gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

change type of rule_id, object_id, item_id from (long long) to (uuid_t)

Browse Source 
just compile libmaatframe.so, without modifing about test case
This commit is contained in:
root
2024-09-20 11:20:21 +00:00
parent 20de47c873
commit fc99675b40
40 changed files with 972 additions and 934 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/inc_internal/maat_core.h
View File

@@ -53,8 +53,8 @@ enum tag_match {
};
struct maat_item {
long long item_id;
long long object_id;
uuid_t item_uuid;
uuid_t object_uuid;
};
struct maat_runtime {

22
src/inc_internal/maat_object.h
View File

@@ -28,28 +28,28 @@ struct object2object_runtime;
/* object2object schema API */
void *object2object_schema_new(cJSON *json, struct table_manager *tbl_mgr,
const char *table_name, struct log_handle *logger);
void object2object_schema_free(void *g2g_schema);
void object2object_schema_free(void *o2o_schema);
/* object2object runtime API */
void *object2object_runtime_new(void *g2g_schema, size_t max_thread_num,
void *object2object_runtime_new(void *o2o_schema, size_t max_thread_num,
struct maat_garbage_bin *garbage_bin,
struct log_handle *logger);
void object2object_runtime_free(void *g2g_runtime);
void object2object_runtime_free(void *o2o_runtime);
int object2object_runtime_update(void *g2g_runtime, void *g2g_schema, const char *table_name,
int object2object_runtime_update(void *o2o_runtime, void *o2o_schema, const char *table_name,
const char *line, enum maat_operation op);
int object2object_runtime_commit(void *g2g_runtime, const char *table_name, long long maat_rt_version);
int object2object_runtime_commit(void *o2o_runtime, const char *table_name, long long maat_rt_version);
size_t object2object_runtime_get_super_objects(void *g2g_runtime, long long *object_ids,
size_t n_object_ids, long long *super_object_ids,
size_t super_object_ids_size);
size_t object2object_runtime_get_super_objects(void *o2o_runtime, uuid_t *object_uuids,
size_t n_object_uuids, uuid_t *super_object_uuids,
size_t super_object_uuids_size);
long long object2object_runtime_rule_count(void *g2g_runtime);
long long object2object_runtime_rule_count(void *o2o_runtime);
long long object2object_runtime_exclude_rule_count(void *g2g_runtime);
long long object2object_runtime_exclude_rule_count(void *o2o_runtime);
long long object2object_runtime_update_err_count(void *g2g_runtime);
long long object2object_runtime_update_err_count(void *o2o_runtime);
#ifdef __cplusplus
}

4
src/inc_internal/maat_rule.h
View File

@@ -51,7 +51,7 @@ long long rule_runtime_rule_count(void *rule_runtime);
long long rule_runtime_update_err_count(void *rule_runtime);
int rule_runtime_match(struct rule_runtime *rule_rt, long long *rule_ids,
int rule_runtime_match(struct rule_runtime *rule_rt, uuid_t *rule_uuids,
size_t rule_ids_size, struct maat_state *state);
size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id,
@@ -81,7 +81,7 @@ void rule_compile_state_not_logic_update(struct rule_compile_state *rule_compile
size_t rule_compile_state_get_internal_hit_paths(struct rule_compile_state *rule_compile_state,
struct rule_runtime *rule_rt,
struct object2object_runtime *g2g_rt,
struct object2object_runtime *o2o_rt,
struct maat_hit_path *hit_path_array,
size_t array_size);

32
src/maat_api.c
View File

@@ -1184,7 +1184,7 @@ string_scan(struct table_manager *tbl_mgr, int thread_id,
}
static size_t
object_to_rule(struct maat *maat_inst, long long *results, size_t n_result,
object_to_rule(struct maat *maat_inst, uuid_t *results, size_t n_result,
struct maat_state *state)
{
int rule_table_id =
@@ -1205,7 +1205,7 @@ object_to_rule(struct maat *maat_inst, long long *results, size_t n_result,
}
int maat_scan_flag(struct maat *maat_inst, int attribute_id,
long long flag, long long *results, size_t n_result,
long long flag, uuid_t *results, size_t n_result,
size_t *n_hit_result, struct maat_state *state)
{
if ((NULL == maat_inst) || attribute_id < 0 || attribute_id >= MAX_ATTRIBUTE_NUM ||
@@ -1284,7 +1284,7 @@ int maat_scan_flag(struct maat *maat_inst, int attribute_id,
}
int maat_scan_integer(struct maat *maat_inst, int attribute_id,
long long integer, long long *results, size_t n_result,
long long integer, uuid_t *results, size_t n_result,
size_t *n_hit_result, struct maat_state *state)
{
if ((NULL == maat_inst) || attribute_id < 0 || attribute_id >= MAX_ATTRIBUTE_NUM ||
@@ -1364,7 +1364,7 @@ int maat_scan_integer(struct maat *maat_inst, int attribute_id,
}
int maat_scan_ipv4_port(struct maat *maat_inst, int attribute_id, uint32_t ip_addr,
int port, long long *results, size_t n_result,
int port, uuid_t *results, size_t n_result,
size_t *n_hit_result, struct maat_state *state)
{
if ((NULL == maat_inst) || attribute_id < 0 || attribute_id >= MAX_ATTRIBUTE_NUM ||
@@ -1443,7 +1443,7 @@ int maat_scan_ipv4_port(struct maat *maat_inst, int attribute_id, uint32_t ip_ad
}
int maat_scan_ipv6_port(struct maat *maat_inst, int attribute_id, uint8_t *ip_addr,
int port, long long *results, size_t n_result,
int port, uuid_t *results, size_t n_result,
size_t *n_hit_result, struct maat_state *state)
{
if ((NULL == maat_inst) || attribute_id < 0 || attribute_id >= MAX_ATTRIBUTE_NUM ||
@@ -1523,7 +1523,7 @@ int maat_scan_ipv6_port(struct maat *maat_inst, int attribute_id, uint8_t *ip_ad
#define PORT_IGNORED -1
inline int maat_scan_ipv6(struct maat *instance, int attribute_id, uint8_t *ip_addr,
long long *results, size_t n_result, size_t *n_hit_result,
uuid_t *results, size_t n_result, size_t *n_hit_result,
struct maat_state *state)
{
return maat_scan_ipv6_port(instance, attribute_id, ip_addr, PORT_IGNORED,
@@ -1531,7 +1531,7 @@ inline int maat_scan_ipv6(struct maat *instance, int attribute_id, uint8_t *ip_a
}
inline int maat_scan_ipv4(struct maat *instance, int attribute_id, uint32_t ip_addr,
long long *results, size_t n_result, size_t *n_hit_result,
uuid_t *results, size_t n_result, size_t *n_hit_result,
struct maat_state *state)
{
return maat_scan_ipv4_port(instance, attribute_id, ip_addr, PORT_IGNORED,
@@ -1540,7 +1540,7 @@ inline int maat_scan_ipv4(struct maat *instance, int attribute_id, uint32_t ip_a
int maat_scan_string(struct maat *maat_inst, int attribute_id,
const char *data, size_t data_len,
long long *results, size_t n_result,
uuid_t *results, size_t n_result,
size_t *n_hit_result, struct maat_state *state)
{
if ((NULL == maat_inst) || attribute_id < 0 || attribute_id >= MAX_ATTRIBUTE_NUM ||
@@ -1642,8 +1642,8 @@ static void maat_state_add_hit_object(struct maat_state *state, int attribute_id
struct maat_item hit_items[n_hit_item];
for (size_t i = 0; i < n_hit_item; i++) {
hit_items[i].item_id = objects[i].item_id;
hit_items[i].object_id = objects[i].object_id;
uuid_copy(hit_items[i].item_uuid, objects[i].item_uuid);
uuid_copy(hit_items[i].object_uuid, objects[i].object_uuid);
}
rule_compile_state_update(state->rule_compile_state, maat_inst, attribute_id,
@@ -1682,7 +1682,7 @@ maat_state_activate_hit_not_object(struct maat_state *state, int attribute_id)
int maat_scan_object(struct maat *maat_inst, int attribute_id,
struct maat_hit_object *objects, size_t n_object,
long long *results, size_t n_result,
uuid_t *results, size_t n_result,
size_t *n_hit_result, struct maat_state *state)
{
if ((NULL == maat_inst) || attribute_id < 0 || attribute_id >= MAX_ATTRIBUTE_NUM ||
@@ -1724,7 +1724,7 @@ int maat_scan_object(struct maat *maat_inst, int attribute_id,
}
int maat_scan_not_logic(struct maat *maat_inst, int attribute_id,
long long *results, size_t n_result,
uuid_t *results, size_t n_result,
size_t *n_hit_result, struct maat_state *state)
{
if ((NULL == maat_inst) || attribute_id < 0 || attribute_id >= MAX_ATTRIBUTE_NUM ||
@@ -1848,7 +1848,7 @@ static int expr_stream_scan(struct maat_stream *stream, const char *data,
}
int maat_stream_scan(struct maat_stream *maat_stream, const char *data, int data_len,
long long *results, size_t n_result, size_t *n_hit_result,
uuid_t *results, size_t n_result, size_t *n_hit_result,
struct maat_state *state)
{
if ((NULL == maat_stream) || (NULL == data) || (0 == data_len)
@@ -2135,13 +2135,13 @@ int maat_state_get_hit_paths(struct maat_state *state, struct maat_hit_path *pat
return -1;
}
int g2g_table_id = table_manager_get_object2object_table_id(maat_inst->tbl_mgr);
void *g2g_runtime = table_manager_get_runtime(maat_inst->tbl_mgr, g2g_table_id);
int o2o_table_id = table_manager_get_object2object_table_id(maat_inst->tbl_mgr);
void *o2o_runtime = table_manager_get_runtime(maat_inst->tbl_mgr, o2o_table_id);
size_t hit_path_cnt =
rule_compile_state_get_internal_hit_paths(state->rule_compile_state,
(struct rule_runtime *)rule_rt,
(struct object2object_runtime *)g2g_runtime,
(struct object2object_runtime *)o2o_runtime,
path_array, array_size);
return rule_runtime_get_hit_paths((struct rule_runtime *)rule_rt,

