BOOL_EXPR);
hit_path_array[n_hit_path + new_hit_path_cnt - 1].condition_index = condition_index_array[0];
if (n_condition_index > 1) {
@@ -1132,7 +1122,7 @@ size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id,
/* assign hit_path_array[].rule_id */
size_t n_new_hit_path = 0;
struct maat_rule *rule = NULL;
struct condition_query_key key = {0, 0, 0};
struct condition_query_key key;
struct bool_expr_match *expr_match = rule_rt->expr_match_buff +
(thread_id * MAX_HIT_RULE_NUM);
assert(thread_id >= 0);
@@ -1149,16 +1139,16 @@ size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id,
for (int idx = 0; idx < bool_match_ret; idx++) {
rule = (struct maat_rule *)expr_match[idx].user_tag;
assert(rule->magic_num == MAAT_RULE_MAGIC);
assert((unsigned long long)rule->rule_id == expr_match[idx].expr_id);
assert(uuid_compare(rule->rule_uuid, expr_match[idx].expr_uuid) == 0);
if (0 == rule->condition_num || NULL == rule->user_data) {
continue;
}
for (size_t j = 0; j < n_hit_path && (n_hit_path + n_new_hit_path) < array_size; j++) {
if (hit_path_array[j].top_object_id < 0) {
key.object_id = hit_path_array[j].sub_object_id;
if (uuid_is_null(hit_path_array[j].top_object_uuid)) {
uuid_copy(key.object_uuid, hit_path_array[j].sub_object_uuid);
} else {
key.object_id = hit_path_array[j].top_object_id;
uuid_copy(key.object_uuid, hit_path_array[j].top_object_uuid);
}
key.attribute_id = hit_path_array[j].attribute_id;
@@ -1184,8 +1174,8 @@ rule_compile_state_add_direct_hit_objects(struct rule_compile_state *rule_compil
struct maat_hit_object hit_object;
for (size_t i = 0; i < n_hit_items; i++) {
hit_object.item_id = hit_items[i].item_id;
hit_object.object_id = hit_items[i].object_id;
uuid_copy(hit_object.item_uuid, hit_items[i].item_uuid);
uuid_copy(hit_object.object_uuid, hit_items[i].object_uuid);
hit_object.attribute_id = attribute_id;
utarray_push_back(rule_compile_state->direct_hit_objects, &hit_object);
}
@@ -1193,17 +1183,17 @@ rule_compile_state_add_direct_hit_objects(struct rule_compile_state *rule_compil
static void
rule_compile_state_add_indirect_hit_objects(struct rule_compile_state *rule_compile_state,
long long *object_ids,
size_t n_object_ids, int attribute_id)
uuid_t *object_uuids,
size_t n_object_uuids, int attribute_id)
{
if (NULL == rule_compile_state || NULL == object_ids) {
if (NULL == rule_compile_state || NULL == object_uuids) {
return;
}
struct maat_hit_object hit_object;
for (size_t i = 0; i < n_object_ids; i++) {
hit_object.item_id = 0;
hit_object.object_id = object_ids[i];
for (size_t i = 0; i < n_object_uuids; i++) {
uuid_clear(hit_object.item_uuid);
uuid_copy(hit_object.object_uuid, object_uuids[i]);
hit_object.attribute_id = attribute_id;
utarray_push_back(rule_compile_state->indirect_hit_objects, &hit_object);
}
@@ -1288,15 +1278,19 @@ rule_compile_state_add_hit_not_conditions(struct rule_compile_state *rule_compil
static void
rule_compile_state_update_hit_conditions(struct rule_compile_state *rule_compile_state,
struct rule_runtime *rule_rt,
long long object_id, int attribute_id)
uuid_t object_uuid, int attribute_id)
{
if (NULL == rule_compile_state || NULL == rule_rt) {
return;
}
struct condition_query_key key = {object_id, attribute_id, 0};
struct condition_query_key key;
struct condition_id_kv *condition_id_kv = NULL;
key.negate_option = 0;
key.attribute_id = attribute_id;
uuid_copy(key.object_uuid, object_uuid);
HASH_FIND(hh, rule_rt->condition_id_kv_hash, &key, sizeof(key), condition_id_kv);
if (condition_id_kv != NULL) {
rule_compile_state_add_hit_conditions(rule_compile_state, condition_id_kv->condition_ids);
@@ -1312,29 +1306,29 @@ rule_compile_state_update_hit_conditions(struct rule_compile_state *rule_compile
static void
rule_compile_state_cache_hit_not_objects(struct rule_compile_state *rule_compile_state,
struct rule_runtime *rule_rt,
long long *hit_object_ids,
size_t n_hit_object_id, int attribute_id)
uuid_t *hit_object_uuids,
size_t n_hit_object_uuid, int attribute_id)
{
if (NULL == rule_compile_state || NULL == rule_rt) {
return;
}
if (n_hit_object_id != 0) {
qsort(hit_object_ids, n_hit_object_id, sizeof(long long), compare_object_id);
if (n_hit_object_uuid != 0) {
qsort(hit_object_uuids, n_hit_object_uuid, sizeof(uuid_t), compare_object_uuid);
}
struct table_object *tbl_object = NULL;
HASH_FIND(hh, rule_compile_state->hit_not_tbl_objects, &attribute_id, sizeof(int), tbl_object);
if (tbl_object != NULL) {
for (size_t i = 0; i < n_hit_object_id; i++) {
long long *object_id = (long long *)utarray_find(tbl_object->object_ids,
&hit_object_ids[i],
compare_object_id);
if (NULL == object_id) {
for (size_t i = 0; i < n_hit_object_uuid; i++) {
uuid_t *object_uuid = (uuid_t *)utarray_find(tbl_object->object_uuids,
&hit_object_uuids[i],
compare_object_uuid);
if (NULL == object_uuid) {
continue;
}
size_t remove_idx = utarray_eltidx(tbl_object->object_ids, object_id);
utarray_erase(tbl_object->object_ids, remove_idx, 1);
size_t remove_idx = utarray_eltidx(tbl_object->object_uuids, object_uuid);
utarray_erase(tbl_object->object_uuids, remove_idx, 1);
}
}
@@ -1344,28 +1338,28 @@ rule_compile_state_cache_hit_not_objects(struct rule_compile_state *rule_compile
continue;
}
long long *tmp_object_id =
bsearch(&(condition_id_kv->key.object_id), hit_object_ids,
n_hit_object_id, sizeof(long long), compare_object_id);
if (tmp_object_id != NULL) {
uuid_t *tmp_object_uuid =
bsearch(&(condition_id_kv->key.object_uuid), hit_object_uuids,
n_hit_object_uuid, sizeof(uuid_t), compare_object_uuid);
if (tmp_object_uuid != NULL) {
continue;
}
if (NULL == tbl_object) {
tbl_object = ALLOC(struct table_object, 1);
tbl_object->attribute_id = attribute_id;
utarray_new(tbl_object->object_ids, &ut_rule_object_id_icd);
utarray_new(tbl_object->object_uuids, &ut_rule_object_uuid_icd);
HASH_ADD_INT(rule_compile_state->hit_not_tbl_objects, attribute_id, tbl_object);
}
if (!utarray_find(tbl_object->object_ids, &(condition_id_kv->key.object_id),
compare_object_id)) {
utarray_push_back(tbl_object->object_ids, &(condition_id_kv->key.object_id));
if (!utarray_find(tbl_object->object_uuids, &(condition_id_kv->key.object_uuid),
compare_object_uuid)) {
utarray_push_back(tbl_object->object_uuids, &(condition_id_kv->key.object_uuid));
}
}
if (tbl_object != NULL) {
utarray_sort(tbl_object->object_ids, compare_object_id);
utarray_sort(tbl_object->object_uuids, compare_object_uuid);
}
}
@@ -1375,7 +1369,7 @@ int rule_compile_state_get_rule_table_id(struct rule_compile_state *rule_compile
struct rule2table_id *tmp = NULL;
tmp = utarray_find(rule_compile_state->hit_rule_table_ids, &rule_id,
compare_rule_id);
compare_rule_uuid);
if (NULL == tmp) {
return -1;
}
@@ -1386,7 +1380,7 @@ int rule_compile_state_get_rule_table_id(struct rule_compile_state *rule_compile
static int
rule_runtime_add_rule(struct rule_runtime *rule_rt,
struct rule_schema *schema,
long long rule_id, const char *table_name,
uuid_t rule_uuid, const char *table_name,
const char *line, struct log_handle *logger)
{
struct maat_rule *rule = NULL;
@@ -1407,18 +1401,20 @@ rule_runtime_add_rule(struct rule_runtime *rule_rt,
int updating_flag = rcu_hash_is_updating(rule_rt->cfg_hash);
if (1 == updating_flag) {
rule = rcu_updating_hash_find(rule_rt->cfg_hash, (char *)&rule_id,
sizeof(long long));
rule = rcu_updating_hash_find(rule_rt->cfg_hash, (char *)&rule_uuid,
sizeof(uuid_t));
} else {
rule = rcu_hash_find(rule_rt->cfg_hash, (char *)&rule_id, sizeof(long long));
rule = rcu_hash_find(rule_rt->cfg_hash, (char *)&rule_uuid, sizeof(uuid_t));
}
if (rule != NULL) {
char rule_uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(rule_uuid, rule_uuid_str);
log_fatal(logger, MODULE_RULE,
"[%s:%d]rule_id:%lld already existed in rule table, drop line:%s",
__FUNCTION__, __LINE__, rule_id, line);
"[%s:%d]rule_id:%s already existed in rule table, drop line:%s",
__FUNCTION__, __LINE__, rule_uuid_str, line);
}
rule = maat_rule_new(rule_rt, schema, table_name, rule_id, line, rule_item);
rule = maat_rule_new(rule_rt, schema, table_name, rule_uuid, line, rule_item);
if (NULL == rule) {
log_fatal(logger, MODULE_RULE,
"[%s:%d]maat_rule_new failed, drop line:%s",
@@ -1426,14 +1422,14 @@ rule_runtime_add_rule(struct rule_runtime *rule_rt,
return -1;
}
rcu_hash_add(rule_rt->cfg_hash, (char *)&rule_id, sizeof(long long), rule);
rcu_hash_add(rule_rt->cfg_hash, (char *)&rule_uuid, sizeof(uuid_t), rule);
return 0;
}
static void rule_runtime_del_rule(struct rule_runtime *rule_rt,
struct rule_schema *schema,
long long rule_id,
uuid_t rule_uuid,
struct log_handle *logger)
{
struct maat_rule *rule = NULL;
@@ -1441,11 +1437,11 @@ static void rule_runtime_del_rule(struct rule_runtime *rule_rt,
int updating_flag = rcu_hash_is_updating(rule_rt->cfg_hash);
if (1 == updating_flag) {
// find in updating hash
rule = rcu_updating_hash_find(rule_rt->cfg_hash, (char *)&rule_id,
sizeof(long long));
rule = rcu_updating_hash_find(rule_rt->cfg_hash, (char *)&rule_uuid,
sizeof(uuid_t));
} else {
