diff --git a/docs/api_reference.md b/docs/api_reference.md index c21d138..91376d1 100644 --- a/docs/api_reference.md +++ b/docs/api_reference.md @@ -861,9 +861,9 @@ int maat_scan_not_logic(struct maat *instance, int table_id, size_t *n_hit_result, struct maat_state *state); ``` -If the rule configuration contains NOT-clauses, this interface needs to be called to activate the calculation of rule_id involving NOT-clauses. This means that other scanning interfaces will not activate NOT-clauses except for calling this interface. When to call this interface is determined by the caller. For example, on a session, four packets were scanned with maat_scan_string and three rule_id were hit. The NOT-clause was expected to be activated, so this interface was called and two new rule_id were hit. +If the rule configuration contains NOT-conditions, this interface needs to be called to activate the calculation of rule_id involving NOT-conditions. This means that other scanning interfaces will not activate NOT-conditions except for calling this interface. When to call this interface is determined by the caller. For example, on a session, four packets were scanned with maat_scan_string and three rule_id were hit. The NOT-condition was expected to be activated, so this interface was called and two new rule_id were hit. -Since this interface only activates non-clauses and does not call the underlying scanning engine to perform actual scanning tasks, there is no data to be scanned. +Since this interface only activates non-conditions and does not call the underlying scanning engine to perform actual scanning tasks, there is no data to be scanned. ### maat_stream_new diff --git a/docs/getting_started.md b/docs/getting_started.md index 49cb606..dce8e43 100644 --- a/docs/getting_started.md +++ b/docs/getting_started.md @@ -48,7 +48,7 @@ Table schema is stored in a json file(such as table_info.conf), which is loaded "custom": { "rule_id":1, "tags":6, - "clause_num":9 + "condition_num":9 } }, { @@ -62,7 +62,7 @@ Table schema is stored in a json file(such as table_info.conf), which is loaded "rule_id":2, "not_flag":4, "attribute_name":5, - "clause_index":6 + "condition_index":6 } }, { diff --git a/docs/history.md b/docs/history.md index 84d4c75..429a429 100644 --- a/docs/history.md +++ b/docs/history.md @@ -11,7 +11,7 @@ | v3.1.1 | 2020-9-27 | Add explanation for creating attributes on multiple different types of physical tables | Zheng Chao | | v3.1.0 | 2020-9-18 | Add FQDN callback table | Zheng Chao | | v3.0.4 | 2020-8-17 | Add extended numerical domain configuration interval_plus | Zheng Chao | -| v3.0 | 2020-6-29 | Maat 3.0, support clauses, original grouping table split into grouping relationship table and grouping compilation table | Zheng Chao | +| v3.0 | 2020-6-29 | Maat 3.0, support conditions, original grouping table split into grouping relationship table and grouping compilation table | Zheng Chao | | v2.8 | 2020-3-13 | Support composite tables | Zheng Chao | | v2.8 | 2020-2-11 | Support Hit Path | Zheng Chao | | v2.8 | 2020-2-4 | Support sorting strategies by Evaluation Order | Zheng Chao | diff --git a/docs/logical_combinations.md b/docs/logical_combinations.md index 0716393..2f4064f 100644 --- a/docs/logical_combinations.md +++ b/docs/logical_combinations.md @@ -33,7 +33,7 @@ Before showing how to configure the specific rules, we need some raw materials ( ## AND logic -`Note`: Each rule supports a maximum of 8 clauses, which are connected by the logical 'AND' relationship, with clause index ranging from 0 to 7. +`Note`: Each rule supports a maximum of 8 conditions, which are connected by the logical 'AND' relationship, with condition index ranging from 0 to 7. * case1: Deny hosts with source IP addresses in the range of 192.168.1.11 to 192.168.1.20 from accessing the website www.baidu.com. @@ -41,8 +41,8 @@ Before showing how to configure the specific rules, we need some raw materials ( * www.baidu.com => group_id(201) ```bash -rule(rule) = clause1 & clause2 - = {attribute1, group1, clause_index1} & {attribute2, group2, clause_index2} +rule(rule) = condition1 & condition2 + = {attribute1, group1, condition_index1} & {attribute2, group2, condition_index2} = {2, 211, 1} & {1, 201, 2} ``` @@ -52,19 +52,19 @@ rule(rule) = clause1 & clause2 * 端口80 ~ 80 => group_id(221) ```bash -rule(rule) = clause1 & clause2 - = {attribute1, group1, clause_index1} & {attribute2, group2, clause_index2} +rule(rule) = condition1 & condition2 + = {attribute1, group1, condition_index1} & {attribute2, group2, condition_index2} = {2, 211, 1} & {3, 221, 2} ``` The JSON configuration for the logical `AND` can be referenced at [unit_test Json configuration](../test/maat_json.json) with rule_id=152. -group_name: "152_mail_addr" and group_name: "interval_group_refered" are two clauses of this rule, with a logical `AND` relationship between them. +group_name: "152_mail_addr" and group_name: "interval_group_refered" are two conditions of this rule, with a logical `AND` relationship between them. ## OR logic -`Note`: Multiple groups under the same clause have a logical 'OR' relationship. +`Note`: Multiple groups under the same condition have a logical 'OR' relationship. * case1: Deny hosts with source IP addresses in the range of 192.168.1.11 to 192.168.1.30 from accessing the website www.baidu.com. @@ -73,8 +73,8 @@ group_name: "152_mail_addr" and group_name: "interval_group_refered" are two cla * www.baidu.com => group_id(201) ```bash -rule(rule) = clause1 & clause2 - = {attribute1, (group1 | group2), clause_index1} & {attribute2, group3, clause_index2} +rule(rule) = condition1 & condition2 + = {attribute1, (group1 | group2), condition_index1} & {attribute2, group3, condition_index2} = {2, (211 | 212), 1} & {1, 201, 2} ``` @@ -85,8 +85,8 @@ rule(rule) = clause1 & clause2 * port 443 ~ 443 => group_id(222) ```bash -rule(rule) = clause1 & clause2 - = {attribute1, group1, clause_index1} & {attribute2, (group2 | group3), clause_index2} +rule(rule) = condition1 & condition2 + = {attribute1, group1, condition_index1} & {attribute2, (group2 | group3), condition_index2} = {2, 211, 1} & {3, (221 | 222), 2} ``` @@ -97,7 +97,7 @@ group_name: "152_mail_addr" contains two regions(items) with a logical `OR` rela ## NOT logic -`Note`: Only clauses can support NOT-logic. +`Note`: Only conditions can support NOT-logic. * case1: Hosts with source ip addresses ranging from 192.168.1.11 to 192.168.1.20 are allowed to access websites other than www.baidu.com. @@ -105,8 +105,8 @@ group_name: "152_mail_addr" contains two regions(items) with a logical `OR` rela * www.baidu.com => group_id(201) ```bash -rule(rule) = clause1 & !clause2 - = {attribute1, group1, clause_index1} & !{attribute2, group2, clause_index2} +rule(rule) = condition1 & !condition2 + = {attribute1, group1, condition_index1} & !{attribute2, group2, condition_index2} = {2, 211, 1} & !{1, 201, 2} ``` @@ -117,14 +117,14 @@ rule(rule) = clause1 & !clause2 * port 443 ~ 443 => group_id(222) ```bash -rule(rule) = clause1 & !clause2 - = {attribute1, group1, clause_index1} & !{attribute2, (group2 | group3), clause_index2} +rule(rule) = condition1 & !condition2 + = {attribute1, group1, condition_index1} & !{attribute2, (group2 | group3), condition_index2} = {2, 211, 1} & !{3, (221 | 222), 2} ``` The JSON configuration for the logical `OR` can be referenced at [unit_test Json configuration](../test/maat_json.json) with rule_id=145. -The group_name: "123_IP_group" is a NOT clause of this rule. +The group_name: "123_IP_group" is a NOT condition of this rule. ## Group exclude @@ -147,8 +147,8 @@ super_group1 = group1 exclude group2 And then configure the rule. ```bash -rule(rule) = clause1 & clause2 - = {attribute1, super_group1, clause_index1} & {attribute2, group2, clause_index2} +rule(rule) = condition1 & condition2 + = {attribute1, super_group1, condition_index1} & {attribute2, group2, condition_index2} = {2, (210 exclude 211), 1} & {1, 201, 2} ``` @@ -166,8 +166,8 @@ super_group2 = group2 exclude group3 And then configure the rule. ```bash -rule(rule) = clause1 & clause2 - = {attribute1, group1, clause_index1} & {attribute2, super_group2, clause_index2} +rule(rule) = condition1 & condition2 + = {attribute1, group1, condition_index1} & {attribute2, super_group2, condition_index2} = {2, 211, 1} & {1, (202 exclude 201), 2} ``` diff --git a/docs/maat_table.md b/docs/maat_table.md index 06763ea..cf34468 100644 --- a/docs/maat_table.md +++ b/docs/maat_table.md @@ -245,7 +245,7 @@ Describe the specific policy, one maat instance can has multiple rule tables wit | **rule_id** | LONG LONG | primary key, rule id | | **tags** | VARCHAR2(1024) | default 0,means no tag | | **is_valid** | INT | 0(invalid),1(valid) | -| **clause_num** | INT | no more than 8 clauses | +| **condition_num** | INT | no more than 8 conditions | ### 1.3 group2rule table @@ -256,9 +256,9 @@ Describe the relationship between group and rule. | **group_ids** | VARCHAR(256) | group ids are separated by commas(g1,g2,g3) | | **rule_id** | LONG LONG | rule id | | **is_valid** | INT | 0(invalid), 1(valid) | -| **not_flag** | INT | logical 'NOT', identify a NOT clause, 0(no) 1(yes) | +| **not_flag** | INT | logical 'NOT', identify a NOT condition, 0(no) 1(yes) | | **attribute** | VARCHAR2(256) | attribute name, NOT NULL | -| **Nth_clause** | INT | the clause seq in (conjunctive normal form)CNF, from 0 to 7. groups with the same clause ID are logical 'OR' | +| **Nth_condition** | INT | the condition seq in (conjunctive normal form)CNF, from 0 to 7. groups with the same condition ID are logical 'OR' | NOTE: If group_id is invalid in xx_item table, it must be marked as invalid in this table. @@ -441,25 +441,25 @@ The `group2group_runtime` is a runtime that is built based on the reference rela In addition to the rule table, there is also the group2rule table in the table schema. However, from a runtime perspective, the configurations of these two tables together constitute rule_runtime. This means that there is no standalone group2rule_runtime. Rule_runtime is the most complex among all runtime types because it serves multiple functions. -**Note:** This will involve the terminology of [clause](./terminology.md#clause). +**Note:** This will involve the terminology of [condition](./terminology.md#condition). -1. For expressions without NOT-clauses, returning the matched rule_id: +1. For expressions without NOT-conditions, returning the matched rule_id: - * rule1 = clause1 & clause2 = {attribute1, g1} & {attribute2, g2} + * rule1 = condition1 & condition2 = {attribute1, g1} & {attribute2, g2} - * rule2 = clause1 & clause2 = {attribute1, g2} & {attribute2, g3} + * rule2 = condition1 & condition2 = {attribute1, g2} & {attribute2, g3} Given the matched attribute_id and group_id, all matching rule_ids can be provided. For example, if scanning attribute1 matches g2 and attribute2 matches g3, rule_runtime will return the matched rule_id 2. -2. For expressions with NOT-clauses, returning the matched rule_id: +2. For expressions with NOT-conditions, returning the matched rule_id: - * rule3 = clause1 & !clause2 = {attribute1, g1} & !{attribute2, g2} + * rule3 = condition1 & !condition2 = {attribute1, g1} & !{attribute2, g2} - * rule4 = !clause1 & clause2 = !{attribute1, g2} & {attribute2, g3} + * rule4 = !condition1 & condition2 = !{attribute1, g2} & {attribute2, g3} If scanning attribute1 matches g1 and attribute2 matches g3, rule_runtime will return the matched rule_id 4. -3. If a rule_id is matched, the full hit path can be obtained: **item_id -> group_id ->** {super_group_id} -> clause{**attribute_id, not_flag, clause_index} -> rule_id**. If the matched group is not referenced by a rule, a half hit path can be obtained: **item_id -> group_id** -> {super_group_id}. +3. If a rule_id is matched, the full hit path can be obtained: **item_id -> group_id ->** {super_group_id} -> condition{**attribute_id, not_flag, condition_index} -> rule_id**. If the matched group is not referenced by a rule, a half hit path can be obtained: **item_id -> group_id** -> {super_group_id}. 4. Getting the matched group_ids and the count of hit groups. @@ -469,13 +469,13 @@ The internal structure of rule_runtime is as follows, including the control plan * **Control plane** -Rule runtime loads the rule table and group2rule table configurations into memory, assigning a unique clause_id to all clauses of each rule. The following three parts are constructed based on the clause_id: +Rule runtime loads the rule table and group2rule table configurations into memory, assigning a unique condition_id to all conditions of each rule. The following three parts are constructed based on the condition_id: -1. All clause_ids under the same rule are used to construct AND expressions, and all rule AND expressions are used to build a bool_matcher. +1. All condition_ids under the same rule are used to construct AND expressions, and all rule AND expressions are used to build a bool_matcher. -2. For not_flag=0 (clauses), a `clause_id hash` is built, key:{group_id, attribute_id, not_flag}, value:clause_id. +2. For not_flag=0 (conditions), a `condition_id hash` is built, key:{group_id, attribute_id, not_flag}, value:condition_id. -3. For not_flag=1 (NOT-clauses), a `NOT_clause_id hash` is built, key:{group_id, attribute_id, not_flag}, value:clause_id. +3. For not_flag=1 (NOT-conditions), a `NOT_condition_id hash` is built, key:{group_id, attribute_id, not_flag}, value:condition_id. * **Data Plane** @@ -485,18 +485,18 @@ On the data plane, services are provided externally through the maat API, primar * The hit item_id and group_id form a half-hit path. -* The group_id that is hit and the scanned `attribute_id` form the key {group_id, attribute_id, 0}. This key is used to find the `hit clause_ids` in the clause_id hash. +* The group_id that is hit and the scanned `attribute_id` form the key {group_id, attribute_id, 0}. This key is used to find the `hit condition_ids` in the condition_id hash. -* Use the key {group_id, attribute_id, 1} to search for NOT_clause_ids in the NOT_clause_id hash and cache them as `exclude clause_ids`. These clause_ids need to be removed from all clause_ids that are eventually hit. This is because the scan hit {group_id, attribute_id, 0} => clause_id, leading to the deduction that {group_id, attribute_id, 1} => NOT_clause_id does not hit. +* Use the key {group_id, attribute_id, 1} to search for NOT_condition_ids in the NOT_condition_id hash and cache them as `exclude condition_ids`. These