2
src/maat_bool_plugin.c
View File

@@ -314,7 +314,7 @@ bool_plugin_expr_new(struct bool_plugin_schema *schema, const char *table_name,
__LINE__, table_name, schema->key_name, cJSON_Print(json));
goto error;
}
bool_expr->expr_id = atoll(tmp_obj->valuestring);
uuid_parse(tmp_obj->valuestring, bool_expr->expr_uuid);
tmp_obj = cJSON_GetObjectItem(json, "bool_expr");
if (NULL == tmp_obj || tmp_obj->type != cJSON_String) {

4
src/maat_config_monitor.c
View File

@@ -153,7 +153,9 @@ void config_monitor_traverse(long long current_version, const cJSON *json_root,
}
}
config_load_json_content(json_root, object2object_table->valuestring, "object_groups", u_param, update_fn);
if (object2object_table) {
config_load_json_content(json_root, object2object_table->valuestring, "object_groups", u_param, update_fn);
}
config_load_json_content(json_root, rule_table->valuestring, "rules", u_param, update_fn);
if (finish_fn != NULL) {

74
src/maat_expr.c
View File

@@ -57,8 +57,8 @@ enum match_method {
};
struct expr_item {
long long item_id;
long long object_id;
uuid_t item_uuid;
uuid_t object_uuid;
char keywords[MAX_KEYWORDS_STR_LEN + 1];
enum expr_type expr_type;
void *user_data;
@@ -152,7 +152,7 @@ int expr_runtime_set_scan_district(struct expr_runtime *expr_rt, const char *dis
static struct expr_item *
expr_item_new(struct expr_schema *expr_schema, const char *table_name,
const cJSON *json, struct expr_runtime *expr_rt, long long item_id)
const cJSON *json, struct expr_runtime *expr_rt, uuid_t item_uuid)
{
int expr_type = -1;
enum table_type table_type = TABLE_TYPE_INVALID;
@@ -161,18 +161,16 @@ expr_item_new(struct expr_schema *expr_schema, const char *table_name,
size_t len = 0;
int ret;
expr_item->item_id = item_id;
uuid_copy(expr_item->item_uuid, item_uuid);
tmp_obj = cJSON_GetObjectItem(json, "object_id");
if (tmp_obj != NULL && tmp_obj->type == cJSON_String) {
expr_item->object_id = tmp_obj->valueint;
} else {
tmp_obj = cJSON_GetObjectItem(json, "object_uuid");
if (tmp_obj == NULL && tmp_obj->type != cJSON_String) {
log_fatal(expr_rt->logger, MODULE_EXPR,
"[%s:%d] expr table:<%s> has no object_id in line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
goto error;
}
expr_item->object_id = atoll(tmp_obj->valuestring);
uuid_parse(tmp_obj->valuestring, expr_item->object_uuid);
tmp_obj = cJSON_GetObjectItem(json, "keywords");
if (tmp_obj == NULL || tmp_obj->type != cJSON_String) {
@@ -209,10 +207,12 @@ expr_item_new(struct expr_schema *expr_schema, const char *table_name,
} else if (expr_item->expr_type == EXPR_TYPE_REGEX) {
ret = expr_matcher_verify_regex_expression(expr_item->keywords, expr_rt->logger);
if (0 == ret) {
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(item_uuid, uuid_str);
log_fatal(expr_rt->logger, MODULE_EXPR,
"[%s:%d] expr table:<%s> regex expression(item_id:%lld):%s illegal,"
"[%s:%d] expr table:<%s> regex expression(item_id:%s):%s illegal,"
" will be dropped", __FUNCTION__, __LINE__, table_name,
expr_item->item_id, expr_item->keywords);
uuid_str, expr_item->keywords);
goto error;
}
}
@@ -432,9 +432,11 @@ static int expr_runtime_update_row(struct expr_runtime *expr_rt, char *key,
//add
ret = rcu_hash_add(expr_rt->item_hash, key, key_len, (void *)item);
if (ret < 0) {
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(item->item_uuid, uuid_str);
log_debug(expr_rt->logger, MODULE_EXPR,
"[%s:%d] expr item(item_id:%lld) add to item_hash failed",
__FUNCTION__, __LINE__, item->item_id);
"[%s:%d] expr item(item_id:%s) add to item_hash failed",
__FUNCTION__, __LINE__, uuid_str);
return -1;
}
}
@@ -602,6 +604,9 @@ static int expr_item_to_expr_rule(struct expr_item *expr_item,
char *tmp = NULL;
char *saveptr = NULL;
char tmp_keywords[MAX_KEYWORDS_STR_LEN + 1];
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(expr_item->item_uuid, uuid_str);
memcpy(tmp_keywords, expr_item->keywords, MAX_KEYWORDS_STR_LEN + 1);
@@ -615,17 +620,17 @@ static int expr_item_to_expr_rule(struct expr_item *expr_item,
if (i >= MAAT_MAX_EXPR_ITEM_NUM) {
log_fatal(logger, MODULE_EXPR,
"[%s:%d]abandon config expr_item(item_id:%d) "
"[%s:%d]abandon config expr_item(item_id:%s) "
"too many patterns", __FUNCTION__, __LINE__,
expr_item->item_id);
uuid_str);
return -1;
}
if (expr_keywords_to_expr_pattern(tmp, &expr_rule->patterns[i], logger) < 0) {
log_fatal(logger, MODULE_EXPR,
"[%s:%d]abandon config expr_item(item_id:%d) "
"[%s:%d]abandon config expr_item(item_id:%s) "
"has invalid pattern %s", __FUNCTION__, __LINE__,
expr_item->item_id, tmp);
uuid_str, tmp);
return -1;
}
expr_rule->patterns[i].type = EXPR_PATTERN_TYPE_STR;
@@ -646,13 +651,13 @@ static int expr_item_to_expr_rule(struct expr_item *expr_item,
break;
default:
log_fatal(logger, MODULE_EXPR,
"[%s:%d]abandon config expr_item(item_id:%lld) has "
"[%s:%d]abandon config expr_item(item_id:%s) has "
"invalid expr type=%d", __FUNCTION__, __LINE__,
expr_item->item_id, expr_item->expr_type);
uuid_str, expr_item->expr_type);
return -1;
}
expr_rule->expr_id = expr_item->item_id;
uuid_copy(expr_rule->expr_uuid, expr_item->item_uuid);
expr_rule->tag = expr_item->user_data;
expr_rule->n_patterns = sub_expr_cnt;
@@ -681,7 +686,7 @@ int expr_runtime_update(void *expr_runtime, void *expr_schema,
return -1;
}
tmp_obj = cJSON_GetObjectItem(json, "item_id");
tmp_obj = cJSON_GetObjectItem(json, "uuid");
if (tmp_obj == NULL || tmp_obj->type != cJSON_String) {
log_fatal(expr_rt->logger, MODULE_EXPR,
"[%s:%d] expr table:<%s> has no item_id in line:%s",
@@ -690,8 +695,9 @@ int expr_runtime_update(void *expr_runtime, void *expr_schema,
goto ERROR;
}
long long item_id = atoll(tmp_obj->valuestring);
if (item_id < 0) {
uuid_t item_uuid;
uuid_parse(tmp_obj->valuestring, item_uuid);
if (uuid_is_null(item_uuid)) {
log_fatal(expr_rt->logger, MODULE_EXPR,
"[%s:%d] expr table:<%s> item_id wrong"
" in table_line:%s", __FUNCTION__, __LINE__, table_name,
@@ -703,7 +709,7 @@ int expr_runtime_update(void *expr_runtime, void *expr_schema,
struct expr_item *expr_item = NULL;
if (MAAT_OP_ADD == op) {
//add
expr_item = expr_item_new(schema, table_name, json, expr_rt, item_id);
expr_item = expr_item_new(schema, table_name, json, expr_rt, item_uuid);
if (NULL == expr_item) {
expr_rt->update_err_cnt++;
goto ERROR;
@@ -715,7 +721,7 @@ int expr_runtime_update(void *expr_runtime, void *expr_schema,
expr_item->user_data = item_district_id;
}
int ret = expr_runtime_update_row(expr_rt, (char *)&item_id, sizeof(long long),
int ret = expr_runtime_update_row(expr_rt, (char *)&item_uuid, sizeof(item_uuid),
expr_item, op);
if (ret < 0) {
if (expr_item != NULL) {
@@ -939,17 +945,16 @@ int expr_runtime_scan(struct expr_runtime *expr_rt, int thread_id,
for (size_t i = 0; i < n_hit_item; i++) {
int tag_district_id = *(int *)(hit_results[i].user_tag);
if (tag_district_id == state->district_id || tag_district_id == DISTRICT_ANY) {
long long item_id = hit_results[i].rule_id;
struct expr_item *expr_item = (struct expr_item *)rcu_hash_find(expr_rt->item_hash,
(char *)&item_id,
sizeof(long long));
(char *)&hit_results[i].rule_uuid,
sizeof(uuid_t));
if (!expr_item) {
// item config has been deleted
continue;
}
hit_maat_items[real_hit_item_num].item_id = item_id;
hit_maat_items[real_hit_item_num].object_id = expr_item->object_id;
uuid_copy(hit_maat_items[real_hit_item_num].item_uuid, expr_item->item_uuid);
uuid_copy(hit_maat_items[real_hit_item_num].object_uuid, expr_item->object_uuid);
real_hit_item_num++;
}
}
@@ -1034,17 +1039,16 @@ int expr_runtime_stream_scan(struct expr_runtime_stream *expr_rt_stream,
}
for (size_t i = 0; i < n_hit_item; i++) {
long long item_id = hit_results[i].rule_id;
expr_item = (struct expr_item *)rcu_hash_find(expr_rt->item_hash,
(char *)&item_id,
sizeof(long long));
(char *)&hit_results[i].rule_uuid,
sizeof(uuid_t));
if (!expr_item) {
// item config has been deleted
continue;
}
hit_maat_items[real_hit_item_cnt].item_id = item_id;
hit_maat_items[real_hit_item_cnt].object_id = expr_item->object_id;
uuid_copy(hit_maat_items[real_hit_item_cnt].item_uuid, expr_item->item_uuid);
uuid_copy(hit_maat_items[real_hit_item_cnt].object_uuid, expr_item->object_uuid);
real_hit_item_cnt++;
}