// find in effective hash
rule = rcu_hash_find(rule_rt->cfg_hash, (char *)&rule_id, sizeof(long long));
rule = rcu_hash_find(rule_rt->cfg_hash, (char *)&rule_uuid, sizeof(uuid_t));
}
if (rule != NULL) {
@@ -1456,7 +1452,7 @@ static void rule_runtime_del_rule(struct rule_runtime *rule_rt,
}
}
rcu_hash_del(rule_rt->cfg_hash, (char *)&rule_id, sizeof(long long));
rcu_hash_del(rule_rt->cfg_hash, (char *)&rule_uuid, sizeof(uuid_t));
}
}
@@ -1480,7 +1476,7 @@ int rule_runtime_update(void *rule_runtime, void *rule_schema,
return -1;
}
tmp_obj = cJSON_GetObjectItem(json, "rule_id");
tmp_obj = cJSON_GetObjectItem(json, "uuid");
if (NULL == tmp_obj || tmp_obj->type != cJSON_String) {
log_fatal(rule_rt->logger, MODULE_RULE,
"[%s:%d] rule table:<%s> has no rule_id or not string format in table_line:%s",
@@ -1489,14 +1485,15 @@ int rule_runtime_update(void *rule_runtime, void *rule_schema,
cJSON_Delete(json);
return -1;
}
long long rule_id = atoll(tmp_obj->valuestring);
uuid_t rule_uuid;
uuid_parse(tmp_obj->valuestring, rule_uuid);
if (MAAT_OP_DEL == op) {
// delete
rule_runtime_del_rule(rule_rt, schema, rule_id, rule_rt->logger);
rule_runtime_del_rule(rule_rt, schema, rule_uuid, rule_rt->logger);
} else {
// add
int ret = rule_runtime_add_rule(rule_rt, schema, rule_id,
int ret = rule_runtime_add_rule(rule_rt, schema, rule_uuid,
table_name, line, rule_rt->logger);
if (ret < 0) {
rule_rt->update_err_cnt++;
@@ -1621,14 +1618,14 @@ static int rule_sort_para_compare(const struct rule_sort_para *a,
if (a->condition_num != b->condition_num) {
return (a->condition_num - b->condition_num);
} else {
return (b->rule_id - a->rule_id);
return uuid_compare(a->rule_uuid, b->rule_uuid);
}
}
static void rule_sort_para_set(struct rule_sort_para *para,
const struct rule_item *item)
{
para->rule_id = item->rule_id;
uuid_copy(para->rule_uuid, item->rule_uuid);
para->condition_num = item->condition_num;
}
@@ -1644,7 +1641,7 @@ static int compare_rule_item(const void *a, const void *b)
return rule_sort_para_compare(&sa, &sb);
}
int rule_runtime_match(struct rule_runtime *rule_rt, long long *rule_ids,
int rule_runtime_match(struct rule_runtime *rule_rt, uuid_t *rule_uuids,
size_t rule_ids_size, struct maat_state *state)
{
struct rule_compile_state *rule_compile_state = state->rule_compile_state;
@@ -1662,7 +1659,7 @@ int rule_runtime_match(struct rule_runtime *rule_rt, long long *rule_ids,
}
for (size_t i = 0; i < bool_match_ret; i++) {
rule_ids[i] = rule_items[i]->rule_id;
uuid_copy(rule_uuids[i], rule_items[i]->rule_uuid);
}
return MIN(bool_match_ret, rule_ids_size);
@@ -1674,7 +1671,7 @@ int rule_compile_state_update(struct rule_compile_state *rule_compile_state, str
{
size_t i = 0, j = 0;
size_t hit_cnt = n_hit_item;
long long hit_object_ids[MAX_HIT_OBJECT_NUM];
uuid_t hit_object_uuids[MAX_HIT_OBJECT_NUM];
struct maat_hit_object hit_object;
utarray_clear(rule_compile_state->this_scan_hit_conditions);
@@ -1682,38 +1679,38 @@ int rule_compile_state_update(struct rule_compile_state *rule_compile_state, str
rule_compile_state->Nth_scan = Nth_scan;
for (i = 0; i < hit_cnt; i++) {
hit_object_ids[i] = hit_items[i].object_id;
uuid_copy(hit_object_uuids[i], hit_items[i].object_uuid);
hit_object.item_id = hit_items[i].item_id;
hit_object.object_id = hit_items[i].object_id;
uuid_copy(hit_object.item_uuid, hit_items[i].item_uuid);
uuid_copy(hit_object.object_uuid, hit_items[i].object_uuid);
hit_object.attribute_id = attribute_id;
utarray_push_back(rule_compile_state->last_hit_objects, &hit_object);
}
int g2g_table_id = table_manager_get_object2object_table_id(maat_inst->tbl_mgr);
void *g2g_rt = table_manager_get_runtime(maat_inst->tbl_mgr, g2g_table_id);
int o2o_table_id = table_manager_get_object2object_table_id(maat_inst->tbl_mgr);
void *o2o_rt = table_manager_get_runtime(maat_inst->tbl_mgr, o2o_table_id);
long long super_object_ids[MAX_HIT_OBJECT_NUM];
size_t super_object_cnt = object2object_runtime_get_super_objects(g2g_rt, hit_object_ids,
hit_cnt, super_object_ids,
uuid_t super_object_uuids[MAX_HIT_OBJECT_NUM];
size_t super_object_cnt = object2object_runtime_get_super_objects(o2o_rt, hit_object_uuids,
hit_cnt, super_object_uuids,
MAX_HIT_OBJECT_NUM);
for (i = 0; i < super_object_cnt; i++) {
hit_object.item_id = 0;
hit_object.object_id = super_object_ids[i];
uuid_clear(hit_object.item_uuid);
uuid_copy(hit_object.object_uuid, super_object_uuids[i]);
hit_object.attribute_id = attribute_id;
utarray_push_back(rule_compile_state->last_hit_objects, &hit_object);
}
if (1 == maat_inst->opts.hit_path_on && hit_cnt > 0) {
for (i = 0; i < hit_cnt; i++) {
rule_compile_state_add_internal_hit_path(rule_compile_state, hit_items[i].item_id,
hit_items[i].object_id, attribute_id, 0, Nth_scan);
rule_compile_state_add_internal_hit_path(rule_compile_state, hit_items[i].item_uuid,
hit_items[i].object_uuid, attribute_id, 0, Nth_scan);
}
}
if (1 == maat_inst->opts.hit_object_on) {
rule_compile_state_add_direct_hit_objects(rule_compile_state, hit_items, hit_cnt, attribute_id);
rule_compile_state_add_indirect_hit_objects(rule_compile_state, super_object_ids,
rule_compile_state_add_indirect_hit_objects(rule_compile_state, super_object_uuids,
super_object_cnt, attribute_id);
}
@@ -1730,15 +1727,15 @@ int rule_compile_state_update(struct rule_compile_state *rule_compile_state, str
}
for (j = 0; j < super_object_cnt && hit_cnt < MAX_HIT_OBJECT_NUM; j++) {
hit_object_ids[hit_cnt++] = super_object_ids[j];
uuid_copy(hit_object_uuids[hit_cnt++], super_object_uuids[j]);
}
for (i = 0; i < hit_cnt; i++) {
rule_compile_state_update_hit_conditions(rule_compile_state, rule_rt,
hit_object_ids[i], attribute_id);
hit_object_uuids[i], attribute_id);
}
rule_compile_state_cache_hit_not_objects(rule_compile_state, rule_rt, hit_object_ids,
rule_compile_state_cache_hit_not_objects(rule_compile_state, rule_rt, hit_object_uuids,
hit_cnt, attribute_id);
return hit_cnt;
}
@@ -1772,9 +1769,12 @@ void rule_compile_state_not_logic_update(struct rule_compile_state *rule_compile
}
struct condition_id_kv *condition_id_kv = NULL;
for (size_t i = 0; i < utarray_len(tbl_object->object_ids); i++) {
long long *object_id = utarray_eltptr(tbl_object->object_ids, i);
struct condition_query_key key = {*object_id, attribute_id, 1};
for (size_t i = 0; i < utarray_len(tbl_object->object_uuids); i++) {
uuid_t *object_uuid = utarray_eltptr(tbl_object->object_uuids, i);
struct condition_query_key key;
key.attribute_id = attribute_id;
key.negate_option = 1;
uuid_copy(key.object_uuid, *object_uuid);
HASH_FIND(hh, rule_rt->not_condition_id_kv_hash, &key, sizeof(key), condition_id_kv);
if (NULL == condition_id_kv) {
@@ -1783,7 +1783,9 @@ void rule_compile_state_not_logic_update(struct rule_compile_state *rule_compile
rule_compile_state_add_hit_not_conditions(rule_compile_state, condition_id_kv->condition_ids);
if (1 == maat_inst->opts.hit_path_on) {
rule_compile_state_add_internal_hit_path(rule_compile_state, -1, *object_id,
uuid_t null_uuid;
uuid_clear(null_uuid);
rule_compile_state_add_internal_hit_path(rule_compile_state, null_uuid, *object_uuid,
attribute_id, 1, Nth_scan);
}
}
@@ -1798,8 +1800,8 @@ size_t rule_compile_state_get_indirect_hit_objects(struct rule_compile_state *ru
for (i = 0; i < utarray_len(rule_compile_state->indirect_hit_objects) && i < array_size; i++) {
hit_object =
(struct maat_hit_object *)utarray_eltptr(rule_compile_state->indirect_hit_objects, i);
object_array[i].item_id = hit_object->item_id;
object_array[i].object_id = hit_object->object_id;
uuid_copy(object_array[i].item_uuid, hit_object->item_uuid);
uuid_copy(object_array[i].object_uuid, hit_object->object_uuid);
object_array[i].attribute_id = hit_object->attribute_id;
}
@@ -1842,8 +1844,8 @@ size_t rule_compile_state_get_direct_hit_objects(struct rule_compile_state *rule
struct maat_hit_object *object = NULL;
for (i = 0; i < utarray_len(direct_hit_object) && i < array_size; i++) {
object = (struct maat_hit_object *)utarray_eltptr(direct_hit_object, i);
object_array[i].item_id = object->item_id;
object_array[i].object_id = object->object_id;
uuid_copy(object_array[i].item_uuid, object->item_uuid);
uuid_copy(object_array[i].object_uuid, object->object_uuid);
object_array[i].attribute_id = object->attribute_id;
}
@@ -1859,7 +1861,7 @@ size_t rule_compile_state_get_direct_hit_object_cnt(struct rule_compile_state *r
size_t rule_compile_state_get_internal_hit_paths(struct rule_compile_state *rule_compile_state,
struct rule_runtime *rule_rt,
struct object2object_runtime *g2g_rt,
struct object2object_runtime *o2o_rt,
struct maat_hit_path *hit_path_array,
size_t array_size)
{
@@ -1872,15 +1874,15 @@ size_t rule_compile_state_get_internal_hit_paths(struct rule_compile_state *rule
/*
NOTE: maybe one item has been deleted, but it's item_id still exist in internal_hit_paths
*/
long long super_object_ids[MAX_HIT_OBJECT_NUM];
UT_array *valid_super_object_ids;
utarray_new(valid_super_object_ids, &ut_rule_object_id_icd);