condition_ids need to be removed from all condition_ids that are eventually hit. This is because the scan hit {group_id, attribute_id, 0} => condition_id, leading to the deduction that {group_id, attribute_id, 1} => NOT_condition_id does not hit. -* Identify the group_ids in attribute_id table that appear in the NOT_clause and add them to the `NOT_clause_group` set. Ensure that this set does not contain any group_id that was hit during scanning. If any such group_id is present, remove it from the set to form the final `NOT_clause_group` for the attribute_id table. +* Identify the group_ids in attribute_id table that appear in the NOT_condition and add them to the `NOT_condition_group` set. Ensure that this set does not contain any group_id that was hit during scanning. If any such group_id is present, remove it from the set to form the final `NOT_condition_group` for the attribute_id table. -* Use the hit clause_ids to determine if there are any hit rule_ids. If there are, populate the half-hit path which will become full-hit path. +* Use the hit condition_ids to determine if there are any hit rule_ids. If there are, populate the half-hit path which will become full-hit path. -2. **maat_scan_not_logic**: This interface is used to activate NOT-clause logic. +2. **maat_scan_not_logic**: This interface is used to activate NOT-condition logic. -* Traverse the `NOT_clause_group` of `attribute_id`. For each `group_id`, form a key `{group_id, attribute_id, 1}` to obtain the `NOT_clause_id`. If it is in the `exclude clause_ids` set, ignore it; otherwise, add it to the `all hit clause_ids` set as a hit `NOT_clause_id`, and record the half-hit path of the NOT-clause. +* Traverse the `NOT_condition_group` of `attribute_id`. For each `group_id`, form a key `{group_id, attribute_id, 1}` to obtain the `NOT_condition_id`. If it is in the `exclude condition_ids` set, ignore it; otherwise, add it to the `all hit condition_ids` set as a hit `NOT_condition_id`, and record the half-hit path of the NOT-condition. -* Use the `all hit clause_ids` to calculate if there are any newly hit rule_ids. If there are, populate the half-hit path of the NOT-clause which will become full-hit path. +* Use the `all hit condition_ids` to calculate if there are any newly hit rule_ids. If there are, populate the half-hit path of the NOT-condition which will become full-hit path. 3. **xx_get_hit_path**: This interface is used to retrieve the hit path. \ No newline at end of file diff --git a/docs/monitor_tools.md b/docs/monitor_tools.md index f64865a..7851bf5 100644 --- a/docs/monitor_tools.md +++ b/docs/monitor_tools.md @@ -22,7 +22,7 @@ The statistical information in the above figure is divided into two parts, part1 - plug_acc_num: total number of configurations for plugin tables -- NOT_clause_num: total number of NOT-clauses +- NOT_condition_num: total number of NOT-conditions - excl_grp_num: total number of exclude groups diff --git a/docs/overview.md b/docs/overview.md index ba37bd5..bb3f795 100644 --- a/docs/overview.md +++ b/docs/overview.md @@ -24,11 +24,11 @@ The physical tables are mainly divided into three categories: the item table, gr ### 1.2 Configuration relationship -As shown in the diagram below, maat organizes and abstracts configurations using terms such as item, group, literal, clause, rule, etc., allowing users to flexibly configure various policies. The term "literal" is an internal concept in maat and is not visible to external users. +As shown in the diagram below, maat organizes and abstracts configurations using terms such as item, group, literal, condition, rule, etc., allowing users to flexibly configure various policies. The term "literal" is an internal concept in maat and is not visible to external users. In addition, groups support nesting. For more detailed information, please refer to [group hierarchy](./group_hierarchy.md). -If we define literal_id = {attribute_id, group_id}, then a literal is composed of one or more literal_ids. The multiple literal_ids that form the same clause have a logical “OR” relationship. The multiple clauses that form the same rule have a logical “AND” relationship, and there can be a maximum of 8 clauses within the same rule. In addition, the clause itself supports logical "NOT". +If we define literal_id = {attribute_id, group_id}, then a literal is composed of one or more literal_ids. The multiple literal_ids that form the same condition have a logical “OR” relationship. The multiple conditions that form the same rule have a logical “AND” relationship, and there can be a maximum of 8 conditions within the same rule. In addition, the condition itself supports logical "NOT". diff --git a/docs/terminology.md b/docs/terminology.md index a9d8fac..29760b5 100644 --- a/docs/terminology.md +++ b/docs/terminology.md @@ -3,7 +3,7 @@ * [Item](#item) * [Group(Object)](#groupobject) * [Rule(Policy)](#rulepolicy) -* [Clause(Condition)](#clause) +* [Condition(Condition)](#condition) * [Literal](#literal) * [Physical table](#physical-table) * [Attribute](#attribute) @@ -50,21 +50,21 @@ The relationship between group and group is stored in the [group2group table](./ A conjunctive normal form(CNF) consisting of multiple groups and attributes. -`Note`: A rule can contain up to 8 clauses and multiple clauses in the same rule can be logical 'AND' and logical 'NOT' relationships. +`Note`: A rule can contain up to 8 conditions and multiple conditions in the same rule can be logical 'AND' and logical 'NOT' relationships. The relationship between group and rule is stored in the [group2rule table](./maat_table.md#13-group2rule-table). exclude -## Clause +## Condition -A clause consists of several Literals and the relationship between them is a `logical 'OR'`. +A condition consists of several Literals and the relationship between them is a `logical 'OR'`. -Clauses are divided into two categories based on whether they contain the logical "NOT" operation: `clause` and `NOT-clause`. In Maat, the logical "NOT" only appears in the clause, which means that if you want to use the logical "NOT", you need to configure clauses for the rules. +Conditions are divided into two categories based on whether they contain the logical "NOT" operation: `condition` and `NOT-condition`. In Maat, the logical "NOT" only appears in the condition, which means that if you want to use the logical "NOT", you need to configure conditions for the rules. ## Literal -A Literal consists of `attribute_id(attribute id)` and `group_id`. During the rules loading process, a unique clause_id will be generated based on the combination of attribute_id and group_id in the same clause. +A Literal consists of `attribute_id(attribute id)` and `group_id`. During the rules loading process, a unique condition_id will be generated based on the combination of attribute_id and group_id in the same condition. ## Physical table diff --git a/include/maat.h b/include/maat.h index d5b35bc..6aa27b5 100644 --- a/include/maat.h +++ b/include/maat.h @@ -30,8 +30,8 @@ struct maat; struct maat_hit_path { int Nth_scan; int attribute_id; // 0 is not a attribute. - int NOT_flag; // 1 means NOT clause(condition) - int clause_index; // 0 ~ 7 + int NOT_flag; // 1 means NOT condition(condition) + int condition_index; // 0 ~ 7 long long item_id; long long sub_group_id; long long top_group_id; diff --git a/src/inc_internal/maat_rule.h b/src/inc_internal/maat_rule.h index 46b24dc..da1bb45 100644 --- a/src/inc_internal/maat_rule.h +++ b/src/inc_internal/maat_rule.h @@ -77,7 +77,7 @@ int group2rule_runtime_update(void *g2c_runtime, void *g2c_schema, const char *table_name, const char *line, int valid_column); -long long group2rule_runtime_not_clause_count(void *g2c_runtime); +long long group2rule_runtime_not_condition_count(void *g2c_runtime); long long group2rule_runtime_rule_count(void *g2c_runtime); diff --git a/src/json2iris.c b/src/json2iris.c index 65c1534..567666d 100644 --- a/src/json2iris.c +++ b/src/json2iris.c @@ -644,7 +644,7 @@ write_region_rule(cJSON *region_json, int rule_id, int group_id, static int write_group2rule_line(int *group_ids, size_t n_group_id, int rule_id, int group_not_flag, - int clause_index, const char *attribute, + int condition_index, const char *attribute, struct iris_description *p_iris, struct iris_table *g2c_table) { @@ -670,10 +670,10 @@ write_group2rule_line(int *group_ids, size_t n_group_id, } group_id_str[strlen(group_id_str) - 1] = '\0'; snprintf(buff, sizeof(buff), "%s\t%d\t%d\t%s\t%d\t1\n", group_id_str, - rule_id, group_not_flag, attribute, clause_index); + rule_id, group_not_flag, attribute, condition_index); } else { snprintf(buff, sizeof(buff), "%d\t%d\t%d\t%s\t%d\t1\n", group_ids[0], - rule_id, group_not_flag, attribute, clause_index); + rule_id, group_not_flag, attribute, condition_index); } table->write_pos += memcat(&(table->buff), table->write_pos, @@ -754,7 +754,7 @@ write_group_rule(cJSON *group_json, int parent_id, { int ret = 0; int group_not_flag = 0; - int clause_index = 0; + int condition_index = 0; const char *group_name = NULL; char group_name_array[32][MAX_NAME_STR_LEN]; size_t group_name_cnt = 0; @@ -804,11 +804,11 @@ write_group_rule(cJSON *group_json, int parent_id, group_not_flag = item->valueint; } - item = cJSON_GetObjectItem(group_json, "clause_index"); + item = cJSON_GetObjectItem(group_json, "condition_index"); if (NULL == item || item->type != cJSON_Number) { - clause_index = Nth_group; + condition_index = Nth_group; } else { - clause_index = item->valueint; + condition_index = item->valueint; } item = cJSON_GetObjectItem(group_json, "g2c_table_name"); @@ -833,7 +833,7 @@ write_group_rule(cJSON *group_json, int parent_id, } assert(parent_type == PARENT_TYPE_RULE); ret = write_group2rule_line(group_ids, group_name_cnt, parent_id, - group_not_flag, clause_index, + group_not_flag, condition_index, attribute, p_iris, g2c_table); } else { @@ -894,7 +894,7 @@ write_group_rule(cJSON *group_json, int parent_id, if (parent_type == PARENT_TYPE_RULE) { ret = write_group2rule_line(&(group_info->group_id), 1, parent_id, - group_not_flag, clause_index, + group_not_flag, condition_index, attribute, p_iris, g2c_table); if (ret < 0) { log_fatal(logger, MODULE_JSON2IRIS, @@ -923,34 +923,34 @@ write_rule_line(cJSON *rule, struct iris_description *p_iris, cJSON *group_array = cJSON_GetObjectItem(rule, "groups"); int group_num = cJSON_GetArraySize(group_array); - int *clause_ids = ALLOC(int, group_num); - int clause_num = 0; + int *condition_ids = ALLOC(int, group_num); + int condition_num = 0; cJSON *group_obj = NULL; cJSON_ArrayForEach(group_obj, group_array) { - item = cJSON_GetObjectItem(group_obj, "clause_index"); + item = cJSON_GetObjectItem(group_obj, "condition_index"); if (item) { int i = 0; - int clause_index = item->valueint; - for (i = 0; i < clause_num; i++) { - if (clause_ids[i] == clause_index) { + int condition_index = item->valueint; + for (i = 0; i < condition_num; i++) { + if (condition_ids[i] == condition_index) { break; } } - if (i == clause_num) { - clause_ids[clause_num] = clause_index; - clause_num++; + if (i == condition_num) { + condition_ids[condition_num] = condition_index; + condition_num++; } } } - FREE(clause_ids); + FREE(condition_ids); - if (clause_num == 0) { - clause_num = group_num; + if (condition_num == 0) { + condition_num = group_num; } - cJSON_AddNumberToObject(rule, "clause_num", clause_num); + cJSON_AddNumberToObject(rule, "condition_num", condition_num); struct translate_command rule_cmd[MAX_COLUMN_NUM]; memset(rule_cmd, 0, sizeof(rule_cmd)); @@ -987,7 +987,7 @@ write_rule_line(cJSON *rule, struct iris_description *p_iris, rule_cmd[cmd_cnt].json_type = cJSON_String; cmd_cnt++; - rule_cmd[cmd_cnt].json_string = "clause_num"; + rule_cmd[cmd_cnt].json_string = "condition_num"; rule_cmd[cmd_cnt].json_type = cJSON_Number; cmd_cnt++; diff --git a/src/maat_rule.c b/src/maat_rule.c index dd19bb9..0674440 100644 --- a/src/maat_rule.c +++ b/src/maat_rule.c @@ -28,17 +28,17 @@ #define MODULE_RULE module_name_str("maat.rule") -#define MAX_NOT_CLAUSE_NUM 8 +#define MAX_NOT_CONDITION_NUM 8 -enum clause_not_flag { - CLAUSE_NOT_FLAG_UNSET = 0, - CLAUSE_NOT_FLAG_SET +enum condition_not_flag { + CONDITION_NOT_FLAG_UNSET = 0, + CONDITION_NOT_FLAG_SET }; struct rule_schema { int rule_id_column; int rule_tag_column; - int declared_clause_num_column; + int declared_condition_num_column; int table_id; struct table_manager *ref_tbl_mgr; struct log_handle *logger; @@ -49,14 +49,14 @@ struct group2rule_schema { int rule_id_column; int not_flag_column; int attribute_name_column; - int clause_index_column; + int condition_index_column; int asso_rule_table_id; //asso is abbreviation for associated int table_id; struct table_manager *ref_tbl_mgr; }; struct rule_item { - int declared_clause_num; + int declared_condition_num; long long rule_id; char *table_line; size_t table_line_len; @@ -67,25 +67,25 @@ struct group2rule_item { long long rule_id; int not_flag; int attribute_id; - int clause_index; + int condition_index; }; -struct clause_query_key { +struct condition_query_key { long long group_id; int attribute_id; int not_flag; }; -struct clause_id_kv { - struct clause_query_key key; - UT_array *clause_ids; +struct condition_id_kv { + struct condition_query_key key; + UT_array *condition_ids; UT_hash_handle hh; }; -struct table_clause { +struct table_condition { int attribute_id; - int actual_clause_num; - UT_array *clause_ids; + int actual_condition_num; + UT_array *condition_ids; UT_array *group_ids; UT_hash_handle hh; }; @@ -101,8 +101,8 @@ struct rule_runtime { struct bool_matcher *bm; struct rcu_hash_table *cfg_hash; // struct maat_runtime *ref_maat_rt; - struct clause_id_kv *clause_id_kv_hash; //store clause_ids(not_flag == 0) - struct clause_id_kv *not_clause_id_kv_hash; //store NOT_clause_ids(not_flag == 1) + struct condition_id_kv *condition_id_kv_hash; //store condition_ids(not_flag == 0) + struct condition_id_kv *not_condition_id_kv_hash; //store NOT_condition_ids(not_flag == 1) struct bool_expr_match *expr_match_buff; struct maat_garbage_bin *ref_garbage_bin; struct log_handle *logger; @@ -113,41 +113,41 @@ struct rule_runtime { }; struct group2rule_runtime { - long long not_clause_cnt; + long long not_condition_cnt; long long rule_num; long long update_err_cnt; struct rule_runtime *ref_rule_rt; - struct table_clause *tbl_not_clause_hash; //each attribute's not clause number <= MAX_NOT_CLAUSE_NUM + struct table_condition *tbl_not_condition_hash; //each attribute's not