38
src/maat_flag.c
View File

@@ -30,8 +30,8 @@ struct flag_schema {
};
struct flag_item {
long long item_id;
long long object_id;
uuid_t item_uuid;
uuid_t object_uuid;
long long flag;
long long flag_mask;
void *user_data;
@@ -197,9 +197,11 @@ static int flag_runtime_update_row(struct flag_runtime *flag_rt, char *key,
//add
ret = rcu_hash_add(flag_rt->item_hash, key, key_len, (void *)item);
if (ret < 0) {
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(item->item_uuid, uuid_str);
log_debug(flag_rt->logger, MODULE_FLAG,
"[%s:%d] flag item(item_id:%lld) add to item_hash failed",
__FUNCTION__, __LINE__, item->item_id);
"[%s:%d] flag item(item_uuid:%s) add to item_hash failed",
__FUNCTION__, __LINE__, uuid_str);
return -1;
}
}
@@ -242,22 +244,22 @@ int flag_runtime_set_scan_district(struct flag_runtime *flag_rt, const char *dis
static struct flag_item *
flag_item_new(struct flag_schema *schema, const char *table_name,
const cJSON *json, struct flag_runtime *flag_rt, long long item_id)
const cJSON *json, struct flag_runtime *flag_rt, uuid_t item_uuid)
{
cJSON *tmp_obj = NULL;
enum table_type table_type = TABLE_TYPE_INVALID;
struct flag_item *item = ALLOC(struct flag_item, 1);
item->item_id = item_id;
uuid_copy(item->item_uuid, item_uuid);
tmp_obj = cJSON_GetObjectItem(json, "object_id");
tmp_obj = cJSON_GetObjectItem(json, "object_uuid");
if (tmp_obj == NULL || tmp_obj->type != cJSON_String) {
log_fatal(flag_rt->logger, MODULE_FLAG,
"[%s:%d] flag table:<%s> has no object_id in json:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
goto error;
}
item->object_id = atoll(tmp_obj->valuestring);
uuid_parse(tmp_obj->valuestring, item->object_uuid);
table_type = table_manager_get_table_type(schema->ref_tbl_mgr, schema->table_id);
if (table_type == TABLE_TYPE_INTERVAL_PLUS) {
@@ -316,7 +318,7 @@ static struct flag_rule flag_item_to_flag_rule(struct flag_item *item)
{
struct flag_rule rule;
rule.rule_id = item->item_id;
uuid_copy(rule.rule_uuid, item->item_uuid);
rule.flag = item->flag;
rule.mask = item->flag_mask;
rule.user_tag = item->user_data;
@@ -344,7 +346,7 @@ int flag_runtime_update(void *flag_runtime, void *flag_schema,
return -1;
}
cJSON *item = cJSON_GetObjectItem(json, "item_id");
cJSON *item = cJSON_GetObjectItem(json, "uuid");
if (NULL == item || item->type != cJSON_String) {
log_fatal(flag_rt->logger, MODULE_FLAG,
"[%s:%d] flag table:<%s> line:%s has no item_id",
@@ -352,11 +354,12 @@ int flag_runtime_update(void *flag_runtime, void *flag_schema,
goto ERROR;
}
long long item_id = atoll(item->valuestring);
uuid_t item_uuid;
uuid_parse(item->valuestring, item_uuid);
struct flag_item *flag_item = NULL;
if (MAAT_OP_ADD == op) {
flag_item = flag_item_new(schema, table_name, json, flag_rt, item_id);
flag_item = flag_item_new(schema, table_name, json, flag_rt, item_uuid);
if (NULL == flag_item) {
flag_rt->update_err_cnt++;
goto ERROR;
@@ -368,7 +371,7 @@ int flag_runtime_update(void *flag_runtime, void *flag_schema,
flag_item->user_data = item_district_id;
}
int ret = flag_runtime_update_row(flag_rt, (char *)&item_id, sizeof(long long),
int ret = flag_runtime_update_row(flag_rt, (char *)&item_uuid, sizeof(item_uuid),
flag_item, op);
if (ret < 0) {
if (flag_item != NULL) {
@@ -520,18 +523,17 @@ int flag_runtime_scan(struct flag_runtime *flag_rt, int thread_id,
int tag_district_id = *(int *)(hit_results[i].user_tag);
if (tag_district_id == state->district_id ||
tag_district_id == DISTRICT_ANY) {
long long item_id = hit_results[i].rule_id;
struct flag_item *flag_item =
(struct flag_item *)rcu_hash_find(flag_rt->item_hash,
(char *)&item_id,
sizeof(long long));
(char *)&hit_results[i].rule_uuid,
sizeof(hit_results[i].rule_uuid));
if (!flag_item) {
// item config has been deleted
continue;
}
hit_maat_items[real_hit_item_cnt].item_id = item_id;
hit_maat_items[real_hit_item_cnt].object_id = flag_item->object_id;
uuid_copy(hit_maat_items[real_hit_item_cnt].item_uuid, hit_results[i].rule_uuid);
uuid_copy(hit_maat_items[real_hit_item_cnt].object_uuid, flag_item->object_uuid);
real_hit_item_cnt++;
}
}

2
src/maat_fqdn_plugin.c
View File

@@ -265,7 +265,7 @@ fqdn_plugin_rule_new(const cJSON *json, struct fqdn_plugin_schema *schema,
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
goto error;
}
fqdn_plugin_rule->id = atoi(tmp_obj->valuestring);
uuid_parse(tmp_obj->valuestring, fqdn_plugin_rule->uuid);
tmp_obj = cJSON_GetObjectItem(json, "fqdn");
if (NULL == tmp_obj || tmp_obj->type != cJSON_String) {

40
src/maat_interval.c
View File

@@ -27,8 +27,8 @@ struct interval_schema {
};
struct interval_item {
long long item_id;
long long object_id;
uuid_t item_uuid;
uuid_t object_uuid;
int low_boundary;
int up_boundary;
void *user_data;
@@ -215,23 +215,23 @@ int interval_runtime_set_scan_district(struct interval_runtime *interval_rt,
static struct interval_item *
interval_item_new(struct interval_schema *schema, const char *table_name,
const cJSON *json, struct interval_runtime *interval_rt, long long item_id)
const cJSON *json, struct interval_runtime *interval_rt, uuid_t item_uuid)
{
enum table_type table_type = TABLE_TYPE_INVALID;
char port_str[16] = {0};
struct interval_item *item = ALLOC(struct interval_item, 1);
cJSON *tmp_obj = NULL;
item->item_id = item_id;
uuid_copy(item->item_uuid, item_uuid);
tmp_obj = cJSON_GetObjectItem(json, "object_id");
tmp_obj = cJSON_GetObjectItem(json, "object_uuid");
if (NULL == tmp_obj || tmp_obj->type != cJSON_String) {
log_fatal(interval_rt->logger, MODULE_INTERVAL,
"[%s:%d] interval table:<%s> has no object_id in line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
goto error;
}
item->object_id = atoll(tmp_obj->valuestring);
uuid_parse(tmp_obj->valuestring, item->object_uuid);
table_type = table_manager_get_table_type(schema->ref_tbl_mgr, schema->table_id);
if (table_type == TABLE_TYPE_INTERVAL_PLUS) {
@@ -289,7 +289,7 @@ interval_item_to_interval_rule(struct interval_item *item)
rule.start = item->low_boundary;
rule.end = item->up_boundary;
rule.result.rule_id = item->item_id;
uuid_copy(rule.result.rule_uuid, item->item_uuid);
rule.result.user_tag = item->user_data;
return rule;
@@ -308,10 +308,12 @@ static int interval_runtime_update_row(struct interval_runtime *interval_rt,
//add
ret = rcu_hash_add(interval_rt->item_hash, key, key_len, (void *)item);
if (ret < 0) {
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(item->item_uuid, uuid_str);
log_debug(interval_rt->logger, MODULE_INTERVAL,
"[%s:%d] interval item(item_id:%lld) add to "
"[%s:%d] interval item(item_id:%s) add to "
"interavl_item_hash failed", __FUNCTION__, __LINE__,
item->item_id);
uuid_str);
return -1;
}
}
@@ -342,7 +344,7 @@ int interval_runtime_update(void *interval_runtime, void *interval_schema,
goto ERROR;
}
tmp_obj = cJSON_GetObjectItem(json, "item_id");
tmp_obj = cJSON_GetObjectItem(json, "uuid");
if (NULL == tmp_obj || tmp_obj->type != cJSON_String) {
log_fatal(interval_rt->logger, MODULE_INTERVAL,
"[%s:%d] interval table:<%s> has no item_id in line:%s",
@@ -351,8 +353,9 @@ int interval_runtime_update(void *interval_runtime, void *interval_schema,
goto ERROR;
}
long long item_id = atoll(tmp_obj->valuestring);
if (item_id < 0) {
uuid_t item_uuid;
uuid_parse(tmp_obj->valuestring, item_uuid);
if (uuid_is_null(item_uuid)) {
log_fatal(interval_rt->logger, MODULE_INTERVAL,
"[%s:%d] interval table:<%s> item_id wrong"
" in table_line:%s", __FUNCTION__, __LINE__, table_name,
@@ -364,7 +367,7 @@ int interval_runtime_update(void *interval_runtime, void *interval_schema,
struct interval_item *interval_item = NULL;
if (MAAT_OP_ADD == op) {
//add
interval_item = interval_item_new(schema, table_name, json, interval_rt, item_id);
interval_item = interval_item_new(schema, table_name, json, interval_rt, item_uuid);
if (NULL == interval_item) {
interval_rt->update_err_cnt++;
goto ERROR;
@@ -376,7 +379,7 @@ int interval_runtime_update(void *interval_runtime, void *interval_schema,
interval_item->user_data = item_district_id;
}
int ret = interval_runtime_update_row(interval_rt, (char *)&item_id, sizeof(long long),
int ret = interval_runtime_update_row(interval_rt, (char *)&item_uuid, sizeof(uuid_t),
interval_item, op);
if (ret < 0) {
if (interval_item != NULL) {
@@ -531,18 +534,17 @@ int interval_runtime_scan(struct interval_runtime *interval_rt, int thread_id,
int tag_district_id = *(int *)(hit_results[i].user_tag);
if (tag_district_id == state->district_id ||
tag_district_id == DISTRICT_ANY) {
long long item_id = hit_results[i].rule_id;
struct interval_item *int_item =
(struct interval_item *)rcu_hash_find(interval_rt->item_hash,
(char *)&item_id,
sizeof(long long));
(char *)&hit_results[i].rule_uuid,
sizeof(uuid_t));
if (!int_item) {
// item config has been deleted
continue;
}
hit_maat_items[real_hit_item_cnt].item_id = item_id;
hit_maat_items[real_hit_item_cnt].object_id = int_item->object_id;
uuid_copy(hit_maat_items[real_hit_item_cnt].item_uuid, int_item->item_uuid);
uuid_copy(hit_maat_items[real_hit_item_cnt].object_uuid, int_item->object_uuid);
real_hit_item_cnt++;
}
}

