对WAF正则缓存增加命中率检查

internal/waf/utils/utils.go

@@ -1,14 +1,24 @@
 package utils
 
 import (
+	teaconst "github.com/TeaOSLab/EdgeNode/internal/const"
 	"github.com/TeaOSLab/EdgeNode/internal/re"
 	"github.com/TeaOSLab/EdgeNode/internal/ttlcache"
+	"github.com/TeaOSLab/EdgeNode/internal/utils/cachehits"
 	"github.com/TeaOSLab/EdgeNode/internal/utils/fasttime"
 	"github.com/cespare/xxhash"
 	"strconv"
 )
 
 var cache = ttlcache.NewCache[int8]()
+var cacheHits *cachehits.Stat
+
+func init() {
+	if !teaconst.IsMain {
+		return
+	}
+	cacheHits = cachehits.NewStat(5)
+}
 
 const (
 	maxCacheDataSize = 1024
@@ -29,15 +39,18 @@ func MatchStringCache(regex *re.Regexp, s string, cacheLife CacheLife) bool {
 		return false
 	}
 
+	var regIdString = regex.IdString()
+
 	// 如果长度超过一定数量，大概率是不能重用的
-	if cacheLife <= 0 || len(s) > maxCacheDataSize {
+	if cacheLife <= 0 || len(s) > maxCacheDataSize || !cacheHits.IsGood(regIdString) {
 		return regex.MatchString(s)
 	}
 
 	var hash = xxhash.Sum64String(s)
-	var key = regex.IdString() + "@" + strconv.FormatUint(hash, 10)
+	var key = regIdString + "@" + strconv.FormatUint(hash, 10)
 	var item = cache.Read(key)
 	if item != nil {
+		cacheHits.IncreaseHit(regIdString)
 		return item.Value == 1
 	}
 	var b = regex.MatchString(s)
@@ -46,6 +59,7 @@ func MatchStringCache(regex *re.Regexp, s string, cacheLife CacheLife) bool {
 	} else {
 		cache.Write(key, 0, fasttime.Now().Unix()+cacheLife)
 	}
+	cacheHits.IncreaseCached(regIdString)
 	return b
 }
 
@@ -55,15 +69,18 @@ func MatchBytesCache(regex *re.Regexp, byteSlice []byte, cacheLife CacheLife) bo
 		return false
 	}
 
+	var regIdString = regex.IdString()
+
 	// 如果长度超过一定数量，大概率是不能重用的
-	if cacheLife <= 0 || len(byteSlice) > maxCacheDataSize {
+	if cacheLife <= 0 || len(byteSlice) > maxCacheDataSize || !cacheHits.IsGood(regIdString) {
 		return regex.Match(byteSlice)
 	}
 
 	var hash = xxhash.Sum64(byteSlice)
-	var key = regex.IdString() + "@" + strconv.FormatUint(hash, 10)
+	var key = regIdString + "@" + strconv.FormatUint(hash, 10)
 	var item = cache.Read(key)
 	if item != nil {
+		cacheHits.IncreaseHit(regIdString)
 		return item.Value == 1
 	}
 	if item != nil {
@@ -75,5 +92,6 @@ func MatchBytesCache(regex *re.Regexp, byteSlice []byte, cacheLife CacheLife) bo
 	} else {
 		cache.Write(key, 0, fasttime.Now().Unix()+cacheLife)
 	}
+	cacheHits.IncreaseCached(regIdString)
 	return b
 }

internal/waf/utils/utils_test.go

@@ -2,7 +2,9 @@ package utils_test
 
 import (
 	"github.com/TeaOSLab/EdgeNode/internal/re"
+	"github.com/TeaOSLab/EdgeNode/internal/utils/testutils"
 	"github.com/TeaOSLab/EdgeNode/internal/waf/utils"
+	"github.com/iwind/TeaGo/rands"
 	"net/http"
 	"regexp"
 	"runtime"
@@ -27,7 +29,11 @@ func TestMatchBytesCache(t *testing.T) {
 }
 
 func TestMatchRemoteCache(t *testing.T) {
-	client := http.Client{}
+	if !testutils.IsSingleTesting() {
+		return
+	}
+
+	var client = http.Client{}
 	for i := 0; i < 200_0000; i++ {
 		req, err := http.NewRequest(http.MethodGet, "http://192.168.2.30:8882/?arg="+strconv.Itoa(i), nil)
 		if err != nil {
@@ -63,6 +69,18 @@ func BenchmarkMatchStringCache(b *testing.B) {
 	}
 }
 
+func BenchmarkMatchStringCache_LowHit(b *testing.B) {
+	runtime.GOMAXPROCS(1)
+
+	var regex = re.MustCompile(`(?iU)\b(eval|system|exec|execute|passthru|shell_exec|phpinfo)\b`)
+	//b.Log(regex.Keywords())
+
+	for i := 0; i < b.N; i++ {
+		var data = strings.Repeat("A", rands.Int(0, 100))
+		_ = utils.MatchStringCache(regex, data, utils.CacheShortLife)
+	}
+}
+
 func BenchmarkMatchStringCache_WithoutCache(b *testing.B) {
 	runtime.GOMAXPROCS(1)