uuid_t super_object_uuids[MAX_HIT_OBJECT_NUM];
UT_array *valid_super_object_uuids;
utarray_new(valid_super_object_uuids, &ut_rule_object_uuid_icd);
size_t super_object_cnt =
object2object_runtime_get_super_objects(g2g_rt, &(internal_path->object_id), 1,
super_object_ids, MAX_HIT_OBJECT_NUM);
object2object_runtime_get_super_objects(o2o_rt, &(internal_path->object_uuid), 1,
super_object_uuids, MAX_HIT_OBJECT_NUM);
for (size_t idx = 0; idx < super_object_cnt; idx++) {
utarray_push_back(valid_super_object_ids, &super_object_ids[idx]);
utarray_push_back(valid_super_object_uuids, &super_object_uuids[idx]);
}
/*
@@ -1889,24 +1891,25 @@ size_t rule_compile_state_get_internal_hit_paths(struct rule_compile_state *rule
------------------------------------------------------------------------------
NOTE: Add the hit path as long as the item is hit
*/
long long super_object_id = -1;
utarray_push_back(valid_super_object_ids, &super_object_id);
uuid_t super_object_uuid;
uuid_clear(super_object_uuid);
utarray_push_back(valid_super_object_uuids, &super_object_uuid);
long long *p = NULL;
uuid_t *p = NULL;
struct maat_hit_path tmp_path;
for (p = utarray_front(valid_super_object_ids);
for (p = utarray_front(valid_super_object_uuids);
p != NULL && hit_path_cnt < array_size;
p = utarray_next(valid_super_object_ids, p)) {
p = utarray_next(valid_super_object_uuids, p)) {
memset(&tmp_path, 0, sizeof(tmp_path));
tmp_path.Nth_scan = internal_path->Nth_scan;
tmp_path.item_id = internal_path->item_id;
tmp_path.sub_object_id = internal_path->object_id;
tmp_path.top_object_id = *p;
uuid_copy(tmp_path.item_uuid, internal_path->item_uuid);
uuid_copy(tmp_path.sub_object_uuid, internal_path->object_uuid);
uuid_copy(tmp_path.top_object_uuid, *p);
tmp_path.attribute_id = internal_path->attribute_id;
tmp_path.negate_option = internal_path->negate_option;
tmp_path.condition_index = -1;
tmp_path.rule_id = -1;
uuid_clear(tmp_path.rule_uuid);
/* check if internal_path is duplicated from hit_path_array[]
* element */
@@ -1920,7 +1923,7 @@ size_t rule_compile_state_get_internal_hit_paths(struct rule_compile_state *rule
hit_path_array[hit_path_cnt] = tmp_path;
hit_path_cnt++;
}
utarray_free(valid_super_object_ids);
utarray_free(valid_super_object_uuids);
}
return hit_path_cnt;

8
src/maat_stat.c
View File

@@ -244,7 +244,7 @@ static void fs_table_row_refresh(struct maat_stat *stat, int perf_on)
long long total_rule_num = 0, total_scan_bytes = 0, total_update_err = 0;
long long total_scan_times = 0, total_hit_times = 0, total_scan_cpu_time = 0;
long long total_regv6_num = 0, total_hit_item_num = 0, total_hit_pattern_num = 0;
long long g2c_not_condition_num = 0, g2g_excl_rule_num = 0;
long long o2r_not_condition_num = 0, o2o_excl_rule_num = 0;
struct field cell_tag = {
.key = "TBL",
.type = FIELD_VALUE_CSTRING
@@ -273,7 +273,7 @@ static void fs_table_row_refresh(struct maat_stat *stat, int perf_on)
plugin_rule_num += plugin_runtime_rule_count(runtime);
break;
case TABLE_TYPE_OBJECT2OBJECT:
g2g_excl_rule_num += object2object_runtime_exclude_rule_count(runtime);
o2o_excl_rule_num += object2object_runtime_exclude_rule_count(runtime);
break;
case TABLE_TYPE_EXPR:
case TABLE_TYPE_EXPR_PLUS:
@@ -412,11 +412,11 @@ static void fs_table_row_refresh(struct maat_stat *stat, int perf_on)
fieldstat_easy_counter_set(stat->fs_handle, 0,
stat->g_metric_id[STATUS_CONDITION_REF_NOT_NUM],
NULL, 0, g2c_not_condition_num);
NULL, 0, o2r_not_condition_num);
fieldstat_easy_counter_set(stat->fs_handle, 0,
stat->g_metric_id[STATUS_OBJECT_REF_EXCL_NUM],
NULL, 0, g2g_excl_rule_num);
NULL, 0, o2o_excl_rule_num);
}

12
src/maat_table.c
View File

@@ -59,7 +59,7 @@ struct table_manager {
enum expr_engine_type engine_type;
int default_rule_table_id;
int g2g_table_id;
int o2o_table_id;
struct maat_kv_store *tbl_name2id_map;
struct maat_kv_store *conj_tbl_name2id_map;
struct maat_kv_store *attr_name2id_map;
@@ -929,7 +929,7 @@ table_manager_create(const char *table_info_path, const char *accept_tags,
}
int default_rule_table_id = -1;
int g2g_table_id = -1;
int o2o_table_id = -1;
struct maat_kv_store *reserved_word_map = maat_kv_store_new();
register_reserved_word(reserved_word_map);
@@ -967,7 +967,7 @@ table_manager_create(const char *table_info_path, const char *accept_tags,
}
if (maat_tbl->table_type == TABLE_TYPE_OBJECT2OBJECT) {
g2g_table_id = maat_tbl->table_id;
o2o_table_id = maat_tbl->table_id;
}
if (maat_tbl->table_type >= TABLE_TYPE_FLAG && maat_tbl->table_type <= TABLE_TYPE_INTERVAL_PLUS) {
@@ -984,10 +984,10 @@ table_manager_create(const char *table_info_path, const char *accept_tags,
}
tbl_mgr->default_rule_table_id = default_rule_table_id;
tbl_mgr->g2g_table_id = g2g_table_id;
tbl_mgr->o2o_table_id = o2o_table_id;
log_info(logger, MODULE_TABLE, "default rule table id: %d", default_rule_table_id);
log_info(logger, MODULE_TABLE, "object2object table id: %d", g2g_table_id);
log_info(logger, MODULE_TABLE, "object2object table id: %d", o2o_table_id);
next:
FREE(json_buff);
maat_kv_store_free(reserved_word_map);
@@ -1241,7 +1241,7 @@ int table_manager_get_object2object_table_id(struct table_manager *tbl_mgr)
return -1;
}
return tbl_mgr->g2g_table_id;
return tbl_mgr->o2o_table_id;
}
void *table_manager_get_schema(struct table_manager *tbl_mgr, int table_id)

3
test/json_update/corrupted.json
View File

@@ -3,7 +3,7 @@
"object_table": "OBJECT",
"rules": [
{
"rule_id": 1,
"rule_id": "1",
"service": 1,
"action": 1,
"do_blacklist": 1,
@@ -13,6 +13,7 @@
"conditions": [
{
"object_name": "Untitled",
"attribute_name": "HTTP_URL",
"objects": [
{
"items": [

4
test/json_update/new.json
View File

@@ -3,7 +3,7 @@
"object2object_table": "OBJECT2OBJECT",
"rules": [
{
"rule_id": 2,
"rule_id": "2",
"service": 1,
"action": 1,
"do_blacklist": 1,
@@ -12,7 +12,7 @@
"is_valid": "yes",
"conditions": [
{
"attribute": "HTTP_URL",
"attribute_name": "HTTP_URL",
"objects": [
{
"items": [

238
test/maat_framework_gtest.cpp
View File

@@ -671,7 +671,7 @@ TEST_F(HsStringScan, BackslashR_N_Escape_IncUpdate) {
maat_state_reset(state);
const char *rule_table_name = "RULE_DEFAULT";
const char *g2c_table_name = "OBJECT2RULE_DEFAULT";
const char *o2r_table_name = "OBJECT2RULE_DEFAULT";
/* rule table add line */
long long rule_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1);
@@ -681,7 +681,7 @@ TEST_F(HsStringScan, BackslashR_N_Escape_IncUpdate) {
/* object2rule table add line */
long long object_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object_id, rule_id, 0, table_name, 1, 0);
EXPECT_EQ(ret, 1);
@@ -1444,7 +1444,7 @@ TEST_F(HsStringScan, dynamic_config) {
maat_state_reset(state);
const char *rule_table_name = "RULE_DEFAULT";
const char *g2c_table_name = "OBJECT2RULE_DEFAULT";
const char *o2r_table_name = "OBJECT2RULE_DEFAULT";
/* rule table add line */
long long rule_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1);
@@ -1454,7 +1454,7 @@ TEST_F(HsStringScan, dynamic_config) {
/* object2rule table add line */
long long object_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object_id, rule_id, 0, table_name, 1, 0);
EXPECT_EQ(ret, 1);
@@ -1487,7 +1487,7 @@ TEST_F(HsStringScan, dynamic_config) {
EXPECT_EQ(ret, 1);
/* object2rule table del line */
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_DEL,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_DEL,
object_id, rule_id, 0, table_name, 1, 0);
EXPECT_EQ(ret, 1);
@@ -1709,7 +1709,7 @@ TEST_F(RsStringScan, BackslashR_N_Escape_IncUpdate) {
maat_state_reset(state);
const char *rule_table_name = "RULE_DEFAULT";
const char *g2c_table_name = "OBJECT2RULE_DEFAULT";
const char *o2r_table_name = "OBJECT2RULE_DEFAULT";
/* rule table add line */
long long rule_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1);
@@ -1719,7 +1719,7 @@ TEST_F(RsStringScan, BackslashR_N_Escape_IncUpdate) {
/* object2rule table add line */
long long object_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object_id, rule_id, 0, table_name, 1, 0);
EXPECT_EQ(ret, 1);
@@ -2489,7 +2489,7 @@ TEST_F(RsStringScan, dynamic_config) {
EXPECT_EQ(ret, MAAT_SCAN_OK);
const char *rule_table_name = "RULE_DEFAULT";
const char *g2c_table_name = "OBJECT2RULE_DEFAULT";
const char *o2r_table_name = "OBJECT2RULE_DEFAULT";
/* rule table add line */
long long rule_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1);
@@ -2499,7 +2499,7 @@ TEST_F(RsStringScan, dynamic_config) {
/* object2rule table add line */
long long object_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object_id, rule_id, 0, table_name, 1, 0);
EXPECT_EQ(ret, 1);
@@ -2532,7 +2532,7 @@ TEST_F(RsStringScan, dynamic_config) {
EXPECT_EQ(ret, 1);
/* object2rule table del line */
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_DEL,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_DEL,
object_id, rule_id, 0, table_name, 1, 0);
EXPECT_EQ(ret, 1);
@@ -3183,7 +3183,7 @@ TEST_F(IPScan, RuleUpdates) {
maat_state_reset(state);
const char *rule_table_name = "RULE_DEFAULT";
const char *g2c_table_name = "OBJECT2RULE_DEFAULT";