condition number <= MAX_NOT_CONDITION_NUM }; -struct clause_literal { +struct condition_literal { long long group_ids[MAX_GROUP_CNT]; int group_cnt; int attribute_id; }; -struct rule_clause { - long long clause_id; - UT_array *literals; //struct clause_literal +struct rule_condition { + long long condition_id; + UT_array *literals; //struct condition_literal char not_flag; // 1 byte char in_use; // 1 byte char pad[6]; // for 8 bytes alignment }; struct rule_sort_para { - int declared_clause_num; + int declared_condition_num; long long rule_id; }; #define MAAT_RULE_MAGIC 0x4a5b6c7d struct maat_rule { uint32_t magic_num; - int actual_clause_num; - int declared_clause_num; + int actual_condition_num; + int declared_condition_num; int table_id; long long rule_id; void *user_data; // rule_item - struct rule_clause clauses[MAX_ITEMS_PER_BOOL_EXPR]; + struct rule_condition conditions[MAX_ITEMS_PER_BOOL_EXPR]; }; struct internal_hit_path { @@ -155,7 +155,7 @@ struct internal_hit_path { long long group_id; int Nth_scan; int attribute_id; - int NOT_flag; // 1 means NOT clause + int NOT_flag; // 1 means NOT condition }; struct rule2table_id { @@ -169,10 +169,10 @@ struct rule_state { time_t rule_rt_version; UT_array *internal_hit_paths; - UT_array *all_hit_clauses; - UT_array *this_scan_hit_clauses; - UT_array *this_scan_hit_not_clauses; - UT_array *exclude_not_clauses; + UT_array *all_hit_conditions; + UT_array *this_scan_hit_conditions; + UT_array *this_scan_hit_not_conditions; + UT_array *exclude_not_conditions; UT_array *direct_hit_groups; UT_array *indirect_hit_groups; UT_array *last_hit_groups; @@ -180,8 +180,8 @@ struct rule_state { struct table_group *hit_not_tbl_groups; }; -UT_icd ut_clause_id_icd = {sizeof(long long), NULL, NULL, NULL}; -UT_icd ut_clause_literal_icd = {sizeof(struct clause_literal), NULL, NULL, NULL}; +UT_icd ut_condition_id_icd = {sizeof(long long), NULL, NULL, NULL}; +UT_icd ut_condition_literal_icd = {sizeof(struct condition_literal), NULL, NULL, NULL}; UT_icd ut_rule_group_id_icd = {sizeof(long long), NULL, NULL, NULL}; UT_icd ut_maat_hit_group_icd = {sizeof(struct maat_hit_group), NULL, NULL, NULL}; UT_icd ut_hit_path_icd = {sizeof(struct internal_hit_path), NULL, NULL, NULL}; @@ -195,23 +195,23 @@ static struct maat_rule *maat_rule_new(long long rule_id) rule->rule_id = rule_id; for(int i = 0; i < MAX_ITEMS_PER_BOOL_EXPR; i++) { - utarray_new(rule->clauses[i].literals, &ut_clause_literal_icd); - rule->clauses[i].in_use = 0; - rule->clauses[i].clause_id = 0; + utarray_new(rule->conditions[i].literals, &ut_condition_literal_icd); + rule->conditions[i].in_use = 0; + rule->conditions[i].condition_id = 0; } return rule; } static int maat_rule_set(struct maat_rule *rule, int table_id, - int declared_clause_num, void *user_data) + int declared_condition_num, void *user_data) { if (NULL == rule) { return -1; } rule->table_id = table_id; - rule->declared_clause_num = declared_clause_num; + rule->declared_condition_num = declared_condition_num; rule->user_data = user_data; return 0; @@ -281,22 +281,22 @@ rule_item_new(const char *table_line, struct rule_schema *schema, } rule_item->rule_id = atoll(table_line + column_offset); - ret = get_column_pos(table_line, schema->declared_clause_num_column, + ret = get_column_pos(table_line, schema->declared_condition_num_column, &column_offset, &column_len); if (ret < 0) { log_fatal(logger, MODULE_RULE, - "[%s:%d] table: <%s> has no clause_num in line:%s", + "[%s:%d] table: <%s> has no condition_num in line:%s", __FUNCTION__, __LINE__, table_name, table_line); goto error; } - rule_item->declared_clause_num = atoi(table_line + column_offset); - if (rule_item->declared_clause_num < 0 || - rule_item->declared_clause_num > MAX_NOT_CLAUSE_NUM) { + rule_item->declared_condition_num = atoi(table_line + column_offset); + if (rule_item->declared_condition_num < 0 || + rule_item->declared_condition_num > MAX_NOT_CONDITION_NUM) { log_fatal(logger, MODULE_RULE, - "[%s:%d] table: <%s> clause_num:%d exceed maximum:%d in line:%s", - __FUNCTION__, __LINE__, table_name, rule_item->declared_clause_num, - MAX_NOT_CLAUSE_NUM, table_line); + "[%s:%d] table: <%s> condition_num:%d exceed maximum:%d in line:%s", + __FUNCTION__, __LINE__, table_name, rule_item->declared_condition_num, + MAX_NOT_CONDITION_NUM, table_line); goto error; } @@ -312,7 +312,7 @@ error: static void rule_item_free(struct rule_item *item) { - item->declared_clause_num = 0; + item->declared_condition_num = 0; if (item->table_line != NULL) { FREE(item->table_line); @@ -323,7 +323,7 @@ static void rule_item_free(struct rule_item *item) static void maat_rule_free(struct maat_rule *rule) { - struct rule_clause *clause = NULL; + struct rule_condition *condition = NULL; if (rule->user_data != NULL) { rule_item_free(rule->user_data); @@ -331,15 +331,15 @@ static void maat_rule_free(struct maat_rule *rule) } for (int i = 0; i < MAX_ITEMS_PER_BOOL_EXPR; i++) { - clause = rule->clauses + i; + condition = rule->conditions + i; - if (clause->literals != NULL) { - utarray_free(clause->literals); - clause->literals = NULL; + if (condition->literals != NULL) { + utarray_free(condition->literals); + condition->literals = NULL; } - clause->in_use = 0; - clause->clause_id = 0; + condition->in_use = 0; + condition->condition_id = 0; } rule->magic_num = 0; @@ -393,12 +393,12 @@ void *rule_schema_new(cJSON *json, struct table_manager *tbl_mgr, schema->rule_tag_column = custom_item->valueint; } - custom_item = cJSON_GetObjectItem(item, "clause_num"); + custom_item = cJSON_GetObjectItem(item, "condition_num"); if (custom_item != NULL && custom_item->type == cJSON_Number) { - schema->declared_clause_num_column = custom_item->valueint; + schema->declared_condition_num_column = custom_item->valueint; } else { log_fatal(logger, MODULE_RULE, - "[%s:%d] table: <%s> schema has no clause_num column", + "[%s:%d] table: <%s> schema has no condition_num column", __FUNCTION__, __LINE__, table_name); goto error; } @@ -489,12 +489,12 @@ void *group2rule_schema_new(cJSON *json, struct table_manager *tbl_mgr, goto error; } - custom_item = cJSON_GetObjectItem(item, "clause_index"); + custom_item = cJSON_GetObjectItem(item, "condition_index"); if (custom_item != NULL && custom_item->type == cJSON_Number) { - g2c_schema->clause_index_column = custom_item->valueint; + g2c_schema->condition_index_column = custom_item->valueint; } else { log_fatal(logger, MODULE_RULE, - "[%s:%d] table: <%s> schema has no clause_index column", + "[%s:%d] table: <%s> schema has no condition_index column", __FUNCTION__, __LINE__, table_name); goto error; } @@ -533,33 +533,33 @@ void *rule_runtime_new(void *rule_schema, size_t max_thread_num, max_thread_num * MAX_HIT_RULE_NUM); rule_rt->version = time(NULL); rule_rt->cfg_hash = rcu_hash_new(rcu_rule_cfg_free, NULL, RULE_GC_TIMEOUT_S); - rule_rt->clause_id_kv_hash = NULL; - rule_rt->not_clause_id_kv_hash = NULL; + rule_rt->condition_id_kv_hash = NULL; + rule_rt->not_condition_id_kv_hash = NULL; rule_rt->logger = logger; rule_rt->ref_garbage_bin = garbage_bin; return rule_rt; } -static void clause_id_kv_hash_free(struct clause_id_kv *hash) +static void condition_id_kv_hash_free(struct condition_id_kv *hash) { - struct clause_id_kv *clause_id_kv = NULL, *tmp_clause_id_kv = NULL; + struct condition_id_kv *condition_id_kv = NULL, *tmp_condition_id_kv = NULL; - HASH_ITER(hh, hash, clause_id_kv, tmp_clause_id_kv) { - HASH_DEL(hash, clause_id_kv); - if (clause_id_kv->clause_ids != NULL) { - utarray_free(clause_id_kv->clause_ids); - clause_id_kv->clause_ids = NULL; + HASH_ITER(hh, hash, condition_id_kv, tmp_condition_id_kv) { + HASH_DEL(hash, condition_id_kv); + if (condition_id_kv->condition_ids != NULL) { + utarray_free(condition_id_kv->condition_ids); + condition_id_kv->condition_ids = NULL; } - FREE(clause_id_kv); + FREE(condition_id_kv); } assert(hash == NULL); } -static void garbage_clause_id_kv_hash_free(void *hash, void *arg) +static void garbage_condition_id_kv_hash_free(void *hash, void *arg) { - clause_id_kv_hash_free((struct clause_id_kv *)hash); + condition_id_kv_hash_free((struct condition_id_kv *)hash); } void rule_runtime_free(void *rule_runtime) @@ -580,14 +580,14 @@ void rule_runtime_free(void *rule_runtime) rule_rt->cfg_hash = NULL; } - if (rule_rt->clause_id_kv_hash != NULL) { - clause_id_kv_hash_free(rule_rt->clause_id_kv_hash); - rule_rt->clause_id_kv_hash = NULL; + if (rule_rt->condition_id_kv_hash != NULL) { + condition_id_kv_hash_free(rule_rt->condition_id_kv_hash); + rule_rt->condition_id_kv_hash = NULL; } - if (rule_rt->not_clause_id_kv_hash != NULL) { - clause_id_kv_hash_free(rule_rt->not_clause_id_kv_hash); - rule_rt->not_clause_id_kv_hash = NULL; + if (rule_rt->not_condition_id_kv_hash != NULL) { + condition_id_kv_hash_free(rule_rt->not_condition_id_kv_hash); + rule_rt->not_condition_id_kv_hash = NULL; } if (rule_rt->expr_match_buff != NULL) { @@ -620,7 +620,7 @@ void *group2rule_runtime_new(void *g2c_schema, size_t max_thread_num, struct group2rule_runtime *g2c_rt = ALLOC(struct group2rule_runtime, 1); - g2c_rt->tbl_not_clause_hash = NULL; + g2c_rt->tbl_not_condition_hash = NULL; return g2c_rt; } @@ -642,14 +642,14 @@ void group2rule_runtime_free(void *g2c_runtime) struct group2rule_runtime *g2c_rt = (struct group2rule_runtime *)g2c_runtime; - if (g2c_rt->tbl_not_clause_hash != NULL) { - struct table_clause *not_clause = NULL, *tmp_not_clause = NULL; - HASH_ITER(hh, g2c_rt->tbl_not_clause_hash, not_clause, tmp_not_clause) { - HASH_DEL(g2c_rt->tbl_not_clause_hash, not_clause); - FREE(not_clause); + if (g2c_rt->tbl_not_condition_hash != NULL) { + struct table_condition *not_condition = NULL, *tmp_not_condition = NULL; + HASH_ITER(hh, g2c_rt->tbl_not_condition_hash, not_condition, tmp_not_condition) { + HASH_DEL(g2c_rt->tbl_not_condition_hash, not_condition); + FREE(not_condition); } } - assert(g2c_rt->tbl_not_clause_hash == NULL); + assert(g2c_rt->tbl_not_condition_hash == NULL); FREE(g2c_runtime); } @@ -742,8 +742,8 @@ group2rule_item_new(const char *line, struct group2rule_schema *g2c_schema, } g2c_item->not_flag = atoi(line + column_offset); - if (g2c_item->not_flag != CLAUSE_NOT_FLAG_SET && - g2c_item->not_flag != CLAUSE_NOT_FLAG_UNSET) { + if (g2c_item->not_flag != CONDITION_NOT_FLAG_SET && + g2c_item->not_flag != CONDITION_NOT_FLAG_UNSET) { log_fatal(logger, MODULE_RULE, "[%s:%d] g2c table:<%s> NOT_flag:%d is illegal in line:%s ", __FUNCTION__, __LINE__, table_name, g2c_item->not_flag, line); @@ -781,21 +781,21 @@ group2rule_item_new(const char *line, struct group2rule_schema *g2c_schema, } } - ret = get_column_pos(line, g2c_schema->clause_index_column, &column_offset, + ret = get_column_pos(line, g2c_schema->condition_index_column, &column_offset, &column_len); if (ret < 0) { log_fatal(logger, MODULE_RULE, - "[%s:%d] g2c table:<%s> has no clause_index in line:%s", + "[%s:%d] g2c table:<%s> has no condition_index in line:%s", __FUNCTION__, __LINE__, table_name, line); goto error; } - g2c_item->clause_index = atoi(line + column_offset); - if (g2c_item->clause_index < 0 || g2c_item->clause_index >= MAX_NOT_CLAUSE_NUM) { + g2c_item->condition_index = atoi(line + column_offset); + if (g2c_item->condition_index < 0 || g2c_item->condition_index >= MAX_NOT_CONDITION_NUM) { log_fatal(logger, MODULE_RULE, - "[%s:%d] g2c table:<%s> clause_index:%d exceed maximum:%d in line:%s", - __FUNCTION__, __LINE__, table_name, g2c_item->clause_index, - MAX_NOT_CLAUSE_NUM, line); + "[%s:%d] g2c table:<%s> condition_index:%d exceed maximum:%d in line:%s", + __FUNCTION__, __LINE__, table_name, g2c_item->condition_index, + MAX_NOT_CONDITION_NUM, line); goto error; } @@ -819,10 +819,10 @@ static inline int compare_group_id(const void *a, const void *b) } } -static void rule_clause_add_literal(struct rule_clause *clause, +static void rule_condition_add_literal(struct rule_condition *condition, struct group2rule_item *g2c_item) { - struct clause_literal tmp_literal; + struct condition_literal tmp_literal; tmp_literal.attribute_id = g2c_item->attribute_id; tmp_literal.group_cnt = utarray_len(g2c_item->group_ids); utarray_sort(g2c_item->group_ids, compare_group_id); @@ -830,33 +830,33 @@ static void rule_clause_add_literal(struct rule_clause *clause, for (size_t i = 0; i < utarray_len(g2c_item->group_ids); i++) { tmp_literal.group_ids[i] = *(long long *)utarray_eltptr(g2c_item->group_ids, i); } - utarray_push_back(clause->literals, &tmp_literal); + utarray_push_back(condition->literals, &tmp_literal); } -void rule_clause_remove_literal(struct rule_clause *clause, +void rule_condition_remove_literal(struct rule_condition *condition, struct group2rule_item *g2c_item) { - struct clause_literal *tmp_literal = NULL; + struct condition_literal *tmp_literal = NULL; - for (size_t i = 0; i < utarray_len(clause->literals); i++) { - tmp_literal = (struct clause_literal *)utarray_eltptr(clause->literals, i); + for (size_t i = 0; i < utarray_len(condition->literals); i++) { + tmp_literal = (struct condition_literal *)utarray_eltptr(condition->literals, i); if (tmp_literal->attribute_id == g2c_item->attribute_id) { - size_t remove_idx = utarray_eltidx(clause->literals, tmp_literal); - utarray_erase(clause->literals, remove_idx, 1); + size_t remove_idx = utarray_eltidx(condition->literals, tmp_literal); + utarray_erase(condition->literals, remove_idx, 1); break; } } } -static int maat_rule_clause_find_literal(struct maat_rule *rule, +static int maat_rule_condition_find_literal(struct maat_rule *rule, struct group2rule_item *g2c_item) { - struct rule_clause *clause = rule->clauses + g2c_item->clause_index; - struct clause_literal *tmp_literal = NULL; + struct rule_condition *condition = rule->conditions + g2c_item->condition_index; + struct condition_literal *tmp_literal = NULL; int found = 0; - for (size_t i = 0; i < utarray_len(clause->literals); i++) { - tmp_literal = (struct clause_literal *)utarray_eltptr(clause->literals, i); + for (size_t i = 0; i < utarray_len(condition->literals); i++) { + tmp_literal = (struct condition_literal *)utarray_eltptr(condition->literals, i); if (tmp_literal->attribute_id == g2c_item->attribute_id) { found = 1; } @@ -865,31 +865,31 @@ static int maat_rule_clause_find_literal(struct maat_rule *rule, return found; } -static void maat_rule_clause_add_literal(struct maat_rule *rule, +static void maat_rule_condition_add_literal(struct maat_rule *rule, struct group2rule_item *g2c_item) { - struct rule_clause *clause = rule->clauses + g2c_item->clause_index; + struct rule_condition *condition = rule->conditions + g2c_item->condition_index; - clause->not_flag = g2c_item->not_flag; + condition->not_flag = g2c_item->not_flag; - if (0 == clause->in_use) { - clause->in_use = 1; - rule->actual_clause_num++; + if (0 == condition->in_use) { + condition->in_use = 1; + rule->actual_condition_num++; } - rule_clause_add_literal(clause, g2c_item); + rule_condition_add_literal(condition, g2c_item); } -static void maat_rule_clause_remove_literal(struct maat_rule *rule, +static void maat_rule_condition_remove_literal(struct maat_rule *rule, struct group2rule_item *g2c_item) { - struct rule_clause *clause = rule->clauses + g2c_item->clause_index; + struct rule_condition *condition = rule->conditions + g2c_item->condition_index; - rule_clause_remove_literal(clause, g2c_item); - if (0 == utarray_len(clause->literals)) { - clause->in_use = 0; - clause->clause_id = 0; - rule->actual_clause_num--; + rule_condition_remove_literal(condition, g2c_item); + if (0 == utarray_len(condition->literals)) { + condition->in_use = 0; + condition->condition_id = 0; + rule->actual_condition_num--; } } @@ -902,9 +902,9 @@ maat_rule_bool_matcher_new(struct rule_runtime *rule_rt, } size_t i = 0, j = 0, idx = 0; - int has_clause_num = 0; + int has_condition_num = 0; - // STEP 1, update clause_id of each rule + // STEP 1, update condition_id of each rule void **data_array = NULL; struct maat_rule *iter_rule = NULL; size_t node_cnt = rcu_updating_hash_list(rule_rt->cfg_hash, &data_array); @@ -912,50 +912,50 @@ maat_rule_bool_matcher_new(struct rule_runtime *rule_rt, for (idx = 0; idx < node_cnt; idx++) { iter_rule = (struct maat_rule *)data_array[idx]; - has_clause_num = 0; + has_condition_num = 0; for (i = 0; i < MAX_ITEMS_PER_BOOL_EXPR; i++) { - struct rule_clause *clause = iter_rule->clauses + i; - if (!clause->in_use) { + struct rule_condition *condition = iter_rule->conditions + i; + if (!condition->in_use) { continue; } - has_clause_num++; - if (0 == clause->clause_id) { - clause->clause_id = - maat_runtime_get_sequence(rule_rt->ref_maat_rt, "clause_id"); + has_condition_num++; + if (0 == condition->condition_id) { + condition->condition_id = + maat_runtime_get_sequence(rule_rt->ref_maat_rt, "condition_id"); } } - assert(has_clause_num == iter_rule->actual_clause_num); + assert(has_condition_num == iter_rule->actual_condition_num); } - // STEP 2, serial rule clause states to a bool expression array + // STEP 2, serial rule condition states to a bool expression array size_t expr_cnt = 0; struct bool_expr *bool_expr_array = ALLOC(struct bool_expr, node_cnt); for (idx = 0; idx < node_cnt; idx++) { iter_rule = (struct maat_rule *)data_array[idx]; for (i = 0, j = 0; i < MAX_ITEMS_PER_BOOL_EXPR; i++) { - if (iter_rule->clauses[i].in_use) { + if (iter_rule->conditions[i].in_use) { // TODO:mytest need to delete #if 0 - struct clause_literal *tmp_cl = NULL; - for(tmp_cl = (struct clause_literal *)utarray_front(iter_rule->clauses[i].literals); tmp_cl !=NULL; - tmp_cl = (struct clause_literal *)utarray_next(iter_rule->clauses[i].literals, tmp_cl)) { + struct condition_literal *tmp_cl = NULL; + for(tmp_cl = (struct condition_literal *)utarray_front(iter_rule->conditions[i].literals); tmp_cl !=NULL; + tmp_cl = (struct condition_literal *)utarray_next(iter_rule->conditions[i].literals, tmp_cl)) { for (size_t it = 0; it < tmp_cl->group_cnt; it++) { - printf(" rule_rt:%p rule_id:%lld, clause_id:%llu, clause_query_key{%lld: %d, %d}\n", - rule_rt, iter_rule->rule_id, iter_rule->clauses[i].clause_id, tmp_cl->group_ids[it], - tmp_cl->attribute_id, iter_rule->clauses[i].not_flag); + printf(" rule_rt:%p rule_id:%lld, condition_id:%llu, condition_query_key{%lld: %d, %d}\n", + rule_rt, iter_rule->rule_id, iter_rule->conditions[i].condition_id, tmp_cl->group_ids[it], + tmp_cl->attribute_id, iter_rule->conditions[i].not_flag); } } #endif - bool_expr_array[expr_cnt].items[j].item_id = iter_rule->clauses[i].clause_id; + bool_expr_array[expr_cnt].items[j].item_id = iter_rule->conditions[i].condition_id; bool_expr_array[expr_cnt].items[j].not_flag = 0; j++; } } // some rule may have zero groups, e.g. default policy. - if (j == (size_t)iter_rule->declared_clause_num && j > 0) { + if (j == (size_t)iter_rule->declared_condition_num && j > 0) { bool_expr_array[expr_cnt].expr_id = iter_rule->rule_id; bool_expr_array[expr_cnt].user_tag = iter_rule; bool_expr_array[expr_cnt].item_num = j; @@ -989,7 +989,7 @@ maat_rule_bool_matcher_new(struct rule_runtime *rule_rt, return bm; } -static inline int compare_clause_id(const void *a, const void *b) +static inline int compare_condition_id(const void *a, const void *b) { long long ret = *(const long long *)a - *(const long long *)b; @@ -1032,90 +1032,90 @@ static inline int compare_rule_id(const void *a, const void *b) } /** - * @brief build hash for clause or not_clause + * @brief build hash for condition or not_condition * * @param rule_rt: rule runtime handle - * @param not_flag: specify whether to build clause or NOT_clause hash for rule runtime - * 0 -> clause hash - * 1 -> NOT_clause hash + * @param not_flag: specify whether to build condition or NOT_condition hash for rule runtime + * 0 -> condition hash + * 1 -> NOT_condition hash * - * @retval generated clause_id_kv_hash + * @retval generated condition_id_kv_hash */ -static struct clause_id_kv * -build_clause_id_kv_hash(struct rule_runtime *rule_rt, int not_flag) +static struct condition_id_kv * +build_condition_id_kv_hash(struct rule_runtime *rule_rt, int not_flag) { if (NULL == rule_rt) { return NULL; } void **data_array = NULL; - struct clause_id_kv *clause_id_kv_hash = NULL; + struct condition_id_kv *condition_id_kv_hash = NULL; size_t rule_cnt = rcu_updating_hash_list(rule_rt->cfg_hash, &data_array); for (size_t idx = 0; idx < rule_cnt; idx++) { struct maat_rule *rule = (struct maat_rule *)data_array[idx]; for (size_t i = 0; i < MAX_ITEMS_PER_BOOL_EXPR; i++) { - struct rule_clause *clause = rule->clauses + i; - if (!clause->in_use) { + struct rule_condition *condition = rule->conditions + i; + if (!condition->in_use) { continue; } if (0 == not_flag) { - if (CLAUSE_NOT_FLAG_SET == clause->not_flag) { + if (CONDITION_NOT_FLAG_SET == condition->not_flag) { continue; } } else { - if (CLAUSE_NOT_FLAG_UNSET == clause->not_flag) { + if (CONDITION_NOT_FLAG_UNSET == condition->not_flag) { continue; } } - struct clause_literal *tmp_cl = NULL; - for (size_t j = 0; j < utarray_len(clause->literals); j++) { - tmp_cl = (struct clause_literal *)utarray_eltptr(clause->literals, j); + struct condition_literal *tmp_cl = NULL; + for (size_t j = 0; j < utarray_len(condition->literals); j++) { + tmp_cl = (struct condition_literal *)utarray_eltptr(condition->literals, j); for (size_t k = 0; k < tmp_cl->group_cnt; k++) { - struct clause_query_key key = - {tmp_cl->group_ids[k], tmp_cl->attribute_id, clause->not_flag}; - struct clause_id_kv *clause_id_kv = NULL; + struct condition_query_key key = + {tmp_cl->group_ids[k], tmp_cl->attribute_id, condition->not_flag}; + struct condition_id_kv *condition_id_kv = NULL; - HASH_FIND(hh, clause_id_kv_hash, &key, sizeof(struct clause_query_key), - clause_id_kv); - if (NULL == clause_id_kv) { - clause_id_kv = ALLOC(struct clause_id_kv, 1); - clause_id_kv->key = key; - utarray_new(clause_id_kv->clause_ids, &ut_clause_id_icd); - HASH_ADD_KEYPTR(hh, clause_id_kv_hash, &clause_id_kv->key, - sizeof(clause_id_kv->key), clause_id_kv); + HASH_FIND(hh, condition_id_kv_hash, &key, sizeof(struct condition_query_key), + condition_id_kv); + if (NULL == condition_id_kv) { + condition_id_kv = ALLOC(struct condition_id_kv, 1); + condition_id_kv->key = key; + utarray_new(condition_id_kv->condition_ids, &ut_condition_id_icd); + HASH_ADD_KEYPTR(hh, condition_id_kv_hash, &condition_id_kv->key, + sizeof(condition_id_kv->key), condition_id_kv); } - if (utarray_find(clause_id_kv->clause_ids, &(clause->clause_id), - compare_clause_id)) { + if (utarray_find(condition_id_kv->condition_ids, &(condition->condition_id), + compare_condition_id)) { continue; } - utarray_push_back(clause_id_kv->clause_ids, &(clause->clause_id)); - utarray_sort(clause_id_kv->clause_ids, compare_clause_id); + utarray_push_back(condition_id_kv->condition_ids, &(condition->condition_id)); + utarray_sort(condition_id_kv->condition_ids, compare_condition_id); } } } } FREE(data_array); - return clause_id_kv_hash; + return condition_id_kv_hash; } static int -maat_rule_has_clause(struct maat_rule *rule, long long clause_id) +maat_rule_has_condition(struct maat_rule *rule, long long condition_id) { - struct rule_clause *clause = NULL; + struct rule_condition *condition = NULL; for (size_t i = 0; i < MAX_ITEMS_PER_BOOL_EXPR; i++) { - clause = rule->clauses + i; - if (!clause->in_use) { + condition = rule->conditions + i; + if (!condition->in_use) { continue; } - if (clause->clause_id == clause_id) { + if (condition->condition_id == condition_id) { return 1; } } @@ -1131,21 +1131,21 @@ rule_state_if_new_hit_rule(struct rule_state *rule_state, size_t r_in_c_cnt = 0; int ret = 0; - long long new_hit_clause_id = 0; + long long new_hit_condition_id = 0; if (0 == rule_state->this_scan_not_logic) { - for (i = 0; i < utarray_len(rule_state->this_scan_hit_clauses); i++) { - new_hit_clause_id = - *(long long*)utarray_eltptr(rule_state->this_scan_hit_clauses, i); - ret = maat_rule_has_clause(rule, new_hit_clause_id); + for (i = 0; i < utarray_len(rule_state->this_scan_hit_conditions); i++) { + new_hit_condition_id = + *(long long*)utarray_eltptr(rule_state->this_scan_hit_conditions, i); + ret = maat_rule_has_condition(rule, new_hit_condition_id); if (ret) { r_in_c_cnt++; } } } else { - for (i = 0; i < utarray_len(rule_state->this_scan_hit_not_clauses); i++) { - new_hit_clause_id = - *(long long*)utarray_eltptr(rule_state->this_scan_hit_not_clauses, i); - ret = maat_rule_has_clause(rule, new_hit_clause_id); + for (i = 0; i < utarray_len(rule_state->this_scan_hit_not_conditions); i++) { + new_hit_condition_id = + *(long long*)utarray_eltptr(rule_state->this_scan_hit_not_conditions, i); + ret = maat_rule_has_condition(rule, new_hit_condition_id); if (ret) { r_in_c_cnt++; } @@ -1184,30 +1184,30 @@ maat_rule_bool_matcher_match(struct rule_runtime *rule_rt, } if (NULL == rule_rt->bm || - 0 == utarray_len(rule_state->all_hit_clauses) || + 0 == utarray_len(rule_state->all_hit_conditions) || rule_state->rule_rt_version != rule_rt->version) { return 0; } //TODO:mytest need to delete #if 0 - unsigned long long *p = utarray_eltptr(rule_state->all_hit_clauses, 0); - for (p = (unsigned long long *)utarray_front(rule_state->all_hit_clauses); p != NULL; - p = (unsigned long long *)utarray_next(rule_state->all_hit_clauses, p)) { - printf("before bool_matcher_match rule_rt:%p rule_state clause_id:%llu\n", rule_rt, *p); + unsigned long long *p = utarray_eltptr(rule_state->all_hit_conditions, 0); + for (p = (unsigned long long *)utarray_front(rule_state->all_hit_conditions); p != NULL; + p = (unsigned long long *)utarray_next(rule_state->all_hit_conditions, p)) { + printf("before bool_matcher_match rule_rt:%p rule_state condition_id:%llu\n", rule_rt, *p); } #endif int bool_match_ret = bool_matcher_match(rule_rt->bm, - (unsigned long long *)utarray_eltptr(rule_state->all_hit_clauses, 0), - utarray_len(rule_state->all_hit_clauses), + (unsigned long long *)utarray_eltptr(rule_state->all_hit_conditions, 0), + utarray_len(rule_state->all_hit_conditions), expr_match, MAX_HIT_RULE_NUM); for (int i = 0; i < bool_match_ret && ud_result_cnt < ud_array_size; i++) { rule = (struct maat_rule *)expr_match[i].user_tag; assert(rule->magic_num == MAAT_RULE_MAGIC); assert((unsigned long long)rule->rule_id == expr_match[i].expr_id); - if (0 == rule->actual_clause_num) { + if (0 == rule->actual_condition_num) { continue; } @@ -1230,7 +1230,7 @@ static struct rule_item *rule_item_clone(struct rule_item *item) struct rule_item *new_item = ALLOC(struct rule_item, 1); new_item->rule_id = item->rule_id; - new_item->declared_clause_num = item->declared_clause_num; + new_item->declared_condition_num = item->declared_condition_num; new_item->table_line_len = item->table_line_len; new_item->table_line = ALLOC(char, new_item->table_line_len + 1); memcpy(new_item->table_line, item->table_line, new_item->table_line_len); @@ -1245,23 +1245,23 @@ maat_rule_clone(struct maat_rule *rule, int deep_copy) new_rule->magic_num = rule->magic_num; new_rule->rule_id = rule->rule_id; - new_rule->actual_clause_num = rule->actual_clause_num; - new_rule->declared_clause_num = rule->declared_clause_num; + new_rule->actual_condition_num = rule->actual_condition_num; + new_rule->declared_condition_num = rule->declared_condition_num; if (1 == deep_copy && rule->user_data != NULL) { new_rule->user_data = rule_item_clone((struct rule_item *)rule->user_data); } - struct clause_literal *tmp_literal = NULL; + struct condition_literal *tmp_literal = NULL; for (size_t i = 0; i < MAX_ITEMS_PER_BOOL_EXPR; i++) { - new_rule->clauses[i].clause_id = rule->clauses[i].clause_id; - new_rule->clauses[i].in_use = rule->clauses[i].in_use; - new_rule->clauses[i].not_flag = rule->clauses[i].not_flag; - utarray_new(new_rule->clauses[i].literals, &ut_clause_literal_icd); - for (size_t j = 0; j < utarray_len(rule->clauses[i].literals); j++) { + new_rule->conditions[i].condition_id = rule->conditions[i].condition_id; + new_rule->conditions[i].in_use = rule->conditions[i].in_use; + new_rule->conditions[i].not_flag = rule->conditions[i].not_flag; + utarray_new(new_rule->conditions[i].literals, &ut_condition_literal_icd); + for (size_t j = 0; j < utarray_len(rule->conditions[i].literals); j++) { tmp_literal = - (struct clause_literal *)utarray_eltptr(rule->clauses[i].literals, j); - utarray_push_back(new_rule->clauses[i].literals, tmp_literal); + (struct condition_literal *)utarray_eltptr(rule->conditions[i].literals, j); + utarray_push_back(new_rule->conditions[i].literals, tmp_literal); } } @@ -1280,23 +1280,23 @@ static int maat_add_group_to_rule(struct rcu_hash_table *hash_tbl, if (1 == updating_flag) { rule = rcu_updating_hash_find(hash_tbl, (char *)&rule_id, sizeof(long long)); if (rule != NULL) { - ret = maat_rule_clause_find_literal(rule, g2c_item); + ret = maat_rule_condition_find_literal(rule, g2c_item); if (ret > 0) { log_fatal(logger, MODULE_RULE, - "[%s:%d]rule:%lld clause(index:%d) already has attribute_id:%d's " + "[%s:%d]rule:%lld condition(index:%d) already has attribute_id:%d's " "literal, can't add