gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
731 Commits 7 Branches 200 Tags
fa0489abfca3461806c801ab744d96fce99ccc14
Commit Graph

162 Commits

Author SHA1 Message Date
liuwentan
d4e1670987 add bool_plugin & fqdn_plugin unit-test 2023-02-24 17:29:38 +08:00
liuwentan
d1aee82fe2 compile/plugin table callback function normalization 2023-02-23 11:37:02 +08:00
liuwentan
9578be5ff3 uint64_t -> long long 2023-02-22 15:22:41 +08:00
liuwentan
ac51c70426 compile_id,group_id,item_id support uint64_t 2023-02-22 15:08:52 +08:00
liuwentan
f8543d9f96 table_name->table_id and compile table callback 2023-02-21 11:27:18 +08:00
liuwentan
24b27429a5 change table_id->table_name 2023-02-20 11:43:43 +08:00
liuwentan
bbed56db80 compile table support conjunction, ip_plugin support cidr 2023-02-20 10:57:40 +08:00
liuwentan
379efcf027 cpp->c and expr support configurable generation of literal_db or regex_db 2023-02-15 11:53:46 +08:00
liuwentan
d5e6808e1f support expr offset match 2023-02-09 22:13:15 +08:00
liuwentan
c1902f8deb fix flag_matcher and interval_matcher compile error 2023-02-07 11:25:31 +08:00
liuwentan
4d2f783874 add flagMatcher and IntevalMatcher 2023-02-06 08:14:25 +08:00
liuwentan
57f0a0581a unfinished work 2023-02-03 17:28:14 +08:00
liuwentan
cca7d882e1 refactor hierarchy and maat_table 2023-01-31 20:39:53 +08:00
liuwentan
25f944a1d1 unfinished work 2023-01-30 21:59:35 +08:00
liuwentan
3d4b833e48 hierarchy refactor unfinished 2023-01-06 18:54:59 +08:00
liuwentan
9778267b48 add dynamic config unit-test and hierarchy unfinished 2022-12-14 15:28:21 +08:00
liuwentan
83bdf09dc9 support log 2022-12-10 00:37:51 +08:00
liuwentan
0536083cbe support scan ip 2022-12-09 17:12:18 +08:00
liuwentan
6ba2f6241e add conjunction table 2022-12-06 00:35:36 +08:00
liuwentan
6d18cf0f36 add input mode unit-test 2022-12-05 23:21:18 +08:00
liuwentan
ea4c1ba4c3 add json/redis rule parser 2022-12-03 22:23:41 +08:00
liuwentan
84a271144b fix memory leak and add framework test 2022-11-29 14:12:40 +08:00
liuwentan
7e6d131c9e framework work well 2022-11-25 16:32:29 +08:00
liuwentan
2a83517894 unfinished work 2022-11-17 05:05:35 +08:00
zhengchao
7e860f2c58 Refactor from scratch. 2022-10-26 14:41:22 +08:00
Zheng Chao
18ece0b026 Stash for source insight 2022-10-26 10:25:16 +08:00
zhengchao
e5c9d7a2a0 Hyperscan adapter is in progress. 2022-10-25 13:17:02 +08:00
zhengchao
f88f730fd6 Upgrade hiredis library: hiredis-vip-0.3.0.tar.gz -> hiredis-1.0.2.tar.gz. 2022-08-23 19:04:35 +08:00
zhengchao
10118ffed3 Add unit test cases for Boolean Expression Plugin (bool_plug) table. 2022-08-23 18:32:03 +08:00
zhengchao
ddd36c2969 Refactor table schema and runtime to support boolean expression plugin. 2022-08-23 15:04:55 +08:00
zhengchao
258ece3fa1 从redis读取到无对应table的rule时,写日志。 2022-06-30 14:39:22 +08:00
zhengchao
af4cdebe2c 修复bug: IP Plugin和FQDN Plugin更新时, 先释放了哈希表索引的ex data, 后进行匹配引擎重建,导致匹配线程从旧的匹配引擎中访问到已释放的结构体,造成Segmentation fault TSG-10486 2022-04-28 11:32:14 +08:00
zhengchao
a184be53de ex data更新可能耗时10秒以上,超过全局垃圾回收时间,导致非法内存访问。因此, 每个表的ex data使用独立的垃圾回收队列,每次更新完毕时强制回收。 2022-03-03 15:39:39 +05:00
zhengchao
732a944ff4 EX_data中的hash表使用RCU更新,替代读写锁,提高多线程下的访问性能。 2022-01-21 22:31:13 +05:00
zhengchao
6e50978258 maat stat输出plugin(含EX data)、fqdn_plugin、IP_plugin中有效规则的数量。调整outer scan_status的计数方式。 2021-10-24 12:04:11 +03:00
zhengchao
d954c5a011 expr_plus和interval_plus表的district对英文大小写不敏感。 2021-10-20 00:02:43 +03:00
zhengchao
342c3c36b3 将rulescan.h的编码由GBK转为utf8 2021-10-12 11:52:45 +03:00
zhengchao
2eb2a4aca9 修复bug:对于已命中编译配置的mid,扫描expr_plus或interval_plus表,命中表达式/区间,但没命中district时,会错误的返回之前已命中的编译配置。 2021-10-11 19:16:17 +03:00
zhengchao
593bcfb907 修复 TSG-7994 ,避免处理未知district时出现误命中。 2021-10-11 12:00:26 +03:00
zhengchao
d86d220f33 Rebase. 适配支持Prometheus输出的Field Stat2 2021-08-19 22:10:36 +08:00
liuxueli
97ea56eb86 TSG-7066: 支持--prefix参数安装,支持查看changelog 
TSG-7390: 支持输出扫描状态到prometheus
 2021-08-14 16:22:10 +08:00
zhengchao
50934de91d Plugin表更新后,不需要进行Hierarchy的重建。 2021-08-05 13:51:17 +08:00
zhengchao
c4c1ade152 变更table runtime垃圾回收机制的单元测试通过。 2021-08-05 10:08:21 +08:00
zhengchao
c7e9b29309 IP Plugin和FQDN Plugin内部实现垃圾回收,不再由外部调用。 2021-08-05 00:39:32 +08:00
zhengchao
e356d74bc0 重构table runtime工作量较大,准备放弃。 2021-08-05 00:22:00 +08:00
zhengchao
7e3b746eaa 未对FQDN Plugin表的changed_flag进行重置,产生不必要的FQDN Engine重建 2021-08-04 23:18:02 +08:00
zhengchao
479eb77369 基于Maat_cmd的测试用例增加扫描状态输出。 2021-07-21 15:30:30 +08:00
zhengchao
0037646ef6 因使用MAAT_SET_SCAN_NO_COUNT后,在Group移除region id时会出现误命中,移除对MAAT_SET_SCAN_NO_COUNT的支持。 回调表使用feather中的垃圾回收队列,便于观察队列长度。 2021-07-21 14:48:08 +08:00
zhengchao
1e2e3a1798 改进Hierarchy的多线程扫描性能: Hierarchy使用rwlock来保证更新线程和扫描线程间的线程安全, 测试发现在不发生读写锁冲突的情况下, 读写锁的固有开销会导致并发扫描速度降低。 
reference:
https://stackoverflow.com/questions/11866486/how-many-simultaneous-readers-can-a-pthread-rwlock-have
 2021-07-19 20:55:12 +08:00
zhengchao
233bc2f0ef Maat_set_scan_status可以设置MAAT_SET_SCAN_NO_COUNT类型参数, 指示下一次扫描不进行计数,以减少hit path的存储开销。 2021-07-19 20:55:12 +08:00