const char *o2r_table_name = "OBJECT2RULE_DEFAULT";
/* rule table add line */
long long rule_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1);
@@ -3193,7 +3193,7 @@ TEST_F(IPScan, RuleUpdates) {
/* object2rule table add line */
long long object_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object_id, rule_id, 0, table_name, 1, 0);
EXPECT_EQ(ret, 1);
@@ -3223,7 +3223,7 @@ TEST_F(IPScan, RuleUpdates) {
EXPECT_EQ(ret, 1);
/* object2rule table del line */
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_DEL,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_DEL,
object_id, rule_id, 0, table_name, 1, 0);
EXPECT_EQ(ret, 1);
@@ -3256,7 +3256,7 @@ TEST_F(IPScan, RuleChangeConditionId) {
int ret;
const char *rule_table_name = "RULE_DEFAULT";
const char *g2c_table_name = "OBJECT2RULE_DEFAULT";
const char *o2r_table_name = "OBJECT2RULE_DEFAULT";
/* rule table add line */
long long rule_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1);
@@ -3266,7 +3266,7 @@ TEST_F(IPScan, RuleChangeConditionId) {
/* object2rule table add line */
long long object_id1 = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object_id1, rule_id, 0, src_table_name, 1, 0);
EXPECT_EQ(ret, 1);
@@ -3278,7 +3278,7 @@ TEST_F(IPScan, RuleChangeConditionId) {
/* object2rule table add line */
long long object_id2 = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object_id2, rule_id, 0, dst_table_name, 2, 0);
EXPECT_EQ(ret, 1);
@@ -3327,15 +3327,15 @@ TEST_F(IPScan, RuleChangeConditionId) {
/* object2rule table del line */
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_DEL,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_DEL,
object_id1, rule_id, 0, src_table_name, 1, 0);
EXPECT_EQ(ret, 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_DEL,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_DEL,
object_id2, rule_id, 0, dst_table_name, 2, 0);
EXPECT_EQ(ret, 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object_id1, rule_id, 0, src_table_name, 2, 0);
EXPECT_EQ(ret, 1);
@@ -3343,7 +3343,7 @@ TEST_F(IPScan, RuleChangeConditionId) {
int app_id_table_id = maat_get_table_id(maat_inst, app_id_table_name);
/* object2rule table add line */
long long object_id3 = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object_id3, rule_id, 0, app_id_table_name, 1, 0);
EXPECT_EQ(ret, 1);
@@ -6198,7 +6198,7 @@ TEST_F(TableSchemaTag, RuleTable) {
const char *rule1_table_name = "RULE_DEFAULT";
const char *rule2_table_name = "RULE_ALIAS";
const char *rule3_table_name = "RULE_CONJUNCTION";
const char *g2c_table_name = "OBJECT2RULE";
const char *o2r_table_name = "OBJECT2RULE";
struct maat *maat_inst = TableSchemaTag::_shared_maat_inst;
//RULE_DEFAULT
@@ -6229,10 +6229,10 @@ TEST_F(TableSchemaTag, RuleTable) {
EXPECT_EQ(ret, 0);
//OBJECT2RULE
int g2c_table_id = maat_get_table_id(maat_inst, g2c_table_name);
EXPECT_EQ(g2c_table_id, 3);
int o2r_table_id = maat_get_table_id(maat_inst, o2r_table_name);
EXPECT_EQ(o2r_table_id, 3);
const char *tag4 = maat_get_table_schema_tag(maat_inst, g2c_table_id);
const char *tag4 = maat_get_table_schema_tag(maat_inst, o2r_table_id);
EXPECT_TRUE(tag4 != NULL);
ret = strcmp(tag4, "{\"object2rule\": \"object2rule\"}");
@@ -7484,7 +7484,7 @@ TEST_F(MaatCmd, SetIP) {
int thread_id = 0;
const char *ip_table_name = "IP_CONFIG";
const char *rule_table_name = "RULE_DEFAULT";
const char *g2c_table_name = "OBJECT2RULE_DEFAULT";
const char *o2r_table_name = "OBJECT2RULE_DEFAULT";
struct maat *maat_inst = MaatCmd::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
maat_reload_log_level(maat_inst, LOG_LEVEL_INFO);
@@ -7497,7 +7497,7 @@ TEST_F(MaatCmd, SetIP) {
/* object2rule table add line */
long long object_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object_id, rule_id, 0, ip_table_name, 1, 0);
EXPECT_EQ(ret, 1);
@@ -7609,7 +7609,7 @@ TEST_F(MaatCmd, SetExpr8) {
const char *scan_data7 = "string1, string2, string3, string4, string5, string6, string7";
const char *rule_table_name = "RULE_DEFAULT";
const char *g2c_table_name = "OBJECT2RULE_DEFAULT";
const char *o2r_table_name = "OBJECT2RULE_DEFAULT";
const char *table_name = "KEYWORDS_TABLE";
const char *keywords8 = "string1&string2&string3&string4&string5&string6&string7&string8";
@@ -7629,7 +7629,7 @@ TEST_F(MaatCmd, SetExpr8) {
/* object2rule table add line */
long long object_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object_id, rule_id, 0, table_name, 1, 0);
EXPECT_EQ(ret, 1);
@@ -7686,7 +7686,7 @@ TEST_F(MaatCmd, ObjectScan) {
int thread_id = 0;
const char *table_name = "HTTP_URL";
const char *rule_table_name = "RULE_DEFAULT";
const char *g2c_table_name = "OBJECT2RULE_DEFAULT";
const char *o2r_table_name = "OBJECT2RULE_DEFAULT";
struct maat *maat_inst = MaatCmd::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
@@ -7701,7 +7701,7 @@ TEST_F(MaatCmd, ObjectScan) {
/* object2rule table add line */
long long object_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object_id, rule_id, 0, table_name, 1, 0);
EXPECT_EQ(ret, 1);
@@ -7729,7 +7729,7 @@ TEST_F(MaatCmd, SameFilterRefByOneRule) {
const char *scan_data = "http://filtermenot.com";
const char *keywords = "menot.com";
const char *rule_table_name = "RULE_DEFAULT";
const char *g2c_table_name = "OBJECT2RULE_DEFAULT";
const char *o2r_table_name = "OBJECT2RULE_DEFAULT";
long long results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0;
int thread_id = 0;
@@ -7746,11 +7746,11 @@ TEST_F(MaatCmd, SameFilterRefByOneRule) {
//condition1 & condition2 has same filter => {attribute_id, object_id}
long long object_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object_id, rule_id, 0, attribute_name, 1, 0);
EXPECT_EQ(ret, 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object_id, rule_id, 0, attribute_name, 2, 0);
EXPECT_EQ(ret, 1);
@@ -7881,8 +7881,8 @@ TEST_F(MaatCmd, ReturnRuleIDWithDescendingOrder) {
TEST_F(MaatCmd, SubObject) {
const char *table_name = "HTTP_URL";
const char *rule_table_name = "RULE_DEFAULT";
const char *g2c_table_name = "OBJECT2RULE_DEFAULT";
const char *g2g_table_name = "OBJECT2OBJECT";
const char *o2r_table_name = "OBJECT2RULE_DEFAULT";
const char *o2o_table_name = "OBJECT2OBJECT";
const char *scan_data1 = "www.v2ex.com/t/573028#程序员的核心竞争力是什么";
const char *keyword1 = "程序员&核心竞争力";
const char *scan_data2 = "https://ask.leju.com/bj/detail/12189672562229248/?bi=tg&type=sina-pc"
@@ -7912,18 +7912,18 @@ TEST_F(MaatCmd, SubObject) {
/* object2rule table add line */
//object1 -> rule1
long long object1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object1_id, rule1_id, 0, table_name, 1, 0);
EXPECT_EQ(ret, 1);
//object1 -> rule2
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object1_id, rule2_id, 0, table_name, 1, 0);
EXPECT_EQ(ret, 1);
//object2 -> object1 -> rule1
long long object2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2object_table_set_line(maat_inst, g2g_table_name, MAAT_OP_ADD,
ret = object2object_table_set_line(maat_inst, o2o_table_name, MAAT_OP_ADD,
object1_id, object2_id, 0);
EXPECT_EQ(ret, 1);
@@ -7956,7 +7956,7 @@ TEST_F(MaatCmd, SubObject) {
\
\_ X -> rule2
*/
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_DEL,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_DEL,
object1_id, rule2_id, 0, table_name, 1, 0);
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S);
@@ -7977,14 +7977,14 @@ TEST_F(MaatCmd, SubObject) {
\
\_ -> rule2
*/
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_DEL,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_DEL,
object1_id, rule1_id, 0, table_name, 1, 0);
EXPECT_EQ(ret, 1);
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL,
rule1_id, "null", 1, 0);
EXPECT_EQ(ret, 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object2_id, rule2_id, 0, table_name, 1, 0);
EXPECT_EQ(ret, 1);
@@ -8007,7 +8007,7 @@ TEST_F(MaatCmd, SubObject) {
item2 -> object3
*/
long long object3_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2object_table_set_line(maat_inst, g2g_table_name, MAAT_OP_ADD,
ret = object2object_table_set_line(maat_inst, o2o_table_name, MAAT_OP_ADD,
object1_id, object3_id, 0);
EXPECT_EQ(ret, 1);
@@ -8033,14 +8033,14 @@ TEST_F(MaatCmd, SubObject) {
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
rule1_id, "null", 1, 0);
EXPECT_EQ(ret, 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object1_id, rule1_id, 0, table_name, 1, 0);
EXPECT_EQ(ret, 1);
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL,
rule1_id, "null", 1, 0);
EXPECT_EQ(ret, 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_DEL,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_DEL,
object1_id, rule1_id, 0, table_name, 1, 0);
EXPECT_EQ(ret, 1);
@@ -8062,7 +8062,7 @@ TEST_F(MaatCmd, SubObject) {
TEST_F(MaatCmd, RefObject) {
const char *table_name = "HTTP_URL";
const char* rule_table_name = "RULE_DEFAULT";
const char* g2c_table_name = "OBJECT2RULE_DEFAULT";
const char* o2r_table_name = "OBJECT2RULE_DEFAULT";