again", __FUNCTION__, __LINE__, rule->rule_id, - g2c_item->clause_index, g2c_item->attribute_id); + g2c_item->condition_index, g2c_item->attribute_id); return -1; } /* rule found in updating hash(added by rule runtime), it can * be modified directly */ - maat_rule_clause_add_literal(rule, g2c_item); + maat_rule_condition_add_literal(rule, g2c_item); } else { /* rule neither in effective hash nor in updating hash, so new one */ rule = maat_rule_new(rule_id); assert(rule != NULL); - maat_rule_clause_add_literal(rule, g2c_item); + maat_rule_condition_add_literal(rule, g2c_item); rcu_hash_add(hash_tbl, (char *)&rule_id, sizeof(long long), rule); } } else { @@ -1311,12 +1311,12 @@ static int maat_add_group_to_rule(struct rcu_hash_table *hash_tbl, can only be deleted but not modified before delete it, we need to make a copy for further use *********************************************************************/ - ret = maat_rule_clause_find_literal(rule, g2c_item); + ret = maat_rule_condition_find_literal(rule, g2c_item); if (ret > 0) { log_fatal(logger, MODULE_RULE, - "[%s:%d]rule:%lld clause(index:%d) already has attribute_id:%d's " + "[%s:%d]rule:%lld condition(index:%d) already has attribute_id:%d's " "literal, can't add again", __FUNCTION__, __LINE__, rule->rule_id, - g2c_item->clause_index, g2c_item->attribute_id); + g2c_item->condition_index, g2c_item->attribute_id); return -1; } @@ -1326,13 +1326,13 @@ static int maat_add_group_to_rule(struct rcu_hash_table *hash_tbl, /* delete rule from rcu hash */ rcu_hash_del(hash_tbl, (char *)&rule_id, sizeof(long long)); - maat_rule_clause_add_literal(copy_rule, g2c_item); + maat_rule_condition_add_literal(copy_rule, g2c_item); rcu_hash_add(hash_tbl, (char *)&rule_id, sizeof(long long), copy_rule); } else { rule = maat_rule_new(rule_id); assert(rule != NULL); - maat_rule_clause_add_literal(rule, g2c_item); + maat_rule_condition_add_literal(rule, g2c_item); rcu_hash_add(hash_tbl, (char *)&rule_id, sizeof(long long), rule); } } @@ -1354,23 +1354,23 @@ static int maat_remove_group_from_rule(struct rcu_hash_table *hash_tbl, sizeof(long long)); if (NULL == rule) { log_fatal(logger, MODULE_RULE, - "[%s:%d] Remove clause(index:%d) from rule %lld failed," + "[%s:%d] Remove condition(index:%d) from rule %lld failed," "rule not existed.", __FUNCTION__, __LINE__, - g2c_item->clause_index, rule_id); + g2c_item->condition_index, rule_id); return -1; } else { - ret = maat_rule_clause_find_literal(rule, g2c_item); + ret = maat_rule_condition_find_literal(rule, g2c_item); if (0 == ret) { log_fatal(logger, MODULE_RULE, - "[%s:%d]rule:%lld clause(index:%d) has no attribute_id:%d's " + "[%s:%d]rule:%lld condition(index:%d) has no attribute_id:%d's " "literal, can't be removed", __FUNCTION__, __LINE__, - rule->rule_id, g2c_item->clause_index, g2c_item->attribute_id); + rule->rule_id, g2c_item->condition_index, g2c_item->attribute_id); return -1; } /* rule found in updating hash, it can be modified directly */ - maat_rule_clause_remove_literal(rule, g2c_item); - if (0 == rule->actual_clause_num && NULL == rule->user_data) { + maat_rule_condition_remove_literal(rule, g2c_item); + if (0 == rule->actual_condition_num && NULL == rule->user_data) { rcu_hash_del(hash_tbl, (char *)&rule_id, sizeof(long long)); } } @@ -1378,12 +1378,12 @@ static int maat_remove_group_from_rule(struct rcu_hash_table *hash_tbl, //find in effetive hash rule = rcu_hash_find(hash_tbl, (char *)&rule_id, sizeof(long long)); if (rule != NULL) { - ret = maat_rule_clause_find_literal(rule, g2c_item); + ret = maat_rule_condition_find_literal(rule, g2c_item); if (0 == ret) { log_fatal(logger, MODULE_RULE, - "[%s:%d]rule:%lld clause(index:%d) has no attribute_id:%d's " + "[%s:%d]rule:%lld condition(index:%d) has no attribute_id:%d's " "literal, can't be removed", __FUNCTION__, __LINE__, - rule->rule_id, g2c_item->clause_index, g2c_item->attribute_id); + rule->rule_id, g2c_item->condition_index, g2c_item->attribute_id); return -1; } @@ -1401,18 +1401,18 @@ static int maat_remove_group_from_rule(struct rcu_hash_table *hash_tbl, /* delete rule from rcu hash */ rcu_hash_del(hash_tbl, (char *)&rule_id, sizeof(long long)); - maat_rule_clause_remove_literal(copy_rule, g2c_item); + maat_rule_condition_remove_literal(copy_rule, g2c_item); - if (0 == copy_rule->actual_clause_num && NULL == copy_rule->user_data) { + if (0 == copy_rule->actual_condition_num && NULL == copy_rule->user_data) { maat_rule_free(copy_rule); } else { rcu_hash_add(hash_tbl, (char *)&rule_id, sizeof(long long), copy_rule); } } else { log_fatal(logger, MODULE_RULE, - "[%s:%d] Remove clause(index:%d) from rule_id %lld failed," + "[%s:%d] Remove condition(index:%d) from rule_id %lld failed," "rule is not existed.", __FUNCTION__, __LINE__, - g2c_item->clause_index, rule_id); + g2c_item->condition_index, rule_id); return -1; } } @@ -1425,10 +1425,10 @@ struct rule_state *rule_state_new(void) struct rule_state *rule_state = ALLOC(struct rule_state, 1); utarray_new(rule_state->internal_hit_paths, &ut_hit_path_icd); - utarray_new(rule_state->all_hit_clauses, &ut_clause_id_icd); - utarray_new(rule_state->this_scan_hit_clauses, &ut_clause_id_icd); - utarray_new(rule_state->this_scan_hit_not_clauses, &ut_clause_id_icd); - utarray_new(rule_state->exclude_not_clauses, &ut_clause_id_icd); + utarray_new(rule_state->all_hit_conditions, &ut_condition_id_icd); + utarray_new(rule_state->this_scan_hit_conditions, &ut_condition_id_icd); + utarray_new(rule_state->this_scan_hit_not_conditions, &ut_condition_id_icd); + utarray_new(rule_state->exclude_not_conditions, &ut_condition_id_icd); utarray_new(rule_state->direct_hit_groups, &ut_maat_hit_group_icd); utarray_new(rule_state->indirect_hit_groups, &ut_maat_hit_group_icd); utarray_new(rule_state->last_hit_groups, &ut_maat_hit_group_icd); @@ -1472,10 +1472,10 @@ void rule_state_reset(struct rule_state *rule_state) rule_state->rule_rt_version = 0; utarray_clear(rule_state->internal_hit_paths); - utarray_clear(rule_state->all_hit_clauses); - utarray_clear(rule_state->this_scan_hit_clauses); - utarray_clear(rule_state->this_scan_hit_not_clauses); - utarray_clear(rule_state->exclude_not_clauses); + utarray_clear(rule_state->all_hit_conditions); + utarray_clear(rule_state->this_scan_hit_conditions); + utarray_clear(rule_state->this_scan_hit_not_conditions); + utarray_clear(rule_state->exclude_not_conditions); utarray_clear(rule_state->direct_hit_groups); utarray_clear(rule_state->indirect_hit_groups); utarray_clear(rule_state->last_hit_groups); @@ -1502,32 +1502,32 @@ void rule_state_free(struct rule_state *rule_state, rule_state->internal_hit_paths = NULL; } - if (rule_state->all_hit_clauses != NULL) { - free_bytes += utarray_size(rule_state->all_hit_clauses) * + if (rule_state->all_hit_conditions != NULL) { + free_bytes += utarray_size(rule_state->all_hit_conditions) * sizeof(long long); - utarray_free(rule_state->all_hit_clauses); - rule_state->all_hit_clauses = NULL; + utarray_free(rule_state->all_hit_conditions); + rule_state->all_hit_conditions = NULL; } - if (rule_state->this_scan_hit_clauses != NULL) { - free_bytes += utarray_size(rule_state->this_scan_hit_clauses) * + if (rule_state->this_scan_hit_conditions != NULL) { + free_bytes += utarray_size(rule_state->this_scan_hit_conditions) * sizeof(long long); - utarray_free(rule_state->this_scan_hit_clauses); - rule_state->this_scan_hit_clauses = NULL; + utarray_free(rule_state->this_scan_hit_conditions); + rule_state->this_scan_hit_conditions = NULL; } - if (rule_state->this_scan_hit_not_clauses != NULL) { - free_bytes += utarray_size(rule_state->this_scan_hit_not_clauses) * + if (rule_state->this_scan_hit_not_conditions != NULL) { + free_bytes += utarray_size(rule_state->this_scan_hit_not_conditions) * sizeof(long long); - utarray_free(rule_state->this_scan_hit_not_clauses); - rule_state->this_scan_hit_not_clauses = NULL; + utarray_free(rule_state->this_scan_hit_not_conditions); + rule_state->this_scan_hit_not_conditions = NULL; } - if (rule_state->exclude_not_clauses != NULL) { - free_bytes += utarray_size(rule_state->exclude_not_clauses) * + if (rule_state->exclude_not_conditions != NULL) { + free_bytes += utarray_size(rule_state->exclude_not_conditions) * sizeof(long long); - utarray_free(rule_state->exclude_not_clauses); - rule_state->exclude_not_clauses = NULL; + utarray_free(rule_state->exclude_not_conditions); + rule_state->exclude_not_conditions = NULL; } if (rule_state->direct_hit_groups != NULL) { @@ -1586,23 +1586,23 @@ rule_state_add_internal_hit_path(struct rule_state *rule_state, utarray_push_back(rule_state->internal_hit_paths, &new_path); } -static int maat_rule_has_clause_query_key(struct maat_rule *rule, - struct clause_query_key *key) +static int maat_rule_has_condition_query_key(struct maat_rule *rule, + struct condition_query_key *key) { for (int i = 0; i < MAX_ITEMS_PER_BOOL_EXPR; i++) { - struct rule_clause *clause = rule->clauses+i; - if(!clause->in_use) { + struct rule_condition *condition = rule->conditions+i; + if(!condition->in_use) { continue; } - struct clause_literal *tmp_cl = NULL; - for (size_t j = 0; j < utarray_len(clause->literals); j++) { - tmp_cl = (struct clause_literal *)utarray_eltptr(clause->literals, j); + struct condition_literal *tmp_cl = NULL; + for (size_t j = 0; j < utarray_len(condition->literals); j++) { + tmp_cl = (struct condition_literal *)utarray_eltptr(condition->literals, j); if (tmp_cl->attribute_id != key->attribute_id) { continue; } - if (clause->not_flag != key->not_flag) { + if (condition->not_flag != key->not_flag) { continue; } @@ -1619,22 +1619,22 @@ static int maat_rule_has_clause_query_key(struct maat_rule *rule, } static size_t -maat_rule_get_hit_clause_index(struct maat_rule *rule, +maat_rule_get_hit_condition_index(struct maat_rule *rule, int attribute_id, long long hit_group_id, - int *clause_idx_array, size_t array_size) + int *condition_idx_array, size_t array_size) { - size_t hit_clause_cnt = 0; - struct rule_clause *tmp_clause = NULL; + size_t hit_condition_cnt = 0; + struct rule_condition *tmp_condition = NULL; for (int i = 0; i < MAX_ITEMS_PER_BOOL_EXPR; i++) { - tmp_clause = &rule->clauses[i]; - if (!tmp_clause->in_use) { + tmp_condition = &rule->conditions[i]; + if (!tmp_condition->in_use) { continue; } - struct clause_literal *tmp_cl = NULL; - for (size_t j = 0; j < utarray_len(tmp_clause->literals); j++) { - tmp_cl = (struct clause_literal *)utarray_eltptr(tmp_clause->literals, j); + struct condition_literal *tmp_cl = NULL; + for (size_t j = 0; j < utarray_len(tmp_condition->literals); j++) { + tmp_cl = (struct condition_literal *)utarray_eltptr(tmp_condition->literals, j); if (tmp_cl->attribute_id != attribute_id) { continue; } @@ -1643,13 +1643,13 @@ maat_rule_get_hit_clause_index(struct maat_rule *rule, tmp_cl->group_cnt, sizeof(long long), compare_group_id); if (tmp_group_id != NULL) { - clause_idx_array[hit_clause_cnt++] = i; + condition_idx_array[hit_condition_cnt++] = i; break; } } } - return hit_clause_cnt; + return hit_condition_cnt; } static int @@ -1672,9 +1672,9 @@ void populate_hit_path_with_rule(struct maat_hit_path *hit_path_array, { size_t i = 0; size_t idx = array_idx; - size_t n_clause_index = 0; + size_t n_condition_index = 0; size_t new_hit_path_cnt = *n_new_hit_path; - int clause_index_array[MAX_ITEMS_PER_BOOL_EXPR] = {0}; + int condition_index_array[MAX_ITEMS_PER_BOOL_EXPR] = {0}; if (hit_path_array[idx].top_group_id < 0) { hit_path_array[idx].top_group_id = hit_path_array[idx].sub_group_id; @@ -1683,36 +1683,36 @@ void populate_hit_path_with_rule(struct maat_hit_path *hit_path_array, struct maat_hit_path tmp_path; if (hit_path_array[idx].rule_id < 0) { hit_path_array[idx].rule_id = rule->rule_id; - // find out which clause in rule hit - n_clause_index = - maat_rule_get_hit_clause_index(rule, hit_path_array[idx].attribute_id, + // find out which condition in rule hit + n_condition_index = + maat_rule_get_hit_condition_index(rule, hit_path_array[idx].attribute_id, hit_path_array[idx].top_group_id, - clause_index_array, + condition_index_array, MAX_ITEMS_PER_BOOL_EXPR); - hit_path_array[idx].clause_index = clause_index_array[0]; - if (n_clause_index > 1) { - for (i = 1; i < n_clause_index; i++) { + hit_path_array[idx].condition_index = condition_index_array[0]; + if (n_condition_index > 1) { + for (i = 1; i < n_condition_index; i++) { tmp_path = hit_path_array[idx]; - tmp_path.clause_index = clause_index_array[i]; + tmp_path.condition_index = condition_index_array[i]; hit_path_array[n_hit_path + new_hit_path_cnt] = tmp_path; new_hit_path_cnt++; } } } else { - // means same clause_query_id hit more than one rule_id + // means same condition_query_id hit more than one rule_id tmp_path = hit_path_array[idx]; tmp_path.rule_id = rule->rule_id; if (!maat_rule_is_hit_path_existed(hit_path_array, n_hit_path + new_hit_path_cnt, &tmp_path)) { hit_path_array[n_hit_path + new_hit_path_cnt] = tmp_path; new_hit_path_cnt++; - n_clause_index = - maat_rule_get_hit_clause_index(rule, tmp_path.attribute_id, tmp_path.top_group_id, - clause_index_array, MAX_ITEMS_PER_BOOL_EXPR); - hit_path_array[n_hit_path + new_hit_path_cnt - 1].clause_index = clause_index_array[0]; - if (n_clause_index > 1) { - for (i = 1; i < n_clause_index; i++) { + n_condition_index = + maat_rule_get_hit_condition_index(rule, tmp_path.attribute_id, tmp_path.top_group_id, + condition_index_array, MAX_ITEMS_PER_BOOL_EXPR); + hit_path_array[n_hit_path + new_hit_path_cnt - 1].condition_index = condition_index_array[0]; + if (n_condition_index > 1) { + for (i = 1; i < n_condition_index; i++) { tmp_path = hit_path_array[n_hit_path + new_hit_path_cnt - 1]; - tmp_path.clause_index = clause_index_array[i]; + tmp_path.condition_index = condition_index_array[i]; hit_path_array[n_hit_path + new_hit_path_cnt] = tmp_path; new_hit_path_cnt++; } @@ -1731,7 +1731,7 @@ size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id, /* assign hit_path_array[].rule_id */ size_t n_new_hit_path = 0; struct maat_rule *rule = NULL; - struct clause_query_key key = {0, 0, 0}; + struct condition_query_key key = {0, 0, 0}; struct bool_expr_match *expr_match = rule_rt->expr_match_buff + (thread_id * MAX_HIT_RULE_NUM); assert(thread_id >= 0); @@ -1742,14 +1742,14 @@ size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id, int bool_match_ret = bool_matcher_match(rule_rt->bm, - (unsigned long long *)utarray_eltptr(rule_state->all_hit_clauses, 0), - utarray_len(rule_state->all_hit_clauses), expr_match, MAX_HIT_RULE_NUM); + (unsigned long long *)utarray_eltptr(rule_state->all_hit_conditions, 