39
src/maat_ip.c
View File

@@ -39,8 +39,8 @@ struct ipv6_item_rule {
};
struct ip_item {
long long item_id;
long long object_id;
uuid_t item_uuid;
uuid_t object_uuid;
int addr_type;
union {
struct ipv4_item_rule ipv4;
@@ -98,23 +98,23 @@ void ip_schema_free(void *ip_schema)
static struct ip_item *
ip_item_new(struct ip_schema *ip_schema, const char *table_name,
const cJSON *json, struct log_handle *logger, long long item_id)
const cJSON *json, struct log_handle *logger, uuid_t item_uuid)
{
char ip_str[128] = {0};
struct ip_item *ip_item = ALLOC(struct ip_item, 1);
cJSON *tmp_obj = NULL;
int ret = 0;
ip_item->item_id = item_id;
uuid_copy(ip_item->item_uuid, item_uuid);
tmp_obj = cJSON_GetObjectItem(json, "object_id");
tmp_obj = cJSON_GetObjectItem(json, "object_uuid");
if (NULL == tmp_obj || tmp_obj->type != cJSON_String) {
log_fatal(logger, MODULE_IP,
"[%s:%d] ip table:<%s> has no object_id in line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
goto error;
}
ip_item->object_id = atoll(tmp_obj->valuestring);
uuid_parse(tmp_obj->valuestring, ip_item->object_uuid);
tmp_obj = cJSON_GetObjectItem(json, "ip");
if (NULL == tmp_obj || tmp_obj->type != cJSON_String) {
@@ -268,7 +268,7 @@ static void ip_item_to_ip_rule(struct ip_item *item, struct ip_rule *rule)
memcpy(rule->ipv6_rule.end_ip, item->ipv6.max_ip,
sizeof(item->ipv6.max_ip));
}
rule->rule_id = item->item_id;
uuid_copy(rule->rule_uuid, item->item_uuid);
}
static int ip_runtime_update_row(struct ip_runtime *ip_rt, char *key, size_t key_len,
@@ -283,9 +283,11 @@ static int ip_runtime_update_row(struct ip_runtime *ip_rt, char *key, size_t key
// add
ret = rcu_hash_add(ip_rt->item_hash, key, key_len, (void *)item);
if (ret < 0) {
char uuid_str[37] = {0};
uuid_unparse(item->item_uuid, uuid_str);
log_debug(ip_rt->logger, MODULE_IP,
"[%s:%d] ip item(item_id:%lld) add to ip runtime htable failed",
__FUNCTION__, __LINE__, item->item_id);
"[%s:%d] ip item(item_id:%s) add to ip runtime htable failed",
__FUNCTION__, __LINE__, uuid_str);
return -1;
}
}
@@ -315,7 +317,7 @@ int ip_runtime_update(void *ip_runtime, void *ip_schema,
goto ERROR;
}
tmp_obj = cJSON_GetObjectItem(json, "item_id");
tmp_obj = cJSON_GetObjectItem(json, "uuid");
if (NULL == tmp_obj || tmp_obj->type != cJSON_String) {
log_fatal(ip_rt->logger, MODULE_IP,
"[%s:%d] ip table:<%s> has no item_id in line:%s",
@@ -323,19 +325,21 @@ int ip_runtime_update(void *ip_runtime, void *ip_schema,
ip_rt->update_err_cnt++;
goto ERROR;
}
long long item_id = atoll(tmp_obj->valuestring);
uuid_t item_uuid;
uuid_parse(tmp_obj->valuestring, item_uuid);
struct ip_item *ip_item = NULL;
if (MAAT_OP_ADD == op) {
//add
ip_item = ip_item_new(schema, table_name, json, ip_rt->logger, item_id);
ip_item = ip_item_new(schema, table_name, json, ip_rt->logger, item_uuid);
if (NULL == ip_item) {
ip_rt->update_err_cnt++;
goto ERROR;
}
}
int ret = ip_runtime_update_row(ip_rt, (char *)&item_id, sizeof(long long),
int ret = ip_runtime_update_row(ip_rt, (char *)&item_uuid, sizeof(uuid_t),
ip_item, op);
if (ret < 0) {
if (ip_item != NULL) {
@@ -505,10 +509,9 @@ int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type,
}
for (size_t i = 0; i < n_hit_ip_item; i++) {
long long item_id = ip_results[i].rule_id;
struct ip_item *ip_item = (struct ip_item *)rcu_hash_find(ip_rt->item_hash,
(char *)&item_id,
sizeof(long long));
(char *)&ip_results[i].rule_uuid,
sizeof(uuid_t));
if (!ip_item) {
// item config has been deleted
continue;
@@ -524,8 +527,8 @@ int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type,
continue;
}
hit_maat_items[real_hit_item_cnt].item_id = ip_results[i].rule_id;
hit_maat_items[real_hit_item_cnt].object_id = ip_item->object_id;
uuid_copy(hit_maat_items[real_hit_item_cnt].item_uuid, ip_item->item_uuid);
uuid_copy(hit_maat_items[real_hit_item_cnt].object_uuid, ip_item->object_uuid);
real_hit_item_cnt++;
}

2
src/maat_ip_plugin.c
View File

@@ -159,7 +159,7 @@ ip_plugin_rule_new(struct ip_plugin_schema *schema, const char *table_name,
__FUNCTION__, __LINE__, table_name, schema->key_name, cJSON_Print(json));
goto error;
}
ip_plugin_rule->rule_id = atoll(tmp_obj->valuestring);
uuid_parse(tmp_obj->valuestring, ip_plugin_rule->rule_uuid);
tmp_obj = cJSON_GetObjectItem(json, "ip");
if (NULL == tmp_obj || tmp_obj->type != cJSON_String) {

6
src/maat_ipport_plugin.c
View File

@@ -42,7 +42,7 @@ struct ipv6_item {
};
struct ipport_item {
long long item_id;
uuid_t item_uuid;
int ip_type; //IPV4 or IPV6
union {
struct ipv4_item ipv4;
@@ -237,7 +237,7 @@ ipport_item_new(struct ipport_plugin_schema *schema, const char *table_name,
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
goto error;
}
ipport_item->item_id = atoll(tmp_obj->valuestring);
uuid_parse(tmp_obj->valuestring, ipport_item->item_uuid);
tmp_obj = cJSON_GetObjectItem(json, "ip");
if (NULL == tmp_obj || tmp_obj->type != cJSON_String) {
@@ -442,7 +442,7 @@ ipport_item_to_ipport_rule(struct ipport_item *item, struct ipport_rule *rule)
rule->min_port = item->min_port;
rule->max_port = item->max_port;
}
rule->rule_id = item->item_id;
uuid_copy(rule->rule_uuid, item->item_uuid);
}
static void