const char* scan_data1 = "m.facebook.com/help/2297503110373101?helpref=hc_nav&refid=69";
const char* keyword1 = "something-should-not-hit";
const char* keyword2 = "facebook.com/help/2297503110373101";
@@ -8081,7 +8081,7 @@ TEST_F(MaatCmd, RefObject) {
//object1 -> rule1
long long object1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object1_id, rule1_id, 0, table_name, 1, 0);
EXPECT_EQ(ret, 1);
@@ -8099,7 +8099,7 @@ TEST_F(MaatCmd, RefObject) {
item2 -> object2
*/
long long object2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object2_id, rule1_id, 0, table_name, 1, 0);
EXPECT_EQ(ret, 1);
@@ -8114,10 +8114,10 @@ TEST_F(MaatCmd, RefObject) {
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
rule1_id, "null", 1, 0);
EXPECT_EQ(ret, 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_DEL,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_DEL,
object1_id, rule1_id, 0, table_name, 1, 0);
EXPECT_EQ(ret, 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object2_id, rule1_id, 0, table_name, 1, 0);
EXPECT_EQ(ret, 1);
@@ -8141,7 +8141,7 @@ TEST_F(MaatCmd, RefObject) {
TEST_F(MaatCmd, Attribute) {
const char* rule_table_name = "RULE_DEFAULT";
const char* g2c_table_name = "OBJECT2RULE_DEFAULT";
const char* o2r_table_name = "OBJECT2RULE_DEFAULT";
const char* table_name="HTTP_SIGNATURE";
int thread_id = 0;
struct maat *maat_inst = MaatCmd::_shared_maat_inst;
@@ -8154,7 +8154,7 @@ TEST_F(MaatCmd, Attribute) {
//object1 -> rule1
long long object1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object1_id, rule1_id, 0,
"HTTP_REQUEST_HEADER", 1, 0);
EXPECT_EQ(ret, 1);
@@ -8170,7 +8170,7 @@ TEST_F(MaatCmd, Attribute) {
object2_/
*/
long long object2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object2_id, rule1_id, 0,
"HTTP_RESPONSE_HEADER", 2, 0);
EXPECT_EQ(ret, 1);
@@ -8231,7 +8231,7 @@ TEST_F(MaatCmd, Attribute) {
maat_state_reset(state);
//delete object1
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_DEL,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_DEL,
object1_id, rule1_id, 0,
"HTTP_REQUEST_HEADER", 1, 0);
EXPECT_EQ(ret, 1);
@@ -8936,7 +8936,7 @@ TEST_F(MaatCmd, UpdateBoolPlugin) {
#define RULE_ID_NUMS 1000
TEST_F(MaatCmd, ObjectInMassRules) {
const char* g2c_table_name = "OBJECT2RULE_DEFAULT";
const char* o2r_table_name = "OBJECT2RULE_DEFAULT";
const char* rule_table_name = "RULE_DEFAULT";
const char* table_url = "HTTP_URL";
const char* table_appid = "APP_ID";
@@ -8979,11 +8979,11 @@ TEST_F(MaatCmd, ObjectInMassRules) {
}
for (i = 0; i < RULE_ID_NUMS; i++) {
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object1_id, rule_id[i], 0, table_url, 0, 0);
EXPECT_EQ(ret, 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object3_id, rule_id[i], 0, table_appid, 2, 0);
EXPECT_EQ(ret, 1);
}
@@ -8996,10 +8996,10 @@ TEST_F(MaatCmd, ObjectInMassRules) {
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
target_rule_id, "null", 2, 0);
EXPECT_EQ(ret, 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object2_id, target_rule_id, 0, table_url, 1, 0);
EXPECT_EQ(ret, 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object3_id, target_rule_id, 0, table_appid, 2, 0);
EXPECT_EQ(ret, 1);
@@ -9060,8 +9060,8 @@ TEST_F(MaatCmd, ObjectInMassRules) {
TEST_F(MaatCmd, HitObject) {
const char *rule_table_name = "RULE_DEFAULT";
const char *g2c_table_name = "OBJECT2RULE_DEFAULT";
const char *g2g_table_name = "OBJECT2OBJECT";
const char *o2r_table_name = "OBJECT2RULE_DEFAULT";
const char *o2o_table_name = "OBJECT2OBJECT";
const char *http_sig_table_name = "HTTP_SIGNATURE";
const char *ip_table_name = "IP_CONFIG";
const char *keywords_table_name = "KEYWORDS_TABLE";
@@ -9077,7 +9077,7 @@ TEST_F(MaatCmd, HitObject) {
//object1 -> rule1
long long object1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object1_id, rule1_id, 0,
"HTTP_REQUEST_HEADER", 1, 0);
EXPECT_EQ(ret, 1);
@@ -9094,7 +9094,7 @@ TEST_F(MaatCmd, HitObject) {
object21_/
*/
long long object21_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object21_id, rule1_id, 0,
"HTTP_RESPONSE_HEADER", 2, 0);
EXPECT_EQ(ret, 1);
@@ -9104,7 +9104,7 @@ TEST_F(MaatCmd, HitObject) {
object2 -> object21 _/
*/
long long object2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2object_table_set_line(maat_inst, g2g_table_name, MAAT_OP_ADD,
ret = object2object_table_set_line(maat_inst, o2o_table_name, MAAT_OP_ADD,
object21_id, object2_id, 0);
EXPECT_EQ(ret, 1);
@@ -9126,7 +9126,7 @@ TEST_F(MaatCmd, HitObject) {
item2 -> object2 -> object21 _/
*/
long long object11_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2object_table_set_line(maat_inst, g2g_table_name, MAAT_OP_ADD,
ret = object2object_table_set_line(maat_inst, o2o_table_name, MAAT_OP_ADD,
object11_id, object1_id, 0);
EXPECT_EQ(ret, 1);
@@ -9338,8 +9338,8 @@ TEST_F(MaatCmd, HitObject) {
}
TEST_F(MaatCmd, HitPathBasic) {
const char *g2g_table_name = "OBJECT2OBJECT";
const char *g2c_table_name = "OBJECT2RULE_DEFAULT";
const char *o2o_table_name = "OBJECT2OBJECT";
const char *o2r_table_name = "OBJECT2RULE_DEFAULT";
const char *rule_table_name = "RULE_DEFAULT";
const char *http_sig_table_name = "HTTP_SIGNATURE";
const char *ip_table_name = "IP_CONFIG";
@@ -9356,7 +9356,7 @@ TEST_F(MaatCmd, HitPathBasic) {
//object1 -> rule1
long long object1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object1_id, rule1_id, 0,
"HTTP_REQUEST_HEADER", 1, 0);
EXPECT_EQ(ret, 1);
@@ -9373,7 +9373,7 @@ TEST_F(MaatCmd, HitPathBasic) {
object21_/
*/
long long object21_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object21_id, rule1_id, 0,
"HTTP_RESPONSE_HEADER", 2, 0);
EXPECT_EQ(ret, 1);
@@ -9383,7 +9383,7 @@ TEST_F(MaatCmd, HitPathBasic) {
object2 -> object21 _/
*/
long long object2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2object_table_set_line(maat_inst, g2g_table_name, MAAT_OP_ADD,
ret = object2object_table_set_line(maat_inst, o2o_table_name, MAAT_OP_ADD,
object21_id, object2_id, 0);
EXPECT_EQ(ret, 1);
@@ -9405,7 +9405,7 @@ TEST_F(MaatCmd, HitPathBasic) {
item2 -> object2 -> object21 _/
*/
long long object11_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2object_table_set_line(maat_inst, g2g_table_name, MAAT_OP_ADD,
ret = object2object_table_set_line(maat_inst, o2o_table_name, MAAT_OP_ADD,
object11_id, object1_id, 0);
EXPECT_EQ(ret, 1);
@@ -9639,8 +9639,8 @@ that the edges be all directed in the same direction.";
item4 -> object4 -/
*/
TEST_F(MaatCmd, HitPathAdvanced) {
const char *g2g_table_name = "OBJECT2OBJECT";
const char *g2c_table_name = "OBJECT2RULE_DEFAULT";
const char *o2o_table_name = "OBJECT2OBJECT";
const char *o2r_table_name = "OBJECT2RULE_DEFAULT";
const char *rule_table_name = "RULE_DEFAULT";
const char *ip_table_name = "IP_CONFIG";
const char *keywords_table_name = "KEYWORDS_TABLE";
@@ -9656,7 +9656,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
//object1 -> rule1
long long object1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object1_id, rule1_id, 0,
"KEYWORDS_TABLE", 1, 0); //condition_index:1
EXPECT_EQ(ret, 1);
@@ -9673,7 +9673,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
object21_/
*/
long long object21_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object21_id, rule1_id, 0,
"KEYWORDS_TABLE", 2, 0); //condition_index:2
EXPECT_EQ(ret, 1);
@@ -9683,7 +9683,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
object2 -> object21 _/
*/
long long object2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2object_table_set_line(maat_inst, g2g_table_name, MAAT_OP_ADD,
ret = object2object_table_set_line(maat_inst, o2o_table_name, MAAT_OP_ADD,
object21_id, object2_id, 0);
EXPECT_EQ(ret, 1);
@@ -9710,7 +9710,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
\
rule2
*/
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object21_id, rule2_id, 0,
"KEYWORDS_TABLE", 3, 0); //condition_index:3
EXPECT_EQ(ret, 1);
@@ -9728,7 +9728,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
object3_id, "220.181.38.168-220.181.38.169", 0);
EXPECT_EQ(ret, 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object3_id, rule2_id, 0,
"IP_CONFIG", 4, 0); //condition_index:4
EXPECT_EQ(ret, 1);
@@ -9747,7 +9747,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
rule3_id, "null", 2, 0);
EXPECT_EQ(ret, 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object3_id, rule3_id, 0,
"IP_CONFIG", 5, 0); //condition_index:5
EXPECT_EQ(ret, 1);
@@ -9774,7 +9774,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
NULL, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
EXPECT_EQ(ret, 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object4_id, rule3_id, 0,
"KEYWORDS_TABLE", 6, 0); //condition_index:6
EXPECT_EQ(ret, 1);
@@ -9998,8 +9998,8 @@ TEST_F(MaatCmd, HitPathAdvanced) {
}
TEST_F(MaatCmd, HitPathHasNotObject) {
const char *g2g_table_name = "OBJECT2OBJECT";
const char *g2c_table_name = "OBJECT2RULE_DEFAULT";
const char *o2o_table_name = "OBJECT2OBJECT";
const char *o2r_table_name = "OBJECT2RULE_DEFAULT";
const char *rule_table_name = "RULE_DEFAULT";