0), + utarray_len(rule_state->all_hit_conditions), expr_match, MAX_HIT_RULE_NUM); for (int idx = 0; idx < bool_match_ret; idx++) { rule = (struct maat_rule *)expr_match[idx].user_tag; assert(rule->magic_num == MAAT_RULE_MAGIC); assert((unsigned long long)rule->rule_id == expr_match[idx].expr_id); - if (0 == rule->actual_clause_num || NULL == rule->user_data) { + if (0 == rule->actual_condition_num || NULL == rule->user_data) { continue; } @@ -1762,7 +1762,7 @@ size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id, key.attribute_id = hit_path_array[j].attribute_id; key.not_flag = hit_path_array[j].NOT_flag; - if (maat_rule_has_clause_query_key(rule, &key)) { + if (maat_rule_has_condition_query_key(rule, &key)) { populate_hit_path_with_rule(hit_path_array, j, n_hit_path, &n_new_hit_path, rule); } @@ -1809,83 +1809,83 @@ rule_state_add_indirect_hit_groups(struct rule_state *rule_state, } static void -rule_state_add_hit_clauses(struct rule_state *rule_state, - UT_array *clause_id_array) +rule_state_add_hit_conditions(struct rule_state *rule_state, + UT_array *condition_id_array) { size_t i = 0; - long long *clause_id = NULL; - size_t new_clause_idx = utarray_len(rule_state->this_scan_hit_clauses); + long long *condition_id = NULL; + size_t new_condition_idx = utarray_len(rule_state->this_scan_hit_conditions); - for (i = 0; i < utarray_len(clause_id_array); i++) { - clause_id = (long long *)utarray_eltptr(clause_id_array, i); - if (utarray_find(rule_state->all_hit_clauses, clause_id, compare_clause_id)) { + for (i = 0; i < utarray_len(condition_id_array); i++) { + condition_id = (long long *)utarray_eltptr(condition_id_array, i); + if (utarray_find(rule_state->all_hit_conditions, condition_id, compare_condition_id)) { continue; } - utarray_push_back(rule_state->this_scan_hit_clauses, clause_id); + utarray_push_back(rule_state->this_scan_hit_conditions, condition_id); } - if ((utarray_len(rule_state->this_scan_hit_clauses) - new_clause_idx) > 0) { - utarray_reserve(rule_state->all_hit_clauses, - utarray_len(rule_state->this_scan_hit_clauses) - new_clause_idx); + if ((utarray_len(rule_state->this_scan_hit_conditions) - new_condition_idx) > 0) { + utarray_reserve(rule_state->all_hit_conditions, + utarray_len(rule_state->this_scan_hit_conditions) - new_condition_idx); - for (i = new_clause_idx; i < utarray_len(rule_state->this_scan_hit_clauses); i++) { - clause_id = (long long *)utarray_eltptr(rule_state->this_scan_hit_clauses, i); - utarray_push_back(rule_state->all_hit_clauses, clause_id); + for (i = new_condition_idx; i < utarray_len(rule_state->this_scan_hit_conditions); i++) { + condition_id = (long long *)utarray_eltptr(rule_state->this_scan_hit_conditions, i); + utarray_push_back(rule_state->all_hit_conditions, condition_id); } - utarray_sort(rule_state->all_hit_clauses, compare_clause_id); + utarray_sort(rule_state->all_hit_conditions, compare_condition_id); } } static void -rule_state_add_exclude_not_clauses(struct rule_state *rule_state, - UT_array *clause_id_array) +rule_state_add_exclude_not_conditions(struct rule_state *rule_state, + UT_array *condition_id_array) { - for (size_t i = 0; i < utarray_len(clause_id_array); i++) { - long long *clause_id = (long long *)utarray_eltptr(clause_id_array, i); - if (utarray_find(rule_state->exclude_not_clauses, clause_id, - compare_clause_id)) { + for (size_t i = 0; i < utarray_len(condition_id_array); i++) { + long long *condition_id = (long long *)utarray_eltptr(condition_id_array, i); + if (utarray_find(rule_state->exclude_not_conditions, condition_id, + compare_condition_id)) { continue; } - utarray_push_back(rule_state->exclude_not_clauses, clause_id); + utarray_push_back(rule_state->exclude_not_conditions, condition_id); } - utarray_sort(rule_state->exclude_not_clauses, compare_clause_id); + utarray_sort(rule_state->exclude_not_conditions, compare_condition_id); } static void -rule_state_add_hit_not_clauses(struct rule_state *rule_state, - UT_array *clause_id_array) +rule_state_add_hit_not_conditions(struct rule_state *rule_state, + UT_array *condition_id_array) { size_t i = 0; - long long *clause_id = NULL; - size_t new_clause_idx = utarray_len(rule_state->this_scan_hit_not_clauses); + long long *condition_id = NULL; + size_t new_condition_idx = utarray_len(rule_state->this_scan_hit_not_conditions); - for (i = 0; i < utarray_len(clause_id_array); i++) { - clause_id = (long long *)utarray_eltptr(clause_id_array, i); - if (utarray_find(rule_state->all_hit_clauses, clause_id, compare_clause_id)) { + for (i = 0; i < utarray_len(condition_id_array); i++) { + condition_id = (long long *)utarray_eltptr(condition_id_array, i); + if (utarray_find(rule_state->all_hit_conditions, condition_id, compare_condition_id)) { continue; } - if (utarray_find(rule_state->exclude_not_clauses, clause_id, compare_clause_id)) { + if (utarray_find(rule_state->exclude_not_conditions, condition_id, compare_condition_id)) { continue; } - utarray_push_back(rule_state->this_scan_hit_not_clauses, clause_id); + utarray_push_back(rule_state->this_scan_hit_not_conditions, condition_id); } - if ((utarray_len(rule_state->this_scan_hit_not_clauses) - new_clause_idx) > 0) { - utarray_reserve(rule_state->all_hit_clauses, - utarray_len(rule_state->this_scan_hit_not_clauses) - new_clause_idx); + if ((utarray_len(rule_state->this_scan_hit_not_conditions) - new_condition_idx) > 0) { + utarray_reserve(rule_state->all_hit_conditions, + utarray_len(rule_state->this_scan_hit_not_conditions) - new_condition_idx); - for (i = new_clause_idx; i < utarray_len(rule_state->this_scan_hit_not_clauses); i++) { - clause_id = (long long *)utarray_eltptr(rule_state->this_scan_hit_not_clauses, i); - utarray_push_back(rule_state->all_hit_clauses, clause_id); + for (i = new_condition_idx; i < utarray_len(rule_state->this_scan_hit_not_conditions); i++) { + condition_id = (long long *)utarray_eltptr(rule_state->this_scan_hit_not_conditions, i); + utarray_push_back(rule_state->all_hit_conditions, condition_id); } - utarray_sort(rule_state->all_hit_clauses, compare_clause_id); + utarray_sort(rule_state->all_hit_conditions, compare_condition_id); } } static void -rule_state_update_hit_clauses(struct rule_state *rule_state, +rule_state_update_hit_conditions(struct rule_state *rule_state, struct rule_runtime *rule_rt, long long group_id, int attribute_id) { @@ -1893,18 +1893,18 @@ rule_state_update_hit_clauses(struct rule_state *rule_state, return; } - struct clause_query_key key = {group_id, attribute_id, 0}; - struct clause_id_kv *clause_id_kv = NULL; + struct condition_query_key key = {group_id, attribute_id, 0}; + struct condition_id_kv *condition_id_kv = NULL; - HASH_FIND(hh, rule_rt->clause_id_kv_hash, &key, sizeof(key), clause_id_kv); - if (clause_id_kv != NULL) { - rule_state_add_hit_clauses(rule_state, clause_id_kv->clause_ids); + HASH_FIND(hh, rule_rt->condition_id_kv_hash, &key, sizeof(key), condition_id_kv); + if (condition_id_kv != NULL) { + rule_state_add_hit_conditions(rule_state, condition_id_kv->condition_ids); } key.not_flag = 1; - HASH_FIND(hh, rule_rt->not_clause_id_kv_hash, &key, sizeof(key), clause_id_kv); - if (clause_id_kv != NULL) { - rule_state_add_exclude_not_clauses(rule_state, clause_id_kv->clause_ids); + HASH_FIND(hh, rule_rt->not_condition_id_kv_hash, &key, sizeof(key), condition_id_kv); + if (condition_id_kv != NULL) { + rule_state_add_exclude_not_conditions(rule_state, condition_id_kv->condition_ids); } } @@ -1937,14 +1937,14 @@ rule_state_cache_hit_not_groups(struct rule_state *rule_state, } } - struct clause_id_kv *clause_id_kv = NULL, *tmp_clause_id_kv = NULL; - HASH_ITER(hh, rule_rt->not_clause_id_kv_hash, clause_id_kv, tmp_clause_id_kv) { - if (clause_id_kv->key.attribute_id != attribute_id) { + struct condition_id_kv *condition_id_kv = NULL, *tmp_condition_id_kv = NULL; + HASH_ITER(hh, rule_rt->not_condition_id_kv_hash, condition_id_kv, tmp_condition_id_kv) { + if (condition_id_kv->key.attribute_id != attribute_id) { continue; } long long *tmp_group_id = - bsearch(&(clause_id_kv->key.group_id), hit_group_ids, + bsearch(&(condition_id_kv->key.group_id), hit_group_ids, n_hit_group_id, sizeof(long long), compare_group_id); if (tmp_group_id != NULL) { continue; @@ -1957,9 +1957,9 @@ rule_state_cache_hit_not_groups(struct rule_state *rule_state, HASH_ADD_INT(rule_state->hit_not_tbl_groups, attribute_id, tbl_group); } - if (!utarray_find(tbl_group->group_ids, &(clause_id_kv->key.group_id), + if (!utarray_find(tbl_group->group_ids, &(condition_id_kv->key.group_id), compare_group_id)) { - utarray_push_back(tbl_group->group_ids, &(clause_id_kv->key.group_id)); + utarray_push_back(tbl_group->group_ids, &(condition_id_kv->key.group_id)); } } @@ -2017,12 +2017,12 @@ rule_runtime_add_rule(struct rule_runtime *rule_rt, ******************************************************************/ /* rule has group2rule_table info, so set rule_table info */ - maat_rule_set(rule, table_id, rule_item->declared_clause_num, rule_item); + maat_rule_set(rule, table_id, rule_item->declared_condition_num, rule_item); } else { // rule neither in effective hash nor in updating hash rule = maat_rule_new(rule_item->rule_id); assert(rule != NULL); - maat_rule_set(rule, table_id, rule_item->declared_clause_num, rule_item); + maat_rule_set(rule, table_id, rule_item->declared_condition_num, rule_item); rcu_hash_add(rule_rt->cfg_hash, (char *)&rule_id, sizeof(long long), rule); } } else { @@ -2044,13 +2044,13 @@ rule_runtime_add_rule(struct rule_runtime *rule_rt, rcu_hash_del(rule_rt->cfg_hash, (char *)&rule_id, sizeof(long long)); /* copy_rule has group2rule_table info, so set rule_table info */ - maat_rule_set(copy_rule, table_id, rule_item->declared_clause_num, rule_item); + maat_rule_set(copy_rule, table_id, rule_item->declared_condition_num, rule_item); /* add copy_rule to rcu hash */ rcu_hash_add(rule_rt->cfg_hash, (char *)&rule_id, sizeof(long long), copy_rule); } else { rule = maat_rule_new(rule_item->rule_id); assert(rule != NULL); - maat_rule_set(rule, table_id, rule_item->declared_clause_num, rule_item); + maat_rule_set(rule, table_id, rule_item->declared_condition_num, rule_item); rcu_hash_add(rule_rt->cfg_hash, (char *)&rule_id, sizeof(long long), rule); } } @@ -2093,7 +2093,7 @@ static void rule_runtime_del_rule(struct rule_runtime *rule_rt, rule->user_data = NULL; } - if (0 == rule->actual_clause_num) { + if (0 == rule->actual_condition_num) { rcu_hash_del(rule_rt->cfg_hash, (char *)&rule_id, sizeof(long long)); } } @@ -2116,7 +2116,7 @@ static void rule_runtime_del_rule(struct rule_runtime *rule_rt, /* delete rule from rcu hash */ rcu_hash_del(rule_rt->cfg_hash, (char *)&rule_id, sizeof(long long)); - if (0 == copy_rule->actual_clause_num) { + if (0 == copy_rule->actual_condition_num) { maat_rule_free(copy_rule); } else { rcu_hash_add(rule_rt->cfg_hash, (char *)&rule_id, @@ -2171,36 +2171,36 @@ int rule_runtime_update(void *rule_runtime, void *rule_schema, return 0; } -static int validate_table_not_clause(struct group2rule_runtime *g2c_rt, +static int validate_table_not_condition(struct group2rule_runtime *g2c_rt, struct table_manager *tbl_mgr, int table_id, int is_valid, struct log_handle *logger) { - struct table_clause *not_clause = NULL; - HASH_FIND_INT(g2c_rt->tbl_not_clause_hash, &table_id, not_clause); + struct table_condition *not_condition = NULL; + HASH_FIND_INT(g2c_rt->tbl_not_condition_hash, &table_id, not_condition); if (0 == is_valid) { //delete - if (NULL == not_clause || 0 == not_clause->actual_clause_num) { + if (NULL == not_condition || 0 == not_condition->actual_condition_num) { return 0; } else { - not_clause->actual_clause_num--; + not_condition->actual_condition_num--; } } else { //add - if (NULL == not_clause) { - not_clause = ALLOC(struct table_clause, 1); - not_clause->attribute_id = table_id; - not_clause->actual_clause_num++; - HASH_ADD_INT(g2c_rt->tbl_not_clause_hash, attribute_id, not_clause); + if (NULL == not_condition) { + not_condition = ALLOC(struct table_condition, 1); + not_condition->attribute_id = table_id; + not_condition->actual_condition_num++; + HASH_ADD_INT(g2c_rt->tbl_not_condition_hash, attribute_id, not_condition); } else { - if (not_clause->actual_clause_num >= MAX_NOT_CLAUSE_NUM) { + if (not_condition->actual_condition_num >= MAX_NOT_CONDITION_NUM) { const char *table_name = table_manager_get_table_name(tbl_mgr, table_id); log_fatal(logger, MODULE_RULE, - "[%s:%d]table:<%s> NOT clause num exceed maximum:%d", - __FUNCTION__, __LINE__, table_name, MAX_NOT_CLAUSE_NUM); + "[%s:%d]table:<%s> NOT condition num exceed maximum:%d", + __FUNCTION__, __LINE__, table_name, MAX_NOT_CONDITION_NUM); return -1; } - not_clause->actual_clause_num++; + not_condition->actual_condition_num++; } } @@ -2238,12 +2238,12 @@ int group2rule_runtime_update(void *g2c_runtime, void *g2c_schema, } if (1 == g2c_item->not_flag) { - ret = validate_table_not_clause(g2c_rt, schema->ref_tbl_mgr, + ret = validate_table_not_condition(g2c_rt, schema->ref_tbl_mgr, g2c_item->attribute_id, is_valid, rule_rt->logger); if (ret < 0) { log_fatal(rule_rt->logger, MODULE_RULE, - "[%s:%d]validate NOT clause failed, abandon config:%s", + "[%s:%d]validate NOT condition failed, abandon config:%s", __FUNCTION__, __LINE__, line); goto next; } @@ -2255,7 +2255,7 @@ int group2rule_runtime_update(void *g2c_runtime, void *g2c_schema, rule_rt->logger); if (0 == ret) { if (g2c_item->not_flag) { - g2c_rt->not_clause_cnt--; + g2c_rt->not_condition_cnt--; } g2c_rt->rule_num--; } else { @@ -2267,7 +2267,7 @@ int group2rule_runtime_update(void *g2c_runtime, void *g2c_schema, rule_rt->logger); if (0 == ret) { if (g2c_item->not_flag) { - g2c_rt->not_clause_cnt++; + g2c_rt->not_condition_cnt++; } g2c_rt->rule_num++; } else { @@ -2280,7 +2280,7 @@ next: return ret; } -long long group2rule_runtime_not_clause_count(void *g2c_runtime) +long long group2rule_runtime_not_condition_count(void *g2c_runtime) { if (NULL == g2c_runtime) { return 0; @@ -2289,7 +2289,7 @@ long long group2rule_runtime_not_clause_count(void *g2c_runtime) struct group2rule_runtime *g2c_rt = (struct group2rule_runtime *)g2c_runtime; - return g2c_rt->not_clause_cnt; + return g2c_rt->not_condition_cnt; } long long group2rule_runtime_rule_count(void *g2c_runtime) @@ -2355,16 +2355,16 @@ int rule_runtime_commit(void *rule_runtime, const char *table_name, maat_rt_version, time_elapse_ms); } - struct clause_id_kv *old_clause_id_kv_hash = NULL; - struct clause_id_kv *new_clause_id_kv_hash = NULL; - struct clause_id_kv *old_not_clause_id_kv_hash = NULL; - struct