Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Faster rules validation #694

Merged
merged 5 commits into from
Jul 5, 2019
Merged

Faster rules validation #694

merged 5 commits into from
Jul 5, 2019

Conversation

mstemm
Copy link
Contributor

@mstemm mstemm commented Jun 29, 2019
edited by leodido
Loading

What type of PR is this?

Uncomment only one /kind <> line, hit enter to put that in a new line, and remove leading whitespaces from that line:

/kind bug
/kind cleanup
/kind design
/kind documentation
/kind failing-test

/kind feature

/kind flaky-test

If contributing rules or changes to rules, please make sure to uncomment the appropriate kind

/kind rule/update
/kind rule/create

Any specific area of the project related to this PR?

/area engine

/area rules
/area deployment
/area integrations
/area examples

What this PR does / why we need it:
Improve rule loading performance by optimizing lua parsing paths to avoid expensive pattern matches.

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

Improve rule loading performance by optimizing lua parsing paths to avoid expensive pattern matches.

@poiana poiana requested review from leodido and mfdii June 29, 2019 00:32
@poiana poiana added the size/XL label Jun 29, 2019
@mstemm mstemm changed the title WIP: Faster rules validation Faster rules validation Jul 3, 2019
@mstemm
Make field index information public
a23f6a9 
Json-related filtercheck fields supported indexing with brackets, but
when looking at the field descriptions you couldn't tell if a field
allowed an index, required an index, or did not allow an index.

This information was available, but it was a part of the protected
aliases map within the class.

Move this to the public field information so it can be used outside the
class.

Also add m_ prefixes for member names, now that the struct isn't
trivial.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
@mstemm
More efficient searches for defined filters
7b274da 
Instead of iterating over the entire list of filters and doing pattern
matches against each defined filter, perform table lookups.

For filters that take arguments e.g. proc.aname[3] or evt.arg.xxx, split
the filtercheck string on bracket/dot and check the values against a
table.

There are now two tables of defined filters: defined_arg_filters and
defined_noarg_filters. Each filter is put into a table depending on
whether the filter takes an argument or not.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
@mstemm
Skip unnecessary string cleanups
a15f6fc 
We shouldn't need to clean up strings via a cleanup function and don't
need to do it via a bunch of string.gsub() functions.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
@mstemm
Look up priorities using a table
4ddfa3c 
This is faster than iteration + string case changes.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
@mstemm
Expand lists without using regsub
9e7b59e 
To speed up list expansion, instead of using regexes to replace a list
name with its contents, do string searches followed by examining the
preceding/following characters for the proper delimiter.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
leodido
leodido approved these changes Jul 5, 2019
View reviewed changes
Copy link
Member

@leodido leodido left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM !

@poiana poiana added the lgtm label Jul 5, 2019
@poiana
Copy link
Contributor

poiana commented Jul 5, 2019

LGTM label has been added.

Git tree hash: 10e776a4a8ddeb7de69bfe2d5969c90f2ad4eb6f

@poiana
Copy link
Contributor

poiana commented Jul 5, 2019

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: leodido

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@poiana poiana added the approved label Jul 5, 2019
@mstemm
Copy link
Contributor Author

mstemm commented Jul 5, 2019

I'm going to merge this, as it has a lgtm and travis passed. I don't know why tide says the tests have not passed, though.

@mstemm mstemm merged commit 7501c3c into dev Jul 5, 2019
@poiana poiana deleted the faster-rules-validation branch July 5, 2019 22:29
@fntlnz
Copy link
Contributor

fntlnz commented Jul 6, 2019

@mstemm travis-ci.com has a bug and does not report back the status to github in a correct way. So, once we have all green and lgtm we just merge. When we will switch to the new CI @markyjackson-taulia is working on PRs will be automatically merged as before.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@leodido leodido leodido approved these changes

@mfdii mfdii Awaiting requested review from mfdii

Assignees

@leodido leodido

Labels
approved area/engine dco-signoff: yes kind/feature lgtm release-note size/XL
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@mstemm @poiana @fntlnz @leodido