const char *http_sig_table_name = "HTTP_SIGNATURE";
const char *ip_table_name = "IP_CONFIG";
@@ -10016,7 +10016,7 @@ TEST_F(MaatCmd, HitPathHasNotObject) {
// !object1 -> rule1
long long object1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object1_id, rule1_id, 1,
"HTTP_REQUEST_HEADER", 1, 0);
EXPECT_EQ(ret, 1);
@@ -10032,7 +10032,7 @@ TEST_F(MaatCmd, HitPathHasNotObject) {
object21_/
*/
long long object21_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object21_id, rule1_id, 0,
"HTTP_RESPONSE_HEADER", 2, 0);
EXPECT_EQ(ret, 1);
@@ -10042,7 +10042,7 @@ TEST_F(MaatCmd, HitPathHasNotObject) {
object2 -> object21 _/
*/
long long object2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2object_table_set_line(maat_inst, g2g_table_name, MAAT_OP_ADD,
ret = object2object_table_set_line(maat_inst, o2o_table_name, MAAT_OP_ADD,
object21_id, object2_id, 0);
EXPECT_EQ(ret, 1);
@@ -10064,7 +10064,7 @@ TEST_F(MaatCmd, HitPathHasNotObject) {
item2 -> object2 -> object21 _/
*/
long long object11_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2object_table_set_line(maat_inst, g2g_table_name, MAAT_OP_ADD,
ret = object2object_table_set_line(maat_inst, o2o_table_name, MAAT_OP_ADD,
object11_id, object1_id, 0);
EXPECT_EQ(ret, 1);
@@ -10291,8 +10291,8 @@ TEST_F(MaatCmd, HitPathHasNotObject) {
TEST_F(MaatCmd, SameSuperObjectRefByMultiRule) {
int thread_id = 0;
const char *g2g_table_name = "OBJECT2OBJECT";
const char *g2c_table_name = "OBJECT2RULE_DEFAULT";
const char *o2o_table_name = "OBJECT2OBJECT";
const char *o2r_table_name = "OBJECT2RULE_DEFAULT";
const char *rule_table_name = "RULE_DEFAULT";
const char *http_sig_table_name = "HTTP_SIGNATURE";
struct maat *maat_inst = MaatCmd::_shared_maat_inst;
@@ -10310,7 +10310,7 @@ TEST_F(MaatCmd, SameSuperObjectRefByMultiRule) {
EXPECT_EQ(ret, 1);
long long object52_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2object_table_set_line(maat_inst, g2g_table_name, MAAT_OP_ADD,
ret = object2object_table_set_line(maat_inst, o2o_table_name, MAAT_OP_ADD,
object52_id, object5_id, 0);
EXPECT_EQ(ret, 1);
@@ -10319,7 +10319,7 @@ TEST_F(MaatCmd, SameSuperObjectRefByMultiRule) {
rule2_id, "HTTP_RESPONSE_HEADER", 1, 0);
EXPECT_EQ(ret, 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object52_id, rule2_id, 0,
"HTTP_RESPONSE_HEADER", 0, 0);
EXPECT_EQ(ret, 1);
@@ -10329,7 +10329,7 @@ TEST_F(MaatCmd, SameSuperObjectRefByMultiRule) {
rule3_id, "HTTP_RESPONSE_HEADER", 1, 0);
EXPECT_EQ(ret, 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object52_id, rule3_id, 0,
"HTTP_RESPONSE_HEADER", 0, 0);
EXPECT_EQ(ret, 1);
@@ -10390,7 +10390,7 @@ TEST_F(MaatCmd, SameSuperObjectRefByMultiRule) {
}
TEST_F(MaatCmd, SameScanStatusWhenConditionUpdate_TSG6419) {
const char *g2c_table_name = "OBJECT2RULE_DEFAULT";
const char *o2r_table_name = "OBJECT2RULE_DEFAULT";
const char* rule_table_name = "RULE_DEFAULT";
const char* ip_table_name = "IP_PLUS_CONFIG";
const char *app_id_table_name = "APP_ID";
@@ -10408,7 +10408,7 @@ TEST_F(MaatCmd, SameScanStatusWhenConditionUpdate_TSG6419) {
item21 -> object21 -> condition2 _/
*/
long long object11_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object11_id, rule1_id, 0, ip_table_name, 1, 0);
EXPECT_EQ(ret, 1);
@@ -10418,7 +10418,7 @@ TEST_F(MaatCmd, SameScanStatusWhenConditionUpdate_TSG6419) {
EXPECT_EQ(ret, 1);
long long object21_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object21_id, rule1_id, 0, app_id_table_name, 2, 0);
EXPECT_EQ(ret, 1);
@@ -10465,7 +10465,7 @@ TEST_F(MaatCmd, SameScanStatusWhenConditionUpdate_TSG6419) {
EXPECT_EQ(ret, 1);
long long object22_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object22_id, rule1_id, 0, app_id_table_name, 3, 0);
EXPECT_EQ(ret, 1);
@@ -10500,7 +10500,7 @@ TEST_F(MaatCmd, SameScanStatusWhenConditionUpdate_TSG6419) {
}
TEST_F(MaatCmd, ObjectEdit) {
const char *g2c_table_name = "OBJECT2RULE_DEFAULT";
const char *o2r_table_name = "OBJECT2RULE_DEFAULT";
const char *rule_table_name = "RULE_DEFAULT";
const char *ip_table_name = "IP_PLUS_CONFIG";
const char *app_id_table_name = "APP_ID";
@@ -10517,7 +10517,7 @@ TEST_F(MaatCmd, ObjectEdit) {
item21 -> object21 -> condition2 _/
*/
long long object11_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object11_id, rule1_id, 0, ip_table_name, 1, 0);
EXPECT_EQ(ret, 1);
@@ -10527,7 +10527,7 @@ TEST_F(MaatCmd, ObjectEdit) {
EXPECT_EQ(ret, 1);
long long object21_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object21_id, rule1_id, 0, app_id_table_name, 2, 0);
EXPECT_EQ(ret, 1);
@@ -10642,7 +10642,7 @@ TEST_F(MaatCmd, ObjectEdit) {
}
TEST_F(MaatCmd, RuleDelete_TSG6548) {
const char* g2c_table_name = "OBJECT2RULE_DEFAULT";
const char* o2r_table_name = "OBJECT2RULE_DEFAULT";
const char* rule_table_name = "RULE_DEFAULT";
const char* ip_table_name = "IP_PLUS_CONFIG";
int thread_id = 0;
@@ -10656,7 +10656,7 @@ TEST_F(MaatCmd, RuleDelete_TSG6548) {
//item11 -> object11 -> condition1 -> rule1
long long object11_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object11_id, rule1_id, 0, ip_table_name, 1, 0);
EXPECT_EQ(ret, 1);
@@ -10690,7 +10690,7 @@ TEST_F(MaatCmd, RuleDelete_TSG6548) {
rule1_id, "null", 1, 0);
EXPECT_EQ(ret, 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_DEL,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_DEL,
object11_id, rule1_id, 0, ip_table_name, 1, 0);
EXPECT_EQ(ret, 1);
@@ -10717,7 +10717,7 @@ TEST_F(MaatCmd, RuleDelete_TSG6548) {
}
TEST_F(MaatCmd, UpdateDeadLockDetection) {
const char* g2c_table_name = "OBJECT2RULE_DEFAULT";
const char* o2r_table_name = "OBJECT2RULE_DEFAULT";
const char* rule_table_name = "RULE_DEFAULT";
const char* table_http_url = "HTTP_URL";
int thread_id = 0;
@@ -10731,7 +10731,7 @@ TEST_F(MaatCmd, UpdateDeadLockDetection) {
//object1 -> rule1
long long object1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object1_id, rule1_id, 0, table_http_url, 0, 0);
EXPECT_EQ(ret, 1);
@@ -10769,7 +10769,7 @@ TEST_F(MaatCmd, UpdateDeadLockDetection) {
//object2 -> rule2
long long object2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object2_id, rule2_id, 0, table_http_url, 0, 0);
EXPECT_EQ(ret, 1);
@@ -10802,7 +10802,7 @@ TEST_F(MaatCmd, UpdateDeadLockDetection) {
}
TEST_F(MaatCmd, StreamScanWhenExprTableIncUpdate) {
const char* g2c_table_name = "OBJECT2RULE_DEFAULT";
const char* o2r_table_name = "OBJECT2RULE_DEFAULT";
const char* rule_table_name = "RULE_DEFAULT";
const char* scan_table_name = "KEYWORDS_TABLE";
int thread_id = 0;
@@ -10816,7 +10816,7 @@ TEST_F(MaatCmd, StreamScanWhenExprTableIncUpdate) {
//object1 -> rule1
long long object1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object1_id, rule1_id, 0, scan_table_name, 0, 0);
EXPECT_EQ(ret, 1);
@@ -10877,7 +10877,7 @@ TEST_F(MaatCmd, StreamScanWhenExprTableIncUpdate) {
}
TEST_F(MaatCmd, StreamScanSegfaultWhenVersionRollBack_TSG6324) {
const char* g2c_table_name = "OBJECT2RULE_DEFAULT";
const char* o2r_table_name = "OBJECT2RULE_DEFAULT";
const char* rule_table_name = "RULE_DEFAULT";
const char* scan_table_name = "KEYWORDS_TABLE";
int thread_id = 0;
@@ -10891,7 +10891,7 @@ TEST_F(MaatCmd, StreamScanSegfaultWhenVersionRollBack_TSG6324) {
//object1 -> rule1
long long object1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object1_id, rule1_id, 0, scan_table_name, 0, 0);
EXPECT_EQ(ret, 1);
@@ -10944,7 +10944,7 @@ TEST_F(MaatCmd, StreamScanSegfaultWhenVersionRollBack_TSG6324) {
}
TEST_F(MaatCmd, IPAndStreamScanWhenIncUpdate) {
const char *g2c_table_name = "OBJECT2RULE_DEFAULT";
const char *o2r_table_name = "OBJECT2RULE_DEFAULT";
const char *rule_table_name = "RULE_DEFAULT";
const char *expr_table_name = "KEYWORDS_TABLE";
const char *ip_table_name = "IP_PLUS_CONFIG";
@@ -10959,7 +10959,7 @@ TEST_F(MaatCmd, IPAndStreamScanWhenIncUpdate) {
//object1 -> rule1
long long object1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object1_id, rule1_id, 0, expr_table_name, 0, 0);
EXPECT_EQ(ret, 1);
@@ -10979,7 +10979,7 @@ TEST_F(MaatCmd, IPAndStreamScanWhenIncUpdate) {
object2_id, "100.100.100.1", 0);
EXPECT_EQ(ret, 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object2_id, rule1_id, 0, ip_table_name, 1, 0);
EXPECT_EQ(ret, 1);
@@ -11045,7 +11045,7 @@ TEST_F(MaatCmd, IPAndStreamScanWhenIncUpdate) {
}
TEST_F(MaatCmd, IPAndStreamScanWhenFullUpdate) {
const char *g2c_table_name = "OBJECT2RULE_DEFAULT";
const char *o2r_table_name = "OBJECT2RULE_DEFAULT";
const char *rule_table_name = "RULE_DEFAULT";
const char *ip_table_name = "IP_PLUS_CONFIG";
const char *expr_table_name = "KEYWORDS_TABLE";
@@ -11060,7 +11060,7 @@ TEST_F(MaatCmd, IPAndStreamScanWhenFullUpdate) {
//object1 -> rule1
long long object1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object1_id, rule1_id, 0, expr_table_name, 0, 0);
EXPECT_EQ(ret, 1);
@@ -11081,7 +11081,7 @@ TEST_F(MaatCmd, IPAndStreamScanWhenFullUpdate) {
item2_id, object2_id, "100.100.100.2", 0);
EXPECT_EQ(ret, 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object2_id, rule1_id, 0, ip_table_name, 1, 0);