clause_id_kv *new_not_clause_id_kv_hash = NULL; + struct condition_id_kv *old_condition_id_kv_hash = NULL; + struct condition_id_kv *new_condition_id_kv_hash = NULL; + struct condition_id_kv *old_not_condition_id_kv_hash = NULL; + struct condition_id_kv *new_not_condition_id_kv_hash = NULL; - new_clause_id_kv_hash = build_clause_id_kv_hash(rule_rt, 0); - new_not_clause_id_kv_hash = build_clause_id_kv_hash(rule_rt, 1); + new_condition_id_kv_hash = build_condition_id_kv_hash(rule_rt, 0); + new_not_condition_id_kv_hash = build_condition_id_kv_hash(rule_rt, 1); - old_clause_id_kv_hash = rule_rt->clause_id_kv_hash; - old_not_clause_id_kv_hash = rule_rt->not_clause_id_kv_hash; + old_condition_id_kv_hash = rule_rt->condition_id_kv_hash; + old_not_condition_id_kv_hash = rule_rt->not_condition_id_kv_hash; old_bool_matcher = rule_rt->bm; /* @@ -2383,16 +2383,16 @@ int rule_runtime_commit(void *rule_runtime, const char *table_name, */ rule_rt->bm = new_bool_matcher; - rule_rt->clause_id_kv_hash = new_clause_id_kv_hash; - rule_rt->not_clause_id_kv_hash = new_not_clause_id_kv_hash; + rule_rt->condition_id_kv_hash = new_condition_id_kv_hash; + rule_rt->not_condition_id_kv_hash = new_not_condition_id_kv_hash; rcu_hash_commit(rule_rt->cfg_hash); //after commit, old cfg still available within RULE_GC_TIMEOUT_S. maat_garbage_bagging(rule_rt->ref_garbage_bin, old_bool_matcher, NULL, garbage_bool_matcher_free); - maat_garbage_bagging(rule_rt->ref_garbage_bin, old_clause_id_kv_hash, NULL, - garbage_clause_id_kv_hash_free); - maat_garbage_bagging(rule_rt->ref_garbage_bin, old_not_clause_id_kv_hash, NULL, - garbage_clause_id_kv_hash_free); + maat_garbage_bagging(rule_rt->ref_garbage_bin, old_condition_id_kv_hash, NULL, + garbage_condition_id_kv_hash_free); + maat_garbage_bagging(rule_rt->ref_garbage_bin, old_not_condition_id_kv_hash, NULL, + garbage_condition_id_kv_hash_free); rule_rt->rule_num = rcu_hash_count(rule_rt->cfg_hash); @@ -2427,8 +2427,8 @@ static int rule_sort_para_compare(const struct rule_sort_para *a, const struct rule_sort_para *b) { //If rule rule's execute sequences are not specified or equal. - if (a->declared_clause_num != b->declared_clause_num) { - return (a->declared_clause_num - b->declared_clause_num); + if (a->declared_condition_num != b->declared_condition_num) { + return (a->declared_condition_num - b->declared_condition_num); } else { return (b->rule_id - a->rule_id); } @@ -2438,7 +2438,7 @@ static void rule_sort_para_set(struct rule_sort_para *para, const struct rule_item *item) { para->rule_id = item->rule_id; - para->declared_clause_num = item->declared_clause_num; + para->declared_condition_num = item->declared_condition_num; } static int compare_rule_item(const void *a, const void *b) @@ -2459,7 +2459,7 @@ int rule_runtime_match(struct rule_runtime *rule_rt, long long *rule_ids, struct rule_state *rule_state = state->rule_state; struct rule_item *rule_items[rule_ids_size]; - // all hit clause_id -> rule_id + // all hit condition_id -> rule_id size_t bool_match_ret = maat_rule_bool_matcher_match(rule_rt, rule_state, state->thread_id, @@ -2486,7 +2486,7 @@ int rule_state_update(struct rule_state *rule_state, struct maat *maat_inst, long long hit_group_ids[MAX_HIT_GROUP_NUM]; struct maat_hit_group hit_group; - utarray_clear(rule_state->this_scan_hit_clauses); + utarray_clear(rule_state->this_scan_hit_conditions); rule_state->this_scan_not_logic = 0; rule_state->Nth_scan = Nth_scan; @@ -2526,7 +2526,7 @@ int rule_state_update(struct rule_state *rule_state, struct maat *maat_inst, super_group_cnt, attribute_id); } - /* update hit clause */ + /* update hit condition */ int rule_table_id = table_manager_get_default_rule_table_id(maat_inst->tbl_mgr); if (custom_rule_tbl_id > 0) { rule_table_id = custom_rule_tbl_id; @@ -2543,7 +2543,7 @@ int rule_state_update(struct rule_state *rule_state, struct maat *maat_inst, } for (i = 0; i < hit_cnt; i++) { - rule_state_update_hit_clauses(rule_state, rule_rt, + rule_state_update_hit_conditions(rule_state, rule_rt, hit_group_ids[i], attribute_id); } @@ -2572,7 +2572,7 @@ void rule_state_not_logic_update(struct rule_state *rule_state, rule_state->this_scan_not_logic = 1; rule_state->Nth_scan = Nth_scan; - utarray_clear(rule_state->this_scan_hit_not_clauses); + utarray_clear(rule_state->this_scan_hit_not_conditions); struct table_group *tbl_group = NULL; HASH_FIND(hh, rule_state->hit_not_tbl_groups, &attribute_id, sizeof(int), tbl_group); @@ -2580,17 +2580,17 @@ void rule_state_not_logic_update(struct rule_state *rule_state, return; } - struct clause_id_kv *clause_id_kv = NULL; + struct condition_id_kv *condition_id_kv = NULL; for (size_t i = 0; i < utarray_len(tbl_group->group_ids); i++) { long long *group_id = utarray_eltptr(tbl_group->group_ids, i); - struct clause_query_key key = {*group_id, attribute_id, 1}; + struct condition_query_key key = {*group_id, attribute_id, 1}; - HASH_FIND(hh, rule_rt->not_clause_id_kv_hash, &key, sizeof(key), clause_id_kv); - if (NULL == clause_id_kv) { + HASH_FIND(hh, rule_rt->not_condition_id_kv_hash, &key, sizeof(key), condition_id_kv); + if (NULL == condition_id_kv) { continue; } - rule_state_add_hit_not_clauses(rule_state, clause_id_kv->clause_ids); + rule_state_add_hit_not_conditions(rule_state, condition_id_kv->condition_ids); if (1 == maat_inst->opts.hit_path_on) { rule_state_add_internal_hit_path(rule_state, -1, *group_id, attribute_id, 1, Nth_scan); @@ -2714,7 +2714,7 @@ size_t rule_state_get_internal_hit_paths(struct rule_state *rule_state, tmp_path.top_group_id = *p; tmp_path.attribute_id = internal_path->attribute_id; tmp_path.NOT_flag = internal_path->NOT_flag; - tmp_path.clause_index = -1; + tmp_path.condition_index = -1; tmp_path.rule_id = -1; /* check if internal_path is duplicated from hit_path_array[] diff --git a/src/maat_stat.c b/src/maat_stat.c index e50c8fd..7a30c44 100644 --- a/src/maat_stat.c +++ b/src/maat_stat.c @@ -29,7 +29,7 @@ enum MAAT_FS_STATUS { STATUS_TABLE_NUM, STATUS_PLUGIN_CACHE_NUM, STATUS_PLUGIN_ACC_NUM, - STATUS_CLAUSE_REF_NOT_NUM, + STATUS_CONDITION_REF_NOT_NUM, STATUS_GROUP_REF_EXCL_NUM, //group reference exclude group num STATUS_HIT_RULE_NUM, STATUS_MAAT_STATE_NUM, @@ -75,8 +75,8 @@ static void fs_global_metric_register(struct maat_stat *stat) stat->g_metric_id[STATUS_PLUGIN_ACC_NUM] = fieldstat_easy_register_counter(stat->fs_handle, "plug_acc_num"); - stat->g_metric_id[STATUS_CLAUSE_REF_NOT_NUM] = - fieldstat_easy_register_counter(stat->fs_handle, "NOT_clause_num"); + stat->g_metric_id[STATUS_CONDITION_REF_NOT_NUM] = + fieldstat_easy_register_counter(stat->fs_handle, "NOT_condition_num"); stat->g_metric_id[STATUS_GROUP_REF_EXCL_NUM] = fieldstat_easy_register_counter(stat->fs_handle, "excl_grp"); @@ -244,7 +244,7 @@ static void fs_table_row_refresh(struct maat_stat *stat, int perf_on) long long total_rule_num = 0, total_scan_bytes = 0, total_update_err = 0; long long total_scan_times = 0, total_hit_times = 0, total_scan_cpu_time = 0; long long total_regv6_num = 0, total_hit_item_num = 0, total_hit_pattern_num = 0; - long long g2c_not_clause_num = 0, g2g_excl_rule_num = 0; + long long g2c_not_condition_num = 0, g2g_excl_rule_num = 0; struct field cell_tag = { .key = "TBL", .type = FIELD_VALUE_CSTRING @@ -273,7 +273,7 @@ static void fs_table_row_refresh(struct maat_stat *stat, int perf_on) plugin_rule_num += plugin_runtime_rule_count(runtime); break; case TABLE_TYPE_GROUP2RULE: - g2c_not_clause_num += group2rule_runtime_not_clause_count(runtime); + g2c_not_condition_num += group2rule_runtime_not_condition_count(runtime); break; case TABLE_TYPE_GROUP2GROUP: g2g_excl_rule_num += group2group_runtime_exclude_rule_count(runtime); @@ -415,8 +415,8 @@ static void fs_table_row_refresh(struct maat_stat *stat, int perf_on) NULL, 0, plugin_rule_num); fieldstat_easy_counter_set(stat->fs_handle, 0, - stat->g_metric_id[STATUS_CLAUSE_REF_NOT_NUM], - NULL, 0, g2c_not_clause_num); + stat->g_metric_id[STATUS_CONDITION_REF_NOT_NUM], + NULL, 0, g2c_not_condition_num); fieldstat_easy_counter_set(stat->fs_handle, 0, stat->g_metric_id[STATUS_GROUP_REF_EXCL_NUM], diff --git a/test/benchmark/benchmark_table_info.conf b/test/benchmark/benchmark_table_info.conf index 5af3bb2..d6cf0c9 100644 --- a/test/benchmark/benchmark_table_info.conf +++ b/test/benchmark/benchmark_table_info.conf @@ -560,7 +560,7 @@ "custom": { "rule_id":1, "tags":6, - "clause_num":8 + "condition_num":8 } }, { @@ -574,7 +574,7 @@ "rule_id":2, "not_flag":3, "attribute_name":4, - "clause_index":5 + "condition_index":5 } }, { diff --git a/test/file_test_tableinfo.conf b/test/file_test_tableinfo.conf index 6263135..9d929c0 100644 --- a/test/file_test_tableinfo.conf +++ b/test/file_test_tableinfo.conf @@ -7,7 +7,7 @@ "custom": { "rule_id":1, "tags":6, - "clause_num":9 + "condition_num":9 } }, { @@ -18,7 +18,7 @@ "custom": { "rule_id":1, "tags":6, - "clause_num":9 + "condition_num":9 } }, { @@ -31,7 +31,7 @@ "custom": { "rule_id":1, "tags":6, - "clause_num":9 + "condition_num":9 } }, { @@ -56,7 +56,7 @@ "rule_id":2, "not_flag":4, "attribute_name":5, - "clause_index":6 + "condition_index":6 } }, { diff --git a/test/maat_framework_gtest.cpp b/test/maat_framework_gtest.cpp index ddd5bd5..3ba632e 100644 --- a/test/maat_framework_gtest.cpp +++ b/test/maat_framework_gtest.cpp @@ -3247,7 +3247,7 @@ TEST_F(IPScan, RuleUpdates) { state = NULL; } -TEST_F(IPScan, RuleChangeClauseId) { +TEST_F(IPScan, RuleChangeConditionId) { //This test is a reproduce of bug OMPUB-1343. const char *src_table_name = "ATTRIBUTE_IP_PLUS_SOURCE"; const char *dst_table_name = "ATTRIBUTE_IP_PLUS_DESTINATION"; @@ -4207,7 +4207,7 @@ TEST_F(NOTLogic, NotPhysicalTable) { state = NULL; } -TEST_F(NOTLogic, EightNotClause) { +TEST_F(NOTLogic, EightNotCondition) { const char *string_nothing = "This string contain nothing"; long long results[ARRAY_SIZE] = {0}; size_t n_hit_result = 0; @@ -4325,7 +4325,7 @@ TEST_F(NOTLogic, EightNotClause) { state = NULL; } -TEST_F(NOTLogic, NotClauseAndExcludeGroup1) { +TEST_F(NOTLogic, NotConditionAndExcludeGroup1) { const char *string_should_not_hit = "This string ONLY contains must-contained-string-of-rule-200 and " "must-not-contained-string-of-rule-200"; const char *string_should_half_hit = "This string ONLY contains must-contained-string-of-rule-200"; @@ -4377,7 +4377,7 @@ TEST_F(NOTLogic, NotClauseAndExcludeGroup1) { state = NULL; } -TEST_F(NOTLogic, NotClauseAndExcludeGroup2) { +TEST_F(NOTLogic, NotConditionAndExcludeGroup2) { const char *string1 = "This string ONLY contains mail.string-of-rule-217.com"; const char *string2= "This string ONLY contains www.string-of-rule-217.com"; const char *string_keywords = "This string contain keywords-for-rule-217"; @@ -4437,7 +4437,7 @@ TEST_F(NOTLogic, NotClauseAndExcludeGroup2) { state = NULL; } -TEST_F(NOTLogic, SingleNotClause) { +TEST_F(NOTLogic, SingleNotCondition) { const char *string_nothing = "nothing string"; const char *string_should_hit = "string has not_logic_keywords_222"; const char *table_name = "HTTP_NOT_LOGIC_1"; @@ -4477,7 +4477,7 @@ TEST_F(NOTLogic, SingleNotClause) { state = NULL; } -TEST_F(NOTLogic, MultiNotClauses) { +TEST_F(NOTLogic, MultiNotConditions) { const char *string_nothing = "nothing string"; const char *string1 = "string has not_logic_rule_223_1"; const char *string2 = "string has not_logic_rule_223_1"; @@ -4553,7 +4553,7 @@ TEST_F(NOTLogic, MultiNotClauses) { state = NULL; } -TEST_F(NOTLogic, MultiGroupsInOneNotClause) { +TEST_F(NOTLogic, MultiGroupsInOneNotCondition) { const char *src_asn1 = "AS1234"; const char *src_asn2 = "AS6789"; const char *src_asn3 = "AS9001"; @@ -4644,7 +4644,7 @@ TEST_F(NOTLogic, MultiGroupsInOneNotClause) { state = NULL; } -TEST_F(NOTLogic, MultiLiteralsInOneNotClause) { +TEST_F(NOTLogic, MultiLiteralsInOneNotCondition) { const char *src_asn1 = "AS1234"; const char *src_asn2 = "AS6789"; const char *src_nothing = "nothing"; @@ -4762,7 +4762,7 @@ TEST_F(NOTLogic, MultiLiteralsInOneNotClause) { state = NULL; } -TEST_F(NOTLogic, SameAttributeInMultiClause) { +TEST_F(NOTLogic, SameAttributeInMultiCondition) { const char *src_asn1 = "AS1234"; const char *src_asn2 = "AS9002"; const char *src_asn3 = "AS9003"; @@ -5124,7 +5124,7 @@ TEST_F(ExcludeLogic, ScanAttribute) { maat_state_free(state); } -TEST_F(ExcludeLogic, ScanWithMultiClause) { +TEST_F(ExcludeLogic, ScanWithMultiCondition) { long long results[ARRAY_SIZE] = {0}; size_t n_hit_result = 0; int thread_id = 0; @@ -6748,37 +6748,37 @@ TEST_F(Policy, EvaluationOrder) { EXPECT_EQ(hit_path[0].attribute_id, table_id); EXPECT_EQ(hit_path[0].sub_group_id, 158); EXPECT_EQ(hit_path[0].top_group_id, 158); - EXPECT_EQ(hit_path[0].clause_index, 2); + EXPECT_EQ(hit_path[0].condition_index, 2); EXPECT_EQ(hit_path[0].rule_id, 168); EXPECT_EQ(hit_path[1].attribute_id, table_id); EXPECT_EQ(hit_path[1].sub_group_id, 157); EXPECT_EQ(hit_path[1].top_group_id, 157); - EXPECT_EQ(hit_path[1].clause_index, 0); + EXPECT_EQ(hit_path[1].condition_index, 0); EXPECT_EQ(hit_path[1].rule_id, 166); EXPECT_EQ(hit_path[2].attribute_id, table_id); EXPECT_EQ(hit_path[2].sub_group_id, 155); EXPECT_EQ(hit_path[2].top_group_id, -1); - EXPECT_EQ(hit_path[2].clause_index, -1); + EXPECT_EQ(hit_path[2].condition_index, -1); EXPECT_EQ(hit_path[2].rule_id, -1); EXPECT_EQ(hit_path[3].attribute_id, table_id); EXPECT_EQ(hit_path[3].sub_group_id, 158); EXPECT_EQ(hit_path[3].top_group_id, 158); - EXPECT_EQ(hit_path[3].clause_index, 6); + EXPECT_EQ(hit_path[3].condition_index, 6); EXPECT_EQ(hit_path[3].rule_id, 168); EXPECT_EQ(hit_path[4].attribute_id, table_id); EXPECT_EQ(hit_path[4].sub_group_id, 158); EXPECT_EQ(hit_path[4].top_group_id, 158); - EXPECT_EQ(hit_path[4].clause_index, 1); + EXPECT_EQ(hit_path[4].condition_index, 1); EXPECT_EQ(hit_path[4].rule_id, 167); EXPECT_EQ(hit_path[5].attribute_id, table_id); EXPECT_EQ(hit_path[5].sub_group_id, 158); EXPECT_EQ(hit_path[5].top_group_id, 158); - EXPECT_EQ(hit_path[5].clause_index, 3); + EXPECT_EQ(hit_path[5].condition_index, 3); EXPECT_EQ(hit_path[5].rule_id, 167); ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, @@ -6805,7 +6805,7 @@ TEST_F(Policy, EvaluationOrder) { maat_state_free(state); } -TEST_F(Policy, NotClauseHitPath) { +TEST_F(Policy, NotConditionHitPath) { const char *url_table_name = "HTTP_URL"; const char *ip_table_name = "ATTRIBUTE_IP_CONFIG"; const char *url = "www.youtube.com"; @@ -6846,7 +6846,7 @@ TEST_F(Policy, NotClauseHitPath) { EXPECT_EQ(hit_path[0].Nth_scan, 1); EXPECT_EQ(hit_path[0].attribute_id, url_table_id); EXPECT_EQ(hit_path[0].NOT_flag, 