791
src/maat_object.c
View File

File diff suppressed because it is too large Load Diff

343
src/maat_rule.c
View File

@@ -43,13 +43,13 @@ struct rule_schema {
struct rule_item {
int condition_num;
long long rule_id;
uuid_t rule_uuid;
char *table_line;
size_t table_line_len;
};
struct condition_query_key {
long long object_id;
uuid_t object_uuid;
int attribute_id;
int negate_option;
};
@@ -70,7 +70,7 @@ struct table_condition {
struct table_object {
int attribute_id;
UT_array *object_ids;
UT_array *object_uuids;
UT_hash_handle hh;
};
@@ -99,7 +99,7 @@ struct condition_literal {
struct rule_condition {
long long condition_id;
long long object_ids[MAX_OBJECT_CNT];
uuid_t object_uuids[MAX_OBJECT_CNT];
int object_cnt;
int attribute_id;
char negate_option; // 1 byte
@@ -109,7 +109,7 @@ struct rule_condition {
struct rule_sort_para {
int condition_num;
long long rule_id;
uuid_t rule_uuid;
};
#define MAAT_RULE_MAGIC 0x4a5b6c7d
@@ -117,21 +117,21 @@ struct maat_rule {
uint32_t magic_num;
int condition_num;
int table_id;
long long rule_id;
uuid_t rule_uuid;
void *user_data; // rule_item
struct rule_condition conditions[MAX_ITEMS_PER_BOOL_EXPR];
};
struct internal_hit_path {
long long item_id;
long long object_id;
uuid_t item_uuid;
uuid_t object_uuid;
int Nth_scan;
int attribute_id;
int negate_option; // 1 means negate condition
};
struct rule2table_id {
long long rule_id;
uuid_t rule_uuid;
int table_id;
};
@@ -153,7 +153,7 @@ struct rule_compile_state {
};
UT_icd ut_condition_id_icd = {sizeof(long long), NULL, NULL, NULL};
UT_icd ut_rule_object_id_icd = {sizeof(long long), NULL, NULL, NULL};
UT_icd ut_rule_object_uuid_icd = {sizeof(uuid_t), NULL, NULL, NULL};
UT_icd ut_maat_hit_object_icd = {sizeof(struct maat_hit_object), NULL, NULL, NULL};
UT_icd ut_hit_path_icd = {sizeof(struct internal_hit_path), NULL, NULL, NULL};
UT_icd ut_hit_rule_table_id_icd = {sizeof(struct rule2table_id), NULL, NULL, NULL};
@@ -226,7 +226,7 @@ static int validate_table_not_condition(struct rule_runtime *rule_rt,
}
static struct maat_rule *maat_rule_new(struct rule_runtime *rule_rt, struct rule_schema *schema,
const char *table_name, long long rule_id,
const char *table_name, uuid_t rule_uuid,
const char *table_line, struct rule_item *rule_item)
{
struct maat_rule *rule = ALLOC(struct maat_rule, 1);
@@ -235,7 +235,7 @@ static struct maat_rule *maat_rule_new(struct rule_runtime *rule_rt, struct rule
cJSON *table_json = cJSON_Parse(table_line);
rule->magic_num = MAAT_RULE_MAGIC;
rule->rule_id = rule_id;
uuid_copy(rule->rule_uuid, rule_uuid);
for(int i = 0; i < MAX_ITEMS_PER_BOOL_EXPR; i++) {
rule->conditions[i].in_use = 0;
@@ -309,7 +309,7 @@ static struct maat_rule *maat_rule_new(struct rule_runtime *rule_rt, struct rule
}
}
tmp_obj = cJSON_GetObjectItem(condition_obj, "object_ids");
tmp_obj = cJSON_GetObjectItem(condition_obj, "object_uuids");
if (tmp_obj && tmp_obj->type == cJSON_Array) {
int n_object_ids = cJSON_GetArraySize(tmp_obj);
@@ -318,8 +318,7 @@ static struct maat_rule *maat_rule_new(struct rule_runtime *rule_rt, struct rule
for (int j = 0; j < n_object_ids; j++) {
cJSON *object_id_obj = cJSON_GetArrayItem(tmp_obj, j);
if (object_id_obj && object_id_obj->type == cJSON_String) {
long long object_id = atoll(object_id_obj->valuestring);
condition->object_ids[j] = object_id;
uuid_parse(object_id_obj->valuestring, condition->object_uuids[j]);
}
}
}
@@ -383,14 +382,14 @@ rule_item_new(const char *table_line, struct rule_schema *schema,
struct rule_item *rule_item = ALLOC(struct rule_item, 1);
cJSON *table_json = cJSON_Parse(table_line);
tmp_obj = cJSON_GetObjectItem(table_json, "rule_id");
tmp_obj = cJSON_GetObjectItem(table_json, "uuid");
if (tmp_obj == NULL && tmp_obj->type != cJSON_String) {
log_fatal(logger, MODULE_RULE,
"[%s:%d] table: <%s> has no rule_id or not string format in line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(table_json));
goto error;
}
rule_item->rule_id = atoll(tmp_obj->valuestring);
uuid_parse(tmp_obj->valuestring, rule_item->rule_uuid);
rule_item->table_line_len = strlen(table_line);
rule_item->table_line = ALLOC(char, rule_item->table_line_len + 1);
@@ -529,17 +528,9 @@ void rule_runtime_init(void *rule_runtime, struct maat_runtime *maat_rt)
rule_rt->ref_maat_rt = maat_rt;
}
static inline int compare_object_id(const void *a, const void *b)
static inline int compare_object_uuid(const void *a, const void *b)
{
long long ret = *(const long long *)a - *(const long long *)b;
if (0 == ret) {
return 0;
} else if(ret < 0) {
return -1;
} else {
return 1;
}
return uuid_compare(*(uuid_t *)a, *(uuid_t *)b);
}
static struct bool_matcher *
@@ -588,7 +579,7 @@ maat_rule_bool_matcher_new(struct rule_runtime *rule_rt,
// some rule may have zero objects, e.g. default policy.
if (j == (size_t)iter_rule->condition_num && j > 0) {
bool_expr_array[expr_cnt].expr_id = iter_rule->rule_id;
uuid_copy(bool_expr_array[expr_cnt].expr_uuid, iter_rule->rule_uuid);
bool_expr_array[expr_cnt].user_tag = iter_rule;
bool_expr_array[expr_cnt].item_num = j;
expr_cnt++;
@@ -634,17 +625,9 @@ static inline int compare_condition_id(const void *a, const void *b)
}
}
static inline int compare_rule_id(const void *a, const void *b)
static inline int compare_rule_uuid(const void *a, const void *b)
{
long long ret = *(const long long *)a - *(const long long *)b;
if (0 == ret) {
return 0;
} else if (ret < 0) {
return -1;
} else {
return 1;
}
return uuid_compare(*(uuid_t *)a, *(uuid_t *)b);
}
/**
@@ -687,9 +670,12 @@ build_condition_id_kv_hash(struct rule_runtime *rule_rt, int negate_option)
}
for (size_t k = 0; k < condition->object_cnt; k++) {
struct condition_query_key key =
{condition->object_ids[k], condition->attribute_id, condition->negate_option};
struct condition_query_key key;
struct condition_id_kv *condition_id_kv = NULL;
key.attribute_id = condition->attribute_id;
key.negate_option = condition->negate_option;
uuid_copy(key.object_uuid, condition->object_uuids[k]);
HASH_FIND(hh, condition_id_kv_hash, &key, sizeof(struct condition_query_key),
condition_id_kv);
@@ -768,13 +754,16 @@ rule_compile_state_if_new_hit_rule(struct rule_compile_state *rule_compile_state
static void
rule_compile_state_update_hit_rule_table_id(struct rule_compile_state *rule_compile_state,
long long rule_id, int table_id)
uuid_t rule_uuid, int table_id)
{
if (!utarray_find(rule_compile_state->hit_rule_table_ids, &rule_id,
compare_rule_id)) {
struct rule2table_id rule_table_id = {rule_id, table_id};
if (!utarray_find(rule_compile_state->hit_rule_table_ids, &rule_uuid,
compare_rule_uuid)) {
struct rule2table_id rule_table_id;
rule_table_id.table_id = table_id;
uuid_copy(rule_table_id.rule_uuid, rule_uuid);
utarray_push_back(rule_compile_state->hit_rule_table_ids, &rule_table_id);
utarray_sort(rule_compile_state->hit_rule_table_ids, compare_rule_id);
utarray_sort(rule_compile_state->hit_rule_table_ids, compare_rule_uuid);
}
}
@@ -808,7 +797,8 @@ maat_rule_bool_matcher_match(struct rule_runtime *rule_rt,
for (int i = 0; i < bool_match_ret && ud_result_cnt < ud_array_size; i++) {
rule = (struct maat_rule *)expr_match[i].user_tag;
assert(rule->magic_num == MAAT_RULE_MAGIC);
assert((unsigned long long)rule->rule_id == expr_match[i].expr_id);
assert(uuid_compare(rule->rule_uuid, expr_match[i].expr_uuid) == 0);
if (0 == rule->condition_num) {
continue;
}
@@ -819,7 +809,7 @@ maat_rule_bool_matcher_match(struct rule_runtime *rule_rt,
if (rule->user_data != NULL && n_new_hit_rule > 0) {
user_data_array[ud_result_cnt] = rule->user_data;
ud_result_cnt++;
rule_compile_state_update_hit_rule_table_id(rule_compile_state, rule->rule_id,
rule_compile_state_update_hit_rule_table_id(rule_compile_state, rule->rule_uuid,
rule->table_id);
}
}
@@ -856,11 +846,11 @@ rule_compile_state_hit_not_tbl_objects_free(struct rule_compile_state *rule_comp
struct table_object *tbl_object = NULL, *tmp_tbl_object = NULL;
HASH_ITER(hh, rule_compile_state->hit_not_tbl_objects, tbl_object, tmp_tbl_object) {
free_bytes +=
(sizeof(tbl_object) + utarray_len(tbl_object->object_ids) * sizeof(long long));
(sizeof(tbl_object) + utarray_len(tbl_object->object_uuids) * sizeof(uuid_t));
HASH_DEL(rule_compile_state->hit_not_tbl_objects, tbl_object);
if (tbl_object->object_ids != NULL) {
utarray_free(tbl_object->object_ids);
tbl_object->object_ids = NULL;
if (tbl_object->object_uuids != NULL) {
utarray_free(tbl_object->object_uuids);
tbl_object->object_uuids = NULL;
}
FREE(tbl_object);
}
@@ -890,7 +880,7 @@ void rule_compile_state_reset(struct rule_compile_state *rule_compile_state)
struct table_object *tbl_object = NULL, *tmp_tbl_object = NULL;
HASH_ITER(hh, rule_compile_state->hit_not_tbl_objects, tbl_object, tmp_tbl_object) {
utarray_clear(tbl_object->object_ids);
utarray_clear(tbl_object->object_uuids);
}
}
@@ -976,7 +966,7 @@ void rule_compile_state_free(struct rule_compile_state *rule_compile_state,
static void
rule_compile_state_add_internal_hit_path(struct rule_compile_state *rule_compile_state,
long long item_id, long long object_id,
uuid_t item_uuid, uuid_t object_uuid,
int attribute_id, int negate_option, int Nth_scan)
{
if (NULL == rule_compile_state) {
@@ -984,9 +974,9 @@ rule_compile_state_add_internal_hit_path(struct rule_compile_state *rule_compile
}
struct internal_hit_path new_path;
new_path.item_id = item_id;
uuid_copy(new_path.item_uuid, item_uuid);
new_path.Nth_scan = Nth_scan;
new_path.object_id = object_id;
uuid_copy(new_path.object_uuid, object_uuid);
new_path.attribute_id = attribute_id;
new_path.negate_option = negate_option;
@@ -1011,10 +1001,10 @@ static int maat_rule_has_condition_query_key(struct maat_rule *rule,
continue;
}
long long *tmp_object_id = bsearch(&(key->object_id), condition->object_ids,
condition->object_cnt, sizeof(long long),
compare_object_id);
if (tmp_object_id != NULL) {
uuid_t *tmp_object_uuid = bsearch(&(key->object_uuid), condition->object_uuids,
condition->object_cnt, sizeof(uuid_t),
compare_object_uuid);
if (tmp_object_uuid != NULL) {
return 1;
}
}
@@ -1024,7 +1014,7 @@ static int maat_rule_has_condition_query_key(struct maat_rule *rule,
static size_t
maat_rule_get_hit_condition_index(struct maat_rule *rule,
int attribute_id, long long hit_object_id,
int attribute_id, uuid_t hit_object_uuid,
int *condition_idx_array, size_t array_size)
{
size_t hit_condition_cnt = 0;
@@ -1041,10 +1031,10 @@ maat_rule_get_hit_condition_index(struct maat_rule *rule,
continue;
}
long long *tmp_object_id = bsearch(&hit_object_id, tmp_condition->object_ids,
tmp_condition->object_cnt, sizeof(long long),
compare_object_id);
if (tmp_object_id != NULL) {
uuid_t *tmp_object_uuid = bsearch(&hit_object_uuid, tmp_condition->object_uuids,
tmp_condition->object_cnt, sizeof(uuid_t),
compare_object_uuid);
if (tmp_object_uuid != NULL) {
condition_idx_array[hit_condition_cnt++] = i;
break;
}
@@ -1077,17 +1067,17 @@ void populate_hit_path_with_rule(struct maat_hit_path *hit_path_array,