EXPECT_EQ(ret, 1);
@@ -11145,7 +11145,7 @@ TEST_F(MaatCmd, IPAndStreamScanWhenFullUpdate) {
}
TEST_F(MaatCmd, IPAndStringScanWhenIncUpdate) {
const char *g2c_table_name = "OBJECT2RULE_DEFAULT";
const char *o2r_table_name = "OBJECT2RULE_DEFAULT";
const char *rule_table_name = "RULE_DEFAULT";
const char *expr_table_name = "HTTP_URL";
const char *ip_table_name = "IP_PLUS_CONFIG";
@@ -11161,7 +11161,7 @@ TEST_F(MaatCmd, IPAndStringScanWhenIncUpdate) {
//object1 -> rule1
long long object1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object1_id, rule1_id, 0, expr_table_name, 0, 0);
EXPECT_EQ(ret, 1);
@@ -11181,7 +11181,7 @@ TEST_F(MaatCmd, IPAndStringScanWhenIncUpdate) {
object2_id, "100.100.100.1", 0);
EXPECT_EQ(ret, 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object2_id, rule1_id, 0, ip_table_name, 1, 0);
EXPECT_EQ(ret, 1);
@@ -11245,7 +11245,7 @@ TEST_F(MaatCmd, IPAndStringScanWhenIncUpdate) {
}
TEST_F(MaatCmd, IPAndStringScanWhenFullupdate) {
const char *g2c_table_name = "OBJECT2RULE_DEFAULT";
const char *o2r_table_name = "OBJECT2RULE_DEFAULT";
const char *rule_table_name = "RULE_DEFAULT";
const char *ip_table_name = "IP_PLUS_CONFIG";
const char *expr_table_name = "HTTP_URL";
@@ -11261,7 +11261,7 @@ TEST_F(MaatCmd, IPAndStringScanWhenFullupdate) {
//object1 -> rule1
long long object1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object1_id, rule1_id, 0, expr_table_name, 0, 0);
EXPECT_EQ(ret, 1);
@@ -11281,7 +11281,7 @@ TEST_F(MaatCmd, IPAndStringScanWhenFullupdate) {
object2_id, "100.100.100.3", 0);
EXPECT_EQ(ret, 1);
ret = object2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD,
object2_id, rule1_id, 0, ip_table_name, 1, 0);
EXPECT_EQ(ret, 1);

4
test/maat_json.json
View File

@@ -1137,7 +1137,7 @@
"is_valid": "yes",
"conditions": [
{
"g2c_table_name": "OBJECT2RULE_ALIAS",
"o2r_table_name": "OBJECT2RULE_ALIAS",
"attribute": "HTTP_URL",
"objects": [
{
@@ -3050,7 +3050,7 @@
"is_valid": "yes",
"conditions": [
{
"g2c_table_name": "OBJECT2RULE_FIREWALL",
"o2r_table_name": "OBJECT2RULE_FIREWALL",
"attribute": "HTTP_URL",
"objects": [
{

124
test/object_nesting/object_nesting_gtest.cpp
View File

@@ -13,7 +13,7 @@
#define MAX_IDS_STR_LEN 64
#define MAX_ITEM_NUM 64
#define WAIT_FOR_EFFECTIVE_S 2
#define MAX_G2G_SCAN_TIMES (1000 * 1000)
#define MAX_O2O_SCAN_TIMES (1000 * 1000)
const char *g_table_info_path = "./object_exclude_table_info.json";
const char *log_file = "./object_exclude_gtest.log";
@@ -140,11 +140,11 @@ protected:
assert(0);
}
g2g_schema = object2object_schema_new(root, NULL, "EXCLUDE_OBJECT2OBJECT", logger);
o2o_schema = object2object_schema_new(root, NULL, "EXCLUDE_OBJECT2OBJECT", logger);
FREE(json_buff);
cJSON_Delete(root);
if (NULL == g2g_schema) {
if (NULL == o2o_schema) {
log_fatal(logger, MODULE_OBJECT_NESTING_GTEST, "object2object_schema_new failed.");
assert(0);
}
@@ -153,15 +153,15 @@ protected:
static void TearDownTestCase() {
log_handle_destroy(logger);
maat_garbage_bin_free(garbage_bin);
object2object_schema_free(g2g_schema);
object2object_schema_free(o2o_schema);
}
static void *g2g_schema;
static void *o2o_schema;
static struct log_handle *logger;
static struct maat_garbage_bin *garbage_bin;
};
void *MaatObjectExclude::g2g_schema;
void *MaatObjectExclude::o2o_schema;
struct log_handle *MaatObjectExclude::logger;
struct maat_garbage_bin *MaatObjectExclude::garbage_bin;
@@ -170,8 +170,8 @@ TEST_F(MaatObjectExclude, level_3_function) {
struct object2object_rule rules;
const char *table_name = "EXCLUDE_OBJECT2OBJECT";
void *g2g_runtime = object2object_runtime_new(g2g_schema, 1, garbage_bin, logger);
if (NULL == g2g_runtime) {
void *o2o_runtime = object2object_runtime_new(o2o_schema, 1, garbage_bin, logger);
if (NULL == o2o_runtime) {
log_fatal(logger, MODULE_OBJECT_NESTING_GTEST, "object2object_runtime_new failed.");
assert(0);
}
@@ -185,14 +185,14 @@ TEST_F(MaatObjectExclude, level_3_function) {
sprintf(table_line, "%lld\t%s\t%s\t%d", rules.add_items[i].object_id,
rules.add_items[i].incl_sub_ids_str, rules.add_items[i].excl_sub_ids_str, 1);
object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, MAAT_OP_ADD);
object2object_runtime_update(o2o_runtime, o2o_schema, table_name, table_line, MAAT_OP_ADD);
}
object2object_runtime_commit(g2g_runtime, table_name, 1);
object2object_runtime_commit(o2o_runtime, table_name, 1);
long long hit_object_ids[2] = {11, 13};
long long super_object_ids[MAX_ITEM_NUM];
size_t super_object_cnt = object2object_runtime_get_super_objects(g2g_runtime, hit_object_ids, 2,
size_t super_object_cnt = object2object_runtime_get_super_objects(o2o_runtime, hit_object_ids, 2,
super_object_ids, MAX_ITEM_NUM);
EXPECT_EQ(super_object_cnt, 2);
EXPECT_EQ(super_object_ids[0], 2);
@@ -202,10 +202,10 @@ TEST_F(MaatObjectExclude, level_3_function) {
memset(table_line, 0, sizeof(table_line));
sprintf(table_line, "%lld\t%s\t%s\t%d", rules.del_items[0].object_id,
rules.del_items[0].incl_sub_ids_str, rules.del_items[0].excl_sub_ids_str, 0);
object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, MAAT_OP_DEL);
object2object_runtime_commit(g2g_runtime, table_name, 2);
object2object_runtime_update(o2o_runtime, o2o_schema, table_name, table_line, MAAT_OP_DEL);
object2object_runtime_commit(o2o_runtime, table_name, 2);
super_object_cnt = object2object_runtime_get_super_objects(g2g_runtime, hit_object_ids, 2,
super_object_cnt = object2object_runtime_get_super_objects(o2o_runtime, hit_object_ids, 2,
super_object_ids, MAX_ITEM_NUM);
EXPECT_EQ(super_object_cnt, 3);
EXPECT_EQ(super_object_ids[0], 1);
@@ -216,10 +216,10 @@ TEST_F(MaatObjectExclude, level_3_function) {
memset(table_line, 0, sizeof(table_line));
sprintf(table_line, "%lld\t%s\t%s\t%d", rules.del_items[1].object_id,
rules.del_items[1].incl_sub_ids_str, rules.del_items[1].excl_sub_ids_str, 0);
object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, MAAT_OP_DEL);
object2object_runtime_commit(g2g_runtime, table_name, 3);
object2object_runtime_update(o2o_runtime, o2o_schema, table_name, table_line, MAAT_OP_DEL);
object2object_runtime_commit(o2o_runtime, table_name, 3);
super_object_cnt = object2object_runtime_get_super_objects(g2g_runtime, hit_object_ids, 2,
super_object_cnt = object2object_runtime_get_super_objects(o2o_runtime, hit_object_ids, 2,
super_object_ids, MAX_ITEM_NUM);
EXPECT_EQ(super_object_cnt, 4);
EXPECT_EQ(super_object_ids[0], 1);
@@ -227,7 +227,7 @@ TEST_F(MaatObjectExclude, level_3_function) {
EXPECT_EQ(super_object_ids[2], 6);
EXPECT_EQ(super_object_ids[3], 7);
object2object_runtime_free(g2g_runtime);
object2object_runtime_free(o2o_runtime);
}
TEST_F(MaatObjectExclude, level_3_perf) {
@@ -235,8 +235,8 @@ TEST_F(MaatObjectExclude, level_3_perf) {
struct object2object_rule rules;
const char *table_name = "EXCLUDE_OBJECT2OBJECT";
void *g2g_runtime = object2object_runtime_new(g2g_schema, 1, garbage_bin, logger);
if (NULL == g2g_runtime) {
void *o2o_runtime = object2object_runtime_new(o2o_schema, 1, garbage_bin, logger);
if (NULL == o2o_runtime) {
log_fatal(logger, MODULE_OBJECT_NESTING_GTEST, "object2object_runtime_new failed.");
assert(0);
}
@@ -250,10 +250,10 @@ TEST_F(MaatObjectExclude, level_3_perf) {
sprintf(table_line, "%lld\t%s\t%s\t%d", rules.add_items[i].object_id,
rules.add_items[i].incl_sub_ids_str, rules.add_items[i].excl_sub_ids_str, 1);
object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, MAAT_OP_ADD);
object2object_runtime_update(o2o_runtime, o2o_schema, table_name, table_line, MAAT_OP_ADD);
}
object2object_runtime_commit(g2g_runtime, table_name, 4);
object2object_runtime_commit(o2o_runtime, table_name, 4);
long long hit_object_ids[2] = {11, 13};
long long super_object_ids[MAX_ITEM_NUM];
@@ -261,8 +261,8 @@ TEST_F(MaatObjectExclude, level_3_perf) {
struct log_handle *logger = MaatObjectExclude::logger;
clock_gettime(CLOCK_MONOTONIC, &start);
for (int i = 0; i < MAX_G2G_SCAN_TIMES; i++) {
object2object_runtime_get_super_objects(g2g_runtime, hit_object_ids, 2,
for (int i = 0; i < MAX_O2O_SCAN_TIMES; i++) {
object2object_runtime_get_super_objects(o2o_runtime, hit_object_ids, 2,
super_object_ids, MAX_ITEM_NUM);
}
clock_gettime(CLOCK_MONOTONIC, &end);
@@ -274,12 +274,12 @@ TEST_F(MaatObjectExclude, level_3_perf) {
memset(table_line, 0, sizeof(table_line));
sprintf(table_line, "%lld\t%s\t%s\t%d", rules.del_items[0].object_id,
rules.del_items[0].incl_sub_ids_str, rules.del_items[0].excl_sub_ids_str, 0);
object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, MAAT_OP_DEL);
object2object_runtime_commit(g2g_runtime, table_name, 5);
object2object_runtime_update(o2o_runtime, o2o_schema, table_name, table_line, MAAT_OP_DEL);
object2object_runtime_commit(o2o_runtime, table_name, 5);
clock_gettime(CLOCK_MONOTONIC, &start);
for (int i = 0; i < MAX_G2G_SCAN_TIMES; i++) {
object2object_runtime_get_super_objects(g2g_runtime, hit_object_ids, 2,
for (int i = 0; i < MAX_O2O_SCAN_TIMES; i++) {
object2object_runtime_get_super_objects(o2o_runtime, hit_object_ids, 2,