size_t new_hit_path_cnt = *n_new_hit_path;
int condition_index_array[MAX_ITEMS_PER_BOOL_EXPR] = {0};
if (hit_path_array[idx].top_object_id < 0) {
hit_path_array[idx].top_object_id = hit_path_array[idx].sub_object_id;
if (uuid_is_null(hit_path_array[idx].top_object_uuid)) {
uuid_copy(hit_path_array[idx].top_object_uuid, hit_path_array[idx].sub_object_uuid);
}
struct maat_hit_path tmp_path;
if (hit_path_array[idx].rule_id < 0) {
hit_path_array[idx].rule_id = rule->rule_id;
if (uuid_is_null(hit_path_array[idx].rule_uuid)) {
uuid_copy(hit_path_array[idx].rule_uuid, rule->rule_uuid);
// find out which condition in rule hit
n_condition_index =
maat_rule_get_hit_condition_index(rule, hit_path_array[idx].attribute_id,
hit_path_array[idx].top_object_id,
hit_path_array[idx].top_object_uuid,
condition_index_array,
MAX_ITEMS_PER_BOOL_EXPR);
hit_path_array[idx].condition_index = condition_index_array[0];
@@ -1102,12 +1092,12 @@ void populate_hit_path_with_rule(struct maat_hit_path *hit_path_array,
} else {
// means same condition_query_id hit more than one rule_id
tmp_path = hit_path_array[idx];
tmp_path.rule_id = rule->rule_id;
uuid_copy(tmp_path.rule_uuid, rule->rule_uuid);
if (!maat_rule_is_hit_path_existed(hit_path_array, n_hit_path + new_hit_path_cnt, &tmp_path)) {
hit_path_array[n_hit_path + new_hit_path_cnt] = tmp_path;
new_hit_path_cnt++;
n_condition_index =
maat_rule_get_hit_condition_index(rule, tmp_path.attribute_id, tmp_path.top_object_id,
maat_rule_get_hit_condition_index(rule, tmp_path.attribute_id, tmp_path.top_object_uuid,
condition_index_array, MAX_ITEMS_PER_BOOL_EXPR);
hit_path_array[n_hit_path + new_hit_path_cnt - 1].condition_index = condition_index_array[0];
if (n_condition_index > 1) {
@@ -1132,7 +1122,7 @@ size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id,
/* assign hit_path_array[].rule_id */
size_t n_new_hit_path = 0;
struct maat_rule *rule = NULL;
struct condition_query_key key = {0, 0, 0};
struct condition_query_key key;
struct bool_expr_match *expr_match = rule_rt->expr_match_buff +
(thread_id * MAX_HIT_RULE_NUM);
assert(thread_id >= 0);
@@ -1149,16 +1139,16 @@ size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id,
for (int idx = 0; idx < bool_match_ret; idx++) {
rule = (struct maat_rule *)expr_match[idx].user_tag;
assert(rule->magic_num == MAAT_RULE_MAGIC);
assert((unsigned long long)rule->rule_id == expr_match[idx].expr_id);
assert(uuid_compare(rule->rule_uuid, expr_match[idx].expr_uuid) == 0);
if (0 == rule->condition_num || NULL == rule->user_data) {
continue;
}
for (size_t j = 0; j < n_hit_path && (n_hit_path + n_new_hit_path) < array_size; j++) {
if (hit_path_array[j].top_object_id < 0) {
key.object_id = hit_path_array[j].sub_object_id;
if (uuid_is_null(hit_path_array[j].top_object_uuid)) {
uuid_copy(key.object_uuid, hit_path_array[j].sub_object_uuid);
} else {
key.object_id = hit_path_array[j].top_object_id;
uuid_copy(key.object_uuid, hit_path_array[j].top_object_uuid);
}
key.attribute_id = hit_path_array[j].attribute_id;
@@ -1184,8 +1174,8 @@ rule_compile_state_add_direct_hit_objects(struct rule_compile_state *rule_compil
struct maat_hit_object hit_object;
for (size_t i = 0; i < n_hit_items; i++) {
hit_object.item_id = hit_items[i].item_id;
hit_object.object_id = hit_items[i].object_id;
uuid_copy(hit_object.item_uuid, hit_items[i].item_uuid);
uuid_copy(hit_object.object_uuid, hit_items[i].object_uuid);
hit_object.attribute_id = attribute_id;
utarray_push_back(rule_compile_state->direct_hit_objects, &hit_object);
}
@@ -1193,17 +1183,17 @@ rule_compile_state_add_direct_hit_objects(struct rule_compile_state *rule_compil
static void
rule_compile_state_add_indirect_hit_objects(struct rule_compile_state *rule_compile_state,
long long *object_ids,
size_t n_object_ids, int attribute_id)
uuid_t *object_uuids,
size_t n_object_uuids, int attribute_id)
{
if (NULL == rule_compile_state || NULL == object_ids) {
if (NULL == rule_compile_state || NULL == object_uuids) {
return;
}
struct maat_hit_object hit_object;
for (size_t i = 0; i < n_object_ids; i++) {
hit_object.item_id = 0;
hit_object.object_id = object_ids[i];
for (size_t i = 0; i < n_object_uuids; i++) {
uuid_clear(hit_object.item_uuid);
uuid_copy(hit_object.object_uuid, object_uuids[i]);
hit_object.attribute_id = attribute_id;
utarray_push_back(rule_compile_state->indirect_hit_objects, &hit_object);
}
@@ -1288,15 +1278,19 @@ rule_compile_state_add_hit_not_conditions(struct rule_compile_state *rule_compil
static void
rule_compile_state_update_hit_conditions(struct rule_compile_state *rule_compile_state,
struct rule_runtime *rule_rt,
long long object_id, int attribute_id)
uuid_t object_uuid, int attribute_id)
{
if (NULL == rule_compile_state || NULL == rule_rt) {
return;
}
struct condition_query_key key = {object_id, attribute_id, 0};
struct condition_query_key key;
struct condition_id_kv *condition_id_kv = NULL;
key.negate_option = 0;
key.attribute_id = attribute_id;
uuid_copy(key.object_uuid, object_uuid);
HASH_FIND(hh, rule_rt->condition_id_kv_hash, &key, sizeof(key), condition_id_kv);
if (condition_id_kv != NULL) {
rule_compile_state_add_hit_conditions(rule_compile_state, condition_id_kv->condition_ids);
@@ -1312,29 +1306,29 @@ rule_compile_state_update_hit_conditions(struct rule_compile_state *rule_compile
static void
rule_compile_state_cache_hit_not_objects(struct rule_compile_state *rule_compile_state,
struct rule_runtime *rule_rt,
long long *hit_object_ids,
size_t n_hit_object_id, int attribute_id)
uuid_t *hit_object_uuids,
size_t n_hit_object_uuid, int attribute_id)
{
if (NULL == rule_compile_state || NULL == rule_rt) {
return;
}
if (n_hit_object_id != 0) {
qsort(hit_object_ids, n_hit_object_id, sizeof(long long), compare_object_id);
if (n_hit_object_uuid != 0) {
qsort(hit_object_uuids, n_hit_object_uuid, sizeof(uuid_t), compare_object_uuid);
}
struct table_object *tbl_object = NULL;
HASH_FIND(hh, rule_compile_state->hit_not_tbl_objects, &attribute_id, sizeof(int), tbl_object);
if (tbl_object != NULL) {
for (size_t i = 0; i < n_hit_object_id; i++) {
long long *object_id = (long long *)utarray_find(tbl_object->object_ids,
&hit_object_ids[i],
compare_object_id);
if (NULL == object_id) {
for (size_t i = 0; i < n_hit_object_uuid; i++) {
uuid_t *object_uuid = (uuid_t *)utarray_find(tbl_object->object_uuids,
&hit_object_uuids[i],
compare_object_uuid);
if (NULL == object_uuid) {
continue;
}
size_t remove_idx = utarray_eltidx(tbl_object->object_ids, object_id);
utarray_erase(tbl_object->object_ids, remove_idx, 1);
size_t remove_idx = utarray_eltidx(tbl_object->object_uuids, object_uuid);
utarray_erase(tbl_object->object_uuids, remove_idx, 1);
}
}
@@ -1344,28 +1338,28 @@ rule_compile_state_cache_hit_not_objects(struct rule_compile_state *rule_compile
continue;
}
long long *tmp_object_id =
bsearch(&(condition_id_kv->key.object_id), hit_object_ids,
n_hit_object_id, sizeof(long long), compare_object_id);
if (tmp_object_id != NULL) {
uuid_t *tmp_object_uuid =
bsearch(&(condition_id_kv->key.object_uuid), hit_object_uuids,
n_hit_object_uuid, sizeof(uuid_t), compare_object_uuid);
if (tmp_object_uuid != NULL) {
continue;
}
if (NULL == tbl_object) {
tbl_object = ALLOC(struct table_object, 1);
tbl_object->attribute_id = attribute_id;
utarray_new(tbl_object->object_ids, &ut_rule_object_id_icd);
utarray_new(tbl_object->object_uuids, &ut_rule_object_uuid_icd);
HASH_ADD_INT(rule_compile_state->hit_not_tbl_objects, attribute_id, tbl_object);
}
if (!utarray_find(tbl_object->object_ids, &(condition_id_kv->key.object_id),
compare_object_id)) {
utarray_push_back(tbl_object->object_ids, &(condition_id_kv->key.object_id));
if (!utarray_find(tbl_object->object_uuids, &(condition_id_kv->key.object_uuid),
compare_object_uuid)) {
utarray_push_back(tbl_object->object_uuids, &(condition_id_kv->key.object_uuid));
}
}
if (tbl_object != NULL) {
utarray_sort(tbl_object->object_ids, compare_object_id);
utarray_sort(tbl_object->object_uuids, compare_object_uuid);
}
}
@@ -1375,7 +1369,7 @@ int rule_compile_state_get_rule_table_id(struct rule_compile_state *rule_compile
struct rule2table_id *tmp = NULL;
tmp = utarray_find(rule_compile_state->hit_rule_table_ids, &rule_id,
compare_rule_id);
compare_rule_uuid);
if (NULL == tmp) {
return -1;
}
@@ -1386,7 +1380,7 @@ int rule_compile_state_get_rule_table_id(struct rule_compile_state *rule_compile
static int
rule_runtime_add_rule(struct rule_runtime *rule_rt,
struct rule_schema *schema,
long long rule_id, const char *table_name,
uuid_t rule_uuid, const char *table_name,
const char *line, struct log_handle *logger)
{
struct maat_rule *rule = NULL;
@@ -1407,18 +1401,20 @@ rule_runtime_add_rule(struct rule_runtime *rule_rt,
int updating_flag = rcu_hash_is_updating(rule_rt->cfg_hash);
if (1 == updating_flag) {
rule = rcu_updating_hash_find(rule_rt->cfg_hash, (char *)&rule_id,
sizeof(long long));
rule = rcu_updating_hash_find(rule_rt->cfg_hash, (char *)&rule_uuid,
sizeof(uuid_t));
} else {
rule = rcu_hash_find(rule_rt->cfg_hash, (char *)&rule_id, sizeof(long long));
rule = rcu_hash_find(rule_rt->cfg_hash, (char *)&rule_uuid, sizeof(uuid_t));
}
if (rule != NULL) {
char rule_uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(rule_uuid, rule_uuid_str);
log_fatal(logger, MODULE_RULE,
"[%s:%d]rule_id:%lld already existed in rule table, drop line:%s",
__FUNCTION__, __LINE__, rule_id, line);
"[%s:%d]rule_id:%s already existed in rule table, drop line:%s",
__FUNCTION__, __LINE__, rule_uuid_str, line);
}
rule = maat_rule_new(rule_rt, schema, table_name, rule_id, line, rule_item);
rule = maat_rule_new(rule_rt, schema, table_name, rule_uuid, line, rule_item);
if (NULL == rule) {
log_fatal(logger, MODULE_RULE,
"[%s:%d]maat_rule_new failed, drop line:%s",
@@ -1426,14 +1422,14 @@ rule_runtime_add_rule(struct rule_runtime *rule_rt,
return -1;
}
rcu_hash_add(rule_rt->cfg_hash, (char *)&rule_id, sizeof(long long), rule);
rcu_hash_add(rule_rt->cfg_hash, (char *)&rule_uuid, sizeof(uuid_t), rule);
return 0;
}
static void rule_runtime_del_rule(struct rule_runtime *rule_rt,
struct rule_schema *schema,
long long rule_id,
uuid_t rule_uuid,
struct log_handle *logger)
{
struct maat_rule *rule = NULL;
@@ -1441,11 +1437,11 @@ static void rule_runtime_del_rule(struct rule_runtime *rule_rt,
int updating_flag = rcu_hash_is_updating(rule_rt->cfg_hash);
if (1 == updating_flag) {
// find in updating hash
rule = rcu_updating_hash_find(rule_rt->cfg_hash, (char *)&rule_id,
sizeof(long long));
rule = rcu_updating_hash_find(rule_rt->cfg_hash, (char *)&rule_uuid,
sizeof(uuid_t));
} else {
// find in effective hash
rule = rcu_hash_find(rule_rt->cfg_hash, (char *)&rule_id, sizeof(long long));
rule = rcu_hash_find(rule_rt->cfg_hash, (char *)&rule_uuid, sizeof(uuid_t));
}
if (rule != NULL) {
@@ -1456,7 +1452,7 @@ static void rule_runtime_del_rule(struct rule_runtime *rule_rt,
}
}
rcu_hash_del(rule_rt->cfg_hash, (char *)&rule_id, sizeof(long long));
rcu_hash_del(rule_rt->cfg_hash, (char *)&rule_uuid, sizeof(uuid_t));
}
}
@@ -1480,7 +1476,7 @@ int rule_runtime_update(void *rule_runtime, void *rule_schema,
return -1;
}
tmp_obj = cJSON_GetObjectItem(json, "rule_id");
tmp_obj = cJSON_GetObjectItem(json, "uuid");
if (NULL == tmp_obj || tmp_obj->type != cJSON_String) {
log_fatal(rule_rt->logger, MODULE_RULE,
"[%s:%d] rule table:<%s> has no rule_id or not string format in table_line:%s",
@@ -1489,14 +1485,15 @@ int rule_runtime_update(void *rule_runtime, void *rule_schema,
cJSON_Delete(json);
return -1;
}
long long rule_id = atoll(tmp_obj->valuestring);
uuid_t rule_uuid;
uuid_parse(tmp_obj->valuestring, rule_uuid);
if (MAAT_OP_DEL == op) {
// delete
rule_runtime_del_rule(rule_rt, schema, rule_id, rule_rt->logger);
rule_runtime_del_rule(rule_rt, schema, rule_uuid, rule_rt->logger);
} else {
// add
int ret = rule_runtime_add_rule(rule_rt, schema, rule_id,
int ret = rule_runtime_add_rule(rule_rt, schema, rule_uuid,
table_name, line, rule_rt->logger);
if (ret < 0) {
rule_rt->update_err_cnt++;
@@ -1621,14 +1618,14 @@ static int rule_sort_para_compare(const struct rule_sort_para *a,
if (a->condition_num != b->condition_num) {
return (a->condition_num - b->condition_num);
} else {
return (b->rule_id - a->rule_id);
return uuid_compare(a->rule_uuid, b->rule_uuid);
}
}
static void rule_sort_para_set(struct rule_sort_para *para,
const struct rule_item *item)
{
para->rule_id = item->rule_id;
uuid_copy(para->rule_uuid, item->rule_uuid);
para->condition_num = item->condition_num;
}
@@ -1644,7 +1641,7 @@ static int compare_rule_item(const void *a, const void *b)
return rule_sort_para_compare(&sa, &sb);
}
int rule_runtime_match(struct rule_runtime *rule_rt, long long *rule_ids,
int rule_runtime_match(struct rule_runtime *rule_rt, uuid_t *rule_uuids,
size_t rule_ids_size, struct maat_state *state)
{
struct rule_compile_state *rule_compile_state = state->rule_compile_state;
@@ -1662,7 +1659,7 @@ int rule_runtime_match(struct rule_runtime *rule_rt, long long *rule_ids,
}
for (size_t i = 0; i < bool_match_ret; i++) {
rule_ids[i] = rule_items[i]->rule_id;
uuid_copy(rule_uuids[i], rule_items[i]->rule_uuid);
}
return MIN(bool_match_ret, rule_ids_size);
@@ -1674,7 +1671,7 @@ int rule_compile_state_update(struct rule_compile_state *rule_compile_state, str
{
size_t i = 0, j = 0;
size_t hit_cnt = n_hit_item;
long long hit_object_ids[MAX_HIT_OBJECT_NUM];
uuid_t hit_object_uuids[MAX_HIT_OBJECT_NUM];
struct maat_hit_object hit_object;
utarray_clear(rule_compile_state->this_scan_hit_conditions);
@@ -1682,38 +1679,38 @@ int rule_compile_state_update(struct rule_compile_state *rule_compile_state, str
rule_compile_state->Nth_scan = Nth_scan;
for (i = 0; i < hit_cnt; i++) {
hit_object_ids[i] = hit_items[i].object_id;
uuid_copy(hit_object_uuids[i], hit_items[i].object_uuid);
hit_object.item_id = hit_items[i].item_id;
hit_object.object_id = hit_items[i].object_id;
uuid_copy(hit_object.item_uuid, hit_items[i].item_uuid);
uuid_copy(hit_object.object_uuid, hit_items[i].object_uuid);
hit_object.attribute_id = attribute_id;
utarray_push_back(rule_compile_state->last_hit_objects, &hit_object);
}
int g2g_table_id = table_manager_get_object2object_table_id(maat_inst->tbl_mgr);
void *g2g_rt = table_manager_get_runtime(maat_inst->tbl_mgr, g2g_table_id);
int o2o_table_id = table_manager_get_object2object_table_id(maat_inst->tbl_mgr);
void *o2o_rt = table_manager_get_runtime(maat_inst->tbl_mgr, o2o_table_id);
long long super_object_ids[MAX_HIT_OBJECT_NUM];
size_t super_object_cnt = object2object_runtime_get_super_objects(g2g_rt, hit_object_ids,
hit_cnt, super_object_ids,
uuid_t super_object_uuids[MAX_HIT_OBJECT_NUM];
size_t super_object_cnt = object2object_runtime_get_super_objects(o2o_rt, hit_object_uuids,
hit_cnt, super_object_uuids,
MAX_HIT_OBJECT_NUM);
for (i = 0; i < super_object_cnt; i++) {
hit_object.item_id = 0;
hit_object.object_id = super_object_ids[i];
uuid_clear(hit_object.item_uuid);
uuid_copy(hit_object.object_uuid, super_object_uuids[i]);
hit_object.attribute_id = attribute_id;
utarray_push_back(rule_compile_state->last_hit_objects, &hit_object);
}
if (1 == maat_inst->opts.hit_path_on && hit_cnt > 0) {
for (i = 0; i < hit_cnt; i++) {
rule_compile_state_add_internal_hit_path(rule_compile_state, hit_items[i].item_id,
hit_items[i].object_id, attribute_id, 0, Nth_scan);
rule_compile_state_add_internal_hit_path(rule_compile_state, hit_items[i].item_uuid,
hit_items[i].object_uuid, attribute_id, 0, Nth_scan);
}
}
if (1 == maat_inst->opts.hit_object_on) {
rule_compile_state_add_direct_hit_objects(rule_compile_state, hit_items, hit_cnt, attribute_id);
rule_compile_state_add_indirect_hit_objects(rule_compile_state, super_object_ids,
rule_compile_state_add_indirect_hit_objects(rule_compile_state, super_object_uuids,
super_object_cnt, attribute_id);
}
@@ -1730,15 +1727,15 @@ int rule_compile_state_update(struct rule_compile_state *rule_compile_state, str
}
for (j = 0; j < super_object_cnt && hit_cnt < MAX_HIT_OBJECT_NUM; j++) {
hit_object_ids[hit_cnt++] = super_object_ids[j];
uuid_copy(hit_object_uuids[hit_cnt++], super_object_uuids[j]);
}
for (i = 0; i < hit_cnt; i++) {
rule_compile_state_update_hit_conditions(rule_compile_state, rule_rt,
hit_object_ids[i], attribute_id);
hit_object_uuids[i], attribute_id);
}
rule_compile_state_cache_hit_not_objects(rule_compile_state, rule_rt, hit_object_ids,
rule_compile_state_cache_hit_not_objects(rule_compile_state, rule_rt, hit_object_uuids,
hit_cnt, attribute_id);
return hit_cnt;
}
@@ -1772,9 +1769,12 @@ void rule_compile_state_not_logic_update(struct rule_compile_state *rule_compile
}
struct condition_id_kv *condition_id_kv = NULL;
for (size_t i = 0; i < utarray_len(tbl_object->object_ids); i++) {
long long *object_id = utarray_eltptr(tbl_object->object_ids, i);
struct condition_query_key key = {*object_id, attribute_id, 1};
for (size_t i = 0; i < utarray_len(tbl_object->object_uuids); i++) {
uuid_t *object_uuid = utarray_eltptr(tbl_object->object_uuids, i);
struct condition_query_key key;
key.attribute_id = attribute_id;
key.negate_option = 1;
uuid_copy(key.object_uuid, *object_uuid);
HASH_FIND(hh, rule_rt->not_condition_id_kv_hash, &key, sizeof(key), condition_id_kv);
if (NULL == condition_id_kv) {
@@ -1783,7 +1783,9 @@ void rule_compile_state_not_logic_update(struct rule_compile_state *rule_compile
rule_compile_state_add_hit_not_conditions(rule_compile_state, condition_id_kv->condition_ids);
if (1 == maat_inst->opts.hit_path_on) {
rule_compile_state_add_internal_hit_path(rule_compile_state, -1, *object_id,
uuid_t null_uuid;
uuid_clear(null_uuid);
rule_compile_state_add_internal_hit_path(rule_compile_state, null_uuid, *object_uuid,
attribute_id, 1, Nth_scan);
}
}
@@ -1798,8 +1800,8 @@ size_t rule_compile_state_get_indirect_hit_objects(struct rule_compile_state *ru
for (i = 0; i < utarray_len(rule_compile_state->indirect_hit_objects) && i < array_size; i++) {
hit_object =
(struct maat_hit_object *)utarray_eltptr(rule_compile_state->indirect_hit_objects, i);
object_array[i].item_id = hit_object->item_id;
object_array[i].object_id = hit_object->object_id;
uuid_copy(object_array[i].item_uuid, hit_object->item_uuid);
uuid_copy(object_array[i].object_uuid, hit_object->object_uuid);
object_array[i].attribute_id = hit_object->attribute_id;
}
@@ -1842,8 +1844,8 @@ size_t rule_compile_state_get_direct_hit_objects(struct rule_compile_state *rule
struct maat_hit_object *object = NULL;
for (i = 0; i < utarray_len(direct_hit_object) && i < array_size; i++) {
object = (struct maat_hit_object *)utarray_eltptr(direct_hit_object, i);
object_array[i].item_id = object->item_id;
object_array[i].object_id = object->object_id;
uuid_copy(object_array[i].item_uuid, object->item_uuid);
uuid_copy(object_array[i].object_uuid, object->object_uuid);
object_array[i].attribute_id = object->attribute_id;
}
@@ -1859,7 +1861,7 @@ size_t rule_compile_state_get_direct_hit_object_cnt(struct rule_compile_state *r
size_t rule_compile_state_get_internal_hit_paths(struct rule_compile_state *rule_compile_state,
struct rule_runtime *rule_rt,
struct object2object_runtime *g2g_rt,
struct object2object_runtime *o2o_rt,
struct maat_hit_path *hit_path_array,
size_t array_size)
{
@@ -1872,15 +1874,15 @@ size_t rule_compile_state_get_internal_hit_paths(struct rule_compile_state *rule
/*
NOTE: maybe one item has been deleted, but it's item_id still exist in internal_hit_paths
*/
long long super_object_ids[MAX_HIT_OBJECT_NUM];
UT_array *valid_super_object_ids;
utarray_new(valid_super_object_ids, &ut_rule_object_id_icd);
uuid_t super_object_uuids[MAX_HIT_OBJECT_NUM];
UT_array *valid_super_object_uuids;
utarray_new(valid_super_object_uuids, &ut_rule_object_uuid_icd);
size_t super_object_cnt =
object2object_runtime_get_super_objects(g2g_rt, &(internal_path->object_id), 1,
super_object_ids, MAX_HIT_OBJECT_NUM);
object2object_runtime_get_super_objects(o2o_rt, &(internal_path->object_uuid), 1,
super_object_uuids, MAX_HIT_OBJECT_NUM);
for (size_t idx = 0; idx < super_object_cnt; idx++) {
utarray_push_back(valid_super_object_ids, &super_object_ids[idx]);
utarray_push_back(valid_super_object_uuids, &super_object_uuids[idx]);
}
/*
@@ -1889,24 +1891,25 @@ size_t rule_compile_state_get_internal_hit_paths(struct rule_compile_state *rule
------------------------------------------------------------------------------
NOTE: Add the hit path as long as the item is hit
*/
long long super_object_id = -1;
utarray_push_back(valid_super_object_ids, &super_object_id);
uuid_t super_object_uuid;
uuid_clear(super_object_uuid);
utarray_push_back(valid_super_object_uuids, &super_object_uuid);
long long *p = NULL;
uuid_t *p = NULL;
struct maat_hit_path tmp_path;
for (p = utarray_front(valid_super_object_ids);
for (p = utarray_front(valid_super_object_uuids);
p != NULL && hit_path_cnt < array_size;
p = utarray_next(valid_super_object_ids, p)) {
p = utarray_next(valid_super_object_uuids, p)) {
memset(&tmp_path, 0, sizeof(tmp_path));
tmp_path.Nth_scan = internal_path->Nth_scan;
tmp_path.item_id = internal_path->item_id;
tmp_path.sub_object_id = internal_path->object_id;
tmp_path.top_object_id = *p;
uuid_copy(tmp_path.item_uuid, internal_path->item_uuid);
uuid_copy(tmp_path.sub_object_uuid, internal_path->object_uuid);
uuid_copy(tmp_path.top_object_uuid, *p);
tmp_path.attribute_id = internal_path->attribute_id;
tmp_path.negate_option = internal_path->negate_option;
tmp_path.condition_index = -1;
tmp_path.rule_id = -1;
uuid_clear(tmp_path.rule_uuid);
/* check if internal_path is duplicated from hit_path_array[]
* element */
@@ -1920,7 +1923,7 @@ size_t rule_compile_state_get_internal_hit_paths(struct rule_compile_state *rule
hit_path_array[hit_path_cnt] = tmp_path;
hit_path_cnt++;
}
utarray_free(valid_super_object_ids);
utarray_free(valid_super_object_uuids);
}
return hit_path_cnt;