super_object_ids, MAX_ITEM_NUM);
}
clock_gettime(CLOCK_MONOTONIC, &end);
@@ -291,12 +291,12 @@ TEST_F(MaatObjectExclude, level_3_perf) {
memset(table_line, 0, sizeof(table_line));
sprintf(table_line, "%lld\t%s\t%s\t%d", rules.del_items[1].object_id,
rules.del_items[1].incl_sub_ids_str, rules.del_items[1].excl_sub_ids_str, 0);
object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, MAAT_OP_DEL);
object2object_runtime_commit(g2g_runtime, table_name, 6);
object2object_runtime_update(o2o_runtime, o2o_schema, table_name, table_line, MAAT_OP_DEL);
object2object_runtime_commit(o2o_runtime, table_name, 6);
clock_gettime(CLOCK_MONOTONIC, &start);
for (int i = 0; i < MAX_G2G_SCAN_TIMES; i++) {
object2object_runtime_get_super_objects(g2g_runtime, hit_object_ids, 2,
for (int i = 0; i < MAX_O2O_SCAN_TIMES; i++) {
object2object_runtime_get_super_objects(o2o_runtime, hit_object_ids, 2,
super_object_ids, MAX_ITEM_NUM);
}
clock_gettime(CLOCK_MONOTONIC, &end);
@@ -304,7 +304,7 @@ TEST_F(MaatObjectExclude, level_3_perf) {
log_info(logger, MODULE_OBJECT_NESTING_GTEST, "level_3_basic hit 4 super_objects scan consume time %lldms",
time_elapse_ms);
object2object_runtime_free(g2g_runtime);
object2object_runtime_free(o2o_runtime);
}
TEST_F(MaatObjectExclude, level_4_function) {
@@ -312,8 +312,8 @@ TEST_F(MaatObjectExclude, level_4_function) {
struct object2object_rule rules;
const char *table_name = "EXCLUDE_OBJECT2OBJECT";
void *g2g_runtime = object2object_runtime_new(g2g_schema, 1, garbage_bin, logger);
if (NULL == g2g_runtime) {
void *o2o_runtime = object2object_runtime_new(o2o_schema, 1, garbage_bin, logger);
if (NULL == o2o_runtime) {
log_fatal(logger, MODULE_OBJECT_NESTING_GTEST, "object2object_runtime_new failed.");
assert(0);
}
@@ -327,14 +327,14 @@ TEST_F(MaatObjectExclude, level_4_function) {
sprintf(table_line, "%lld\t%s\t%s\t%d", rules.add_items[i].object_id,
rules.add_items[i].incl_sub_ids_str, rules.add_items[i].excl_sub_ids_str, 1);
object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, MAAT_OP_ADD);
object2object_runtime_update(o2o_runtime, o2o_schema, table_name, table_line, MAAT_OP_ADD);
}
object2object_runtime_commit(g2g_runtime, table_name, 7);
object2object_runtime_commit(o2o_runtime, table_name, 7);
long long hit_object_ids[2] = {14, 16};
long long super_object_ids[MAX_ITEM_NUM];
size_t super_object_cnt = object2object_runtime_get_super_objects(g2g_runtime, hit_object_ids, 2,
size_t super_object_cnt = object2object_runtime_get_super_objects(o2o_runtime, hit_object_ids, 2,
super_object_ids, MAX_ITEM_NUM);
EXPECT_EQ(super_object_cnt, 5);
EXPECT_EQ(super_object_ids[0], 4);
@@ -347,10 +347,10 @@ TEST_F(MaatObjectExclude, level_4_function) {
memset(table_line, 0, sizeof(table_line));
sprintf(table_line, "%lld\t%s\t%s\t%d", rules.del_items[0].object_id,
rules.del_items[0].incl_sub_ids_str, rules.del_items[0].excl_sub_ids_str, 0);
object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, MAAT_OP_DEL);
object2object_runtime_commit(g2g_runtime, table_name, 8);
object2object_runtime_update(o2o_runtime, o2o_schema, table_name, table_line, MAAT_OP_DEL);
object2object_runtime_commit(o2o_runtime, table_name, 8);
super_object_cnt = object2object_runtime_get_super_objects(g2g_runtime, hit_object_ids, 2,
super_object_cnt = object2object_runtime_get_super_objects(o2o_runtime, hit_object_ids, 2,
super_object_ids, MAX_ITEM_NUM);
EXPECT_EQ(super_object_cnt, 7);
EXPECT_EQ(super_object_ids[0], 1);
@@ -361,7 +361,7 @@ TEST_F(MaatObjectExclude, level_4_function) {
EXPECT_EQ(super_object_ids[5], 9);
EXPECT_EQ(super_object_ids[6], 10);
object2object_runtime_free(g2g_runtime);
object2object_runtime_free(o2o_runtime);
}
TEST_F(MaatObjectExclude, level_4_perf) {
@@ -369,8 +369,8 @@ TEST_F(MaatObjectExclude, level_4_perf) {
struct object2object_rule rules;
const char *table_name = "EXCLUDE_OBJECT2OBJECT";
void *g2g_runtime = object2object_runtime_new(g2g_schema, 1, garbage_bin, logger);
if (NULL == g2g_runtime) {
void *o2o_runtime = object2object_runtime_new(o2o_schema, 1, garbage_bin, logger);
if (NULL == o2o_runtime) {
log_fatal(logger, MODULE_OBJECT_NESTING_GTEST, "object2object_runtime_new failed.");
assert(0);
}
@@ -384,10 +384,10 @@ TEST_F(MaatObjectExclude, level_4_perf) {
sprintf(table_line, "%lld\t%s\t%s\t%d", rules.add_items[i].object_id,
rules.add_items[i].incl_sub_ids_str, rules.add_items[i].excl_sub_ids_str, 1);
object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, MAAT_OP_ADD);
object2object_runtime_update(o2o_runtime, o2o_schema, table_name, table_line, MAAT_OP_ADD);
}
object2object_runtime_commit(g2g_runtime, table_name, 7);
object2object_runtime_commit(o2o_runtime, table_name, 7);
long long hit_object_ids[2] = {14, 16};
long long super_object_ids[MAX_ITEM_NUM];
@@ -395,8 +395,8 @@ TEST_F(MaatObjectExclude, level_4_perf) {
struct log_handle *logger = MaatObjectExclude::logger;
clock_gettime(CLOCK_MONOTONIC, &start);
for (int i = 0; i < MAX_G2G_SCAN_TIMES; i++) {
object2object_runtime_get_super_objects(g2g_runtime, hit_object_ids, 2,
for (int i = 0; i < MAX_O2O_SCAN_TIMES; i++) {
object2object_runtime_get_super_objects(o2o_runtime, hit_object_ids, 2,
super_object_ids, MAX_ITEM_NUM);
}
clock_gettime(CLOCK_MONOTONIC, &end);
@@ -408,12 +408,12 @@ TEST_F(MaatObjectExclude, level_4_perf) {
memset(table_line, 0, sizeof(table_line));
sprintf(table_line, "%lld\t%s\t%s\t%d", rules.del_items[0].object_id,
rules.del_items[0].incl_sub_ids_str, rules.del_items[0].excl_sub_ids_str, 0);
object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, MAAT_OP_DEL);
object2object_runtime_commit(g2g_runtime, table_name, 8);
object2object_runtime_update(o2o_runtime, o2o_schema, table_name, table_line, MAAT_OP_DEL);
object2object_runtime_commit(o2o_runtime, table_name, 8);
clock_gettime(CLOCK_MONOTONIC, &start);
for (int i = 0; i < MAX_G2G_SCAN_TIMES; i++) {
object2object_runtime_get_super_objects(g2g_runtime, hit_object_ids, 2,
for (int i = 0; i < MAX_O2O_SCAN_TIMES; i++) {
object2object_runtime_get_super_objects(o2o_runtime, hit_object_ids, 2,
super_object_ids, MAX_ITEM_NUM);
}
clock_gettime(CLOCK_MONOTONIC, &end);
@@ -421,7 +421,7 @@ TEST_F(MaatObjectExclude, level_4_perf) {
log_info(logger, MODULE_OBJECT_NESTING_GTEST, "level_4_basic hit 7 super_objects scan consume time %lldms",
time_elapse_ms);
object2object_runtime_free(g2g_runtime);
object2object_runtime_free(o2o_runtime);
}
TEST_F(MaatObjectExclude, level_exceed_function) {
@@ -429,8 +429,8 @@ TEST_F(MaatObjectExclude, level_exceed_function) {
struct object2object_rule rules;
const char *table_name = "EXCLUDE_OBJECT2OBJECT";
void *g2g_runtime = object2object_runtime_new(g2g_schema, 1, garbage_bin, logger);
if (NULL == g2g_runtime) {
void *o2o_runtime = object2object_runtime_new(o2o_schema, 1, garbage_bin, logger);
if (NULL == o2o_runtime) {
log_fatal(logger, MODULE_OBJECT_NESTING_GTEST, "object2object_runtime_new failed.");
assert(0);
}
@@ -444,14 +444,14 @@ TEST_F(MaatObjectExclude, level_exceed_function) {
sprintf(table_line, "%lld\t%s\t%s\t%d", rules.add_items[i].object_id,
rules.add_items[i].incl_sub_ids_str, rules.add_items[i].excl_sub_ids_str, 1);
object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, MAAT_OP_ADD);
object2object_runtime_update(o2o_runtime, o2o_schema, table_name, table_line, MAAT_OP_ADD);
}
object2object_runtime_commit(g2g_runtime, table_name, 8);
object2object_runtime_commit(o2o_runtime, table_name, 8);
long long hit_object_ids[2] = {7, 13};
long long super_object_ids[MAX_ITEM_NUM];
size_t super_object_cnt = object2object_runtime_get_super_objects(g2g_runtime, hit_object_ids, 2,
size_t super_object_cnt = object2object_runtime_get_super_objects(o2o_runtime, hit_object_ids, 2,
super_object_ids, MAX_ITEM_NUM);
EXPECT_EQ(super_object_cnt, 6);
EXPECT_EQ(super_object_ids[0], 4);
@@ -465,12 +465,12 @@ TEST_F(MaatObjectExclude, level_exceed_function) {
memset(table_line, 0, sizeof(table_line));
sprintf(table_line, "%lld\t%s\t%s\t%d", rules.del_items[0].object_id,
rules.del_items[0].incl_sub_ids_str, rules.del_items[0].excl_sub_ids_str, 0);
object2object_runtime_update(g2g_runtime, g2g_schema, table_name, table_line, MAAT_OP_DEL);
object2object_runtime_commit(g2g_runtime, table_name, 9);
object2object_runtime_update(o2o_runtime, o2o_schema, table_name, table_line, MAAT_OP_DEL);
object2object_runtime_commit(o2o_runtime, table_name, 9);
hit_object_ids[0] = 7;
hit_object_ids[1] = 10;
super_object_cnt = object2object_runtime_get_super_objects(g2g_runtime, hit_object_ids, 2,
super_object_cnt = object2object_runtime_get_super_objects(o2o_runtime, hit_object_ids, 2,
super_object_ids, MAX_ITEM_NUM);
EXPECT_EQ(super_object_cnt, 5);
EXPECT_EQ(super_object_ids[0], 2);
@@ -479,7 +479,7 @@ TEST_F(MaatObjectExclude, level_exceed_function) {
EXPECT_EQ(super_object_ids[3], 8);
EXPECT_EQ(super_object_ids[4], 11);
object2object_runtime_free(g2g_runtime);
object2object_runtime_free(o2o_runtime);
}
int main(int argc, char ** argv)