8
src/maat_stat.c
View File

@@ -244,7 +244,7 @@ static void fs_table_row_refresh(struct maat_stat *stat, int perf_on)
long long total_rule_num = 0, total_scan_bytes = 0, total_update_err = 0;
long long total_scan_times = 0, total_hit_times = 0, total_scan_cpu_time = 0;
long long total_regv6_num = 0, total_hit_item_num = 0, total_hit_pattern_num = 0;
long long g2c_not_condition_num = 0, g2g_excl_rule_num = 0;
long long o2r_not_condition_num = 0, o2o_excl_rule_num = 0;
struct field cell_tag = {
.key = "TBL",
.type = FIELD_VALUE_CSTRING
@@ -273,7 +273,7 @@ static void fs_table_row_refresh(struct maat_stat *stat, int perf_on)
plugin_rule_num += plugin_runtime_rule_count(runtime);
break;
case TABLE_TYPE_OBJECT2OBJECT:
g2g_excl_rule_num += object2object_runtime_exclude_rule_count(runtime);
o2o_excl_rule_num += object2object_runtime_exclude_rule_count(runtime);
break;
case TABLE_TYPE_EXPR:
case TABLE_TYPE_EXPR_PLUS:
@@ -412,11 +412,11 @@ static void fs_table_row_refresh(struct maat_stat *stat, int perf_on)
fieldstat_easy_counter_set(stat->fs_handle, 0,
stat->g_metric_id[STATUS_CONDITION_REF_NOT_NUM],
NULL, 0, g2c_not_condition_num);
NULL, 0, o2r_not_condition_num);
fieldstat_easy_counter_set(stat->fs_handle, 0,
stat->g_metric_id[STATUS_OBJECT_REF_EXCL_NUM],
NULL, 0, g2g_excl_rule_num);
NULL, 0, o2o_excl_rule_num);
}

12
src/maat_table.c
View File

@@ -59,7 +59,7 @@ struct table_manager {
enum expr_engine_type engine_type;
int default_rule_table_id;
int g2g_table_id;
int o2o_table_id;
struct maat_kv_store *tbl_name2id_map;
struct maat_kv_store *conj_tbl_name2id_map;
struct maat_kv_store *attr_name2id_map;
@@ -929,7 +929,7 @@ table_manager_create(const char *table_info_path, const char *accept_tags,
}
int default_rule_table_id = -1;
int g2g_table_id = -1;
int o2o_table_id = -1;
struct maat_kv_store *reserved_word_map = maat_kv_store_new();
register_reserved_word(reserved_word_map);
@@ -967,7 +967,7 @@ table_manager_create(const char *table_info_path, const char *accept_tags,
}
if (maat_tbl->table_type == TABLE_TYPE_OBJECT2OBJECT) {
g2g_table_id = maat_tbl->table_id;
o2o_table_id = maat_tbl->table_id;
}
if (maat_tbl->table_type >= TABLE_TYPE_FLAG && maat_tbl->table_type <= TABLE_TYPE_INTERVAL_PLUS) {
@@ -984,10 +984,10 @@ table_manager_create(const char *table_info_path, const char *accept_tags,
}
tbl_mgr->default_rule_table_id = default_rule_table_id;
tbl_mgr->g2g_table_id = g2g_table_id;
tbl_mgr->o2o_table_id = o2o_table_id;
log_info(logger, MODULE_TABLE, "default rule table id: %d", default_rule_table_id);
log_info(logger, MODULE_TABLE, "object2object table id: %d", g2g_table_id);
log_info(logger, MODULE_TABLE, "object2object table id: %d", o2o_table_id);
next:
FREE(json_buff);
maat_kv_store_free(reserved_word_map);
@@ -1241,7 +1241,7 @@ int table_manager_get_object2object_table_id(struct table_manager *tbl_mgr)
return -1;
}
return tbl_mgr->g2g_table_id;
return tbl_mgr->o2o_table_id;
}
void *table_manager_get_schema(struct table_manager *tbl_mgr, int table_id)