0); - EXPECT_EQ(hit_path[0].clause_index, 1); + EXPECT_EQ(hit_path[0].condition_index, 1); EXPECT_EQ(hit_path[0].sub_group_id, 249); EXPECT_EQ(hit_path[0].top_group_id, 249); EXPECT_EQ(hit_path[0].rule_id, 228); @@ -6854,7 +6854,7 @@ TEST_F(Policy, NotClauseHitPath) { EXPECT_EQ(hit_path[1].Nth_scan, 2); EXPECT_EQ(hit_path[1].attribute_id, ip_table_id); EXPECT_EQ(hit_path[1].NOT_flag, 1); - EXPECT_EQ(hit_path[1].clause_index, -1); + EXPECT_EQ(hit_path[1].condition_index, -1); EXPECT_EQ(hit_path[1].sub_group_id, 100); EXPECT_EQ(hit_path[1].top_group_id, 144); EXPECT_EQ(hit_path[1].rule_id, -1); @@ -6862,7 +6862,7 @@ TEST_F(Policy, NotClauseHitPath) { EXPECT_EQ(hit_path[2].Nth_scan, 2); EXPECT_EQ(hit_path[2].attribute_id, ip_table_id); EXPECT_EQ(hit_path[2].NOT_flag, 1); - EXPECT_EQ(hit_path[2].clause_index, -1); + EXPECT_EQ(hit_path[2].condition_index, -1); EXPECT_EQ(hit_path[2].sub_group_id, 100); EXPECT_EQ(hit_path[2].top_group_id, -1); EXPECT_EQ(hit_path[2].rule_id, -1); @@ -6870,7 +6870,7 @@ TEST_F(Policy, NotClauseHitPath) { EXPECT_EQ(hit_path[3].Nth_scan, 2); EXPECT_EQ(hit_path[3].attribute_id, ip_table_id); EXPECT_EQ(hit_path[3].NOT_flag, 1); - EXPECT_EQ(hit_path[3].clause_index, 2); + EXPECT_EQ(hit_path[3].condition_index, 2); EXPECT_EQ(hit_path[3].sub_group_id, 250); EXPECT_EQ(hit_path[3].top_group_id, 250); EXPECT_EQ(hit_path[3].rule_id, 228); @@ -7269,7 +7269,7 @@ TEST_F(GroupHierarchy, OneGroupInTwoAttribute) { state = NULL; } -TEST_F(GroupHierarchy, MultiGroupsInOneClause) { +TEST_F(GroupHierarchy, MultiGroupsInOneCondition) { const char *src_asn1 = "AS1234"; const char *src_asn2 = "AS6789"; const char *src_asn3 = "AS9001"; @@ -7359,7 +7359,7 @@ TEST_F(GroupHierarchy, MultiGroupsInOneClause) { state = NULL; } -TEST_F(GroupHierarchy, MultiLiteralsInOneClause) { +TEST_F(GroupHierarchy, MultiLiteralsInOneCondition) { const char *src_asn1 = "AS1234"; const char *src_asn2 = "AS6789"; const char *my_county = "Greece.Sparta"; @@ -7740,10 +7740,10 @@ TEST_F(MaatCmd, SameFilterRefByOneRule) { long long rule_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); int ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, - rule_id, "null", 2, 0); // rule has two clause + rule_id, "null", 2, 0); // rule has two condition EXPECT_EQ(ret, 1); - //clause1 & clause2 has same filter => {attribute_id, group_id} + //condition1 & condition2 has same filter => {attribute_id, group_id} long long group_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1); ret = group2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD, group_id, rule_id, 0, attribute_name, 1, 0); @@ -9657,7 +9657,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { long long group1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1); ret = group2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD, group1_id, rule1_id, 0, - "KEYWORDS_TABLE", 1, 0); //clause_index:1 + "KEYWORDS_TABLE", 1, 0); //condition_index:1 EXPECT_EQ(ret, 1); //item1 -> group1 -> rule1 @@ -9674,7 +9674,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { long long group21_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1); ret = group2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD, group21_id, rule1_id, 0, - "KEYWORDS_TABLE", 2, 0); //clause_index:2 + "KEYWORDS_TABLE", 2, 0); //condition_index:2 EXPECT_EQ(ret, 1); /* item1 -> group1 -> rule1 @@ -9711,7 +9711,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { */ ret = group2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD, group21_id, rule2_id, 0, - "KEYWORDS_TABLE", 3, 0); //clause_index:3 + "KEYWORDS_TABLE", 3, 0); //condition_index:3 EXPECT_EQ(ret, 1); /* item1 -> group1 -> rule1 @@ -9729,7 +9729,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { ret = group2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD, group3_id, rule2_id, 0, - "IP_CONFIG", 4, 0); //clause_index:4 + "IP_CONFIG", 4, 0); //condition_index:4 EXPECT_EQ(ret, 1); /* item1 -> group1 -> rule1 @@ -9748,7 +9748,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { ret = group2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD, group3_id, rule3_id, 0, - "IP_CONFIG", 5, 0); //clause_index:5 + "IP_CONFIG", 5, 0); //condition_index:5 EXPECT_EQ(ret, 1); /* item1 -> group1 -> rule1 @@ -9775,7 +9775,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { ret = group2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD, group4_id, rule3_id, 0, - "KEYWORDS_TABLE", 6, 0); //clause_index:6 + "KEYWORDS_TABLE", 6, 0); //condition_index:6 EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S * 2); @@ -9804,7 +9804,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { EXPECT_EQ(hit_path[path_idx].sub_group_id, group1_id); EXPECT_EQ(hit_path[path_idx].top_group_id, -1); EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id); - EXPECT_EQ(hit_path[path_idx].clause_index, -1); + EXPECT_EQ(hit_path[path_idx].condition_index, -1); EXPECT_EQ(hit_path[path_idx].rule_id, -1); ret = maat_scan_string(maat_inst, keywords_table_id, http_url_social, @@ -9823,7 +9823,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { EXPECT_EQ(hit_path[path_idx].sub_group_id, group1_id); EXPECT_EQ(hit_path[path_idx].top_group_id, group1_id); EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id); - EXPECT_EQ(hit_path[path_idx].clause_index, 1); + EXPECT_EQ(hit_path[path_idx].condition_index, 1); EXPECT_EQ(hit_path[path_idx].rule_id, rule1_id); path_idx++; @@ -9833,7 +9833,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { EXPECT_EQ(hit_path[path_idx].sub_group_id, group2_id); EXPECT_EQ(hit_path[path_idx].top_group_id, group21_id); EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id); - EXPECT_EQ(hit_path[path_idx].clause_index, 2); + EXPECT_EQ(hit_path[path_idx].condition_index, 2); EXPECT_EQ(hit_path[path_idx].rule_id, rule1_id); path_idx++; @@ -9843,7 +9843,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { EXPECT_EQ(hit_path[path_idx].sub_group_id, group2_id); EXPECT_EQ(hit_path[path_idx].top_group_id, -1); EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id); - EXPECT_EQ(hit_path[path_idx].clause_index, -1); + EXPECT_EQ(hit_path[path_idx].condition_index, -1); EXPECT_EQ(hit_path[path_idx].rule_id, -1); uint32_t ip_addr; @@ -9868,7 +9868,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { EXPECT_EQ(hit_path[path_idx].sub_group_id, group1_id); EXPECT_EQ(hit_path[path_idx].top_group_id, group1_id); EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id); - EXPECT_EQ(hit_path[path_idx].clause_index, 1); + EXPECT_EQ(hit_path[path_idx].condition_index, 1); EXPECT_EQ(hit_path[path_idx].rule_id, rule1_id); path_idx++; @@ -9878,7 +9878,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { EXPECT_EQ(hit_path[path_idx].sub_group_id, group2_id); EXPECT_EQ(hit_path[path_idx].top_group_id, group21_id); EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id); - EXPECT_EQ(hit_path[path_idx].clause_index, 3); + EXPECT_EQ(hit_path[path_idx].condition_index, 3); EXPECT_EQ(hit_path[path_idx].rule_id, rule2_id); path_idx++; @@ -9888,7 +9888,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { EXPECT_EQ(hit_path[path_idx].sub_group_id, group2_id); EXPECT_EQ(hit_path[path_idx].top_group_id, -1); EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id); - EXPECT_EQ(hit_path[path_idx].clause_index, -1); + EXPECT_EQ(hit_path[path_idx].condition_index, -1); EXPECT_EQ(hit_path[path_idx].rule_id, -1); path_idx++; @@ -9898,7 +9898,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { EXPECT_EQ(hit_path[path_idx].sub_group_id, group3_id); EXPECT_EQ(hit_path[path_idx].top_group_id, group3_id); EXPECT_EQ(hit_path[path_idx].attribute_id, ip_table_id); - EXPECT_EQ(hit_path[path_idx].clause_index, 4); + EXPECT_EQ(hit_path[path_idx].condition_index, 4); EXPECT_EQ(hit_path[path_idx].rule_id, rule2_id); path_idx++; @@ -9908,7 +9908,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { EXPECT_EQ(hit_path[path_idx].sub_group_id, group2_id); EXPECT_EQ(hit_path[path_idx].top_group_id, group21_id); EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id); - EXPECT_EQ(hit_path[path_idx].clause_index, 2); + EXPECT_EQ(hit_path[path_idx].condition_index, 2); EXPECT_EQ(hit_path[path_idx].rule_id, rule1_id); const char *keywords1 = "In theory, basic and advanced is common"; @@ -9929,7 +9929,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { EXPECT_EQ(hit_path[path_idx].sub_group_id, group1_id); EXPECT_EQ(hit_path[path_idx].top_group_id, group1_id); EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id); - EXPECT_EQ(hit_path[path_idx].clause_index, 1); + EXPECT_EQ(hit_path[path_idx].condition_index, 1); EXPECT_EQ(hit_path[path_idx].rule_id, rule1_id); path_idx++; @@ -9939,7 +9939,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { EXPECT_EQ(hit_path[path_idx].sub_group_id, group2_id); EXPECT_EQ(hit_path[path_idx].top_group_id, group21_id); EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id); - EXPECT_EQ(hit_path[path_idx].clause_index, 3); + EXPECT_EQ(hit_path[path_idx].condition_index, 3); EXPECT_EQ(hit_path[path_idx].rule_id, rule2_id); path_idx++; @@ -9949,7 +9949,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { EXPECT_EQ(hit_path[path_idx].sub_group_id, group2_id); EXPECT_EQ(hit_path[path_idx].top_group_id, -1); EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id); - EXPECT_EQ(hit_path[path_idx].clause_index, -1); + EXPECT_EQ(hit_path[path_idx].condition_index, -1); EXPECT_EQ(hit_path[path_idx].rule_id, -1); path_idx++; @@ -9959,7 +9959,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { EXPECT_EQ(hit_path[path_idx].sub_group_id, group3_id); EXPECT_EQ(hit_path[path_idx].top_group_id, group3_id); EXPECT_EQ(hit_path[path_idx].attribute_id, ip_table_id); - EXPECT_EQ(hit_path[path_idx].clause_index, 5); + EXPECT_EQ(hit_path[path_idx].condition_index, 5); EXPECT_EQ(hit_path[path_idx].rule_id, rule3_id); path_idx++; @@ -9969,7 +9969,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { EXPECT_EQ(hit_path[path_idx].sub_group_id, group4_id); EXPECT_EQ(hit_path[path_idx].top_group_id, group4_id); EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id); - EXPECT_EQ(hit_path[path_idx].clause_index, 6); + EXPECT_EQ(hit_path[path_idx].condition_index, 6); EXPECT_EQ(hit_path[path_idx].rule_id, rule3_id); path_idx++; @@ -9979,7 +9979,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { EXPECT_EQ(hit_path[path_idx].sub_group_id, group3_id); EXPECT_EQ(hit_path[path_idx].top_group_id, group3_id); EXPECT_EQ(hit_path[path_idx].attribute_id, ip_table_id); - EXPECT_EQ(hit_path[path_idx].clause_index, 4); + EXPECT_EQ(hit_path[path_idx].condition_index, 4); EXPECT_EQ(hit_path[path_idx].rule_id, rule2_id); path_idx++; @@ -9989,7 +9989,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { EXPECT_EQ(hit_path[path_idx].sub_group_id, group2_id); EXPECT_EQ(hit_path[path_idx].top_group_id, group21_id); EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id); - EXPECT_EQ(hit_path[path_idx].clause_index, 2); + EXPECT_EQ(hit_path[path_idx].condition_index, 2); EXPECT_EQ(hit_path[path_idx].rule_id, rule1_id); maat_state_free(state); @@ -10388,7 +10388,7 @@ TEST_F(MaatCmd, SameSuperGroupRefByMultiRule) { state = NULL; } -TEST_F(MaatCmd, SameScanStatusWhenClauseUpdate_TSG6419) { +TEST_F(MaatCmd, SameScanStatusWhenConditionUpdate_TSG6419) { const char *g2c_table_name = "GROUP2RULE_DEFAULT"; const char* rule_table_name = "RULE_DEFAULT"; const char* ip_table_name = "IP_PLUS_CONFIG"; @@ -10402,9 +10402,9 @@ TEST_F(MaatCmd, SameScanStatusWhenClauseUpdate_TSG6419) { rule1_id, "null", 2, 0); EXPECT_EQ(ret, 1); - /* item11 -> group11 -> clause1 -> rule1 + /* item11 -> group11 -> condition1 -> rule1 / - item21 -> group21 -> clause2 _/ + item21 -> group21 -> condition2 _/ */ long long group11_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1); ret = group2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD, @@ -10451,10 +10451,10 @@ TEST_F(MaatCmd, SameScanStatusWhenClauseUpdate_TSG6419) { &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - /* item11 -> group11 -> clause1 -> rule1 + /* item11 -> group11 -> condition1 -> rule1 / - item21 -> group21 -> clause2 _/ - item22 -> group22 -> clause3 _/ + item21 -> group21 -> condition2 _/ + item22 -> group22 -> condition3 _/ */ ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL, rule1_id, "null", 2, 0); @@ -10512,8 +10512,8 @@ TEST_F(MaatCmd, GroupEdit) { rule1_id, "null", 2, 0); EXPECT_EQ(ret, 1); - /* item11 -> group11 -> clause1 -> rule1 - item21 -> group21 -> clause2 _/ + /* item11 -> group11 -> condition1 -> rule1 + item21 -> group21 -> condition2 _/ */ long long group11_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1); ret = group2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD, @@ -10568,8 +10568,8 @@ TEST_F(MaatCmd, GroupEdit) { maat_state_reset(state); - /* item11 -> group11 -> clause1 -> rule1 - item21 -> group21 -> clause2 _/ + /* item11 -> group11 -> condition1 -> rule1 + item21 -> group21 -> condition2 _/ item22 -> / */ char scan_app_id_str[8] = {0}; @@ -10608,8 +10608,8 @@ TEST_F(MaatCmd, GroupEdit) { EXPECT_EQ(n_read, 2); maat_state_reset(state); - /* item11 -> group11 -> clause1 -> rule1 - item21 -> group21 -> clause2 _/ + /* item11 -> group11 -> condition1 -> rule1 + item21 -> group21 -> condition2 _/ */ ret = interval_table_set_line(maat_inst, app_id_table_name, MAAT_OP_DEL, item22_id, group21_id, scan_app_id_str, NULL, 0); @@ -10653,7 +10653,7 @@ TEST_F(MaatCmd, RuleDelete_TSG6548) { rule1_id, "null", 1, 0); EXPECT_EQ(ret, 1); - //item11 -> group11 -> clause1 -> rule1 + //item11 -> group11 -> condition1 -> rule1 long long group11_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1); ret = group2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD, group11_id, rule1_id, 0, ip_table_name, 1, 0); @@ -10789,7 +10789,7 @@ TEST_F(MaatCmd, UpdateDeadLockDetection) { memset(results, 0, sizeof(results)); ret = maat_scan_string(maat_inst, table_id, scan_data2, strlen(scan_data2), results, ARRAY_SIZE, &n_hit_result, state); - //After full update, clause ids are re-orgnized, therefore mid are not compatible to the new scanner (hierarchy). + //After full update, condition ids are re-orgnized, therefore mid are not compatible to the new scanner (hierarchy). EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, @@ -10923,7 +10923,7 @@ TEST_F(MaatCmd, StreamScanSegfaultWhenVersionRollBack_TSG6324) { //DON'T DO THIS!!! //Roll back version, trigger full update. //This operation generates FATAL logs in test_maat_redis.log.yyyy-mm-dd. - //For example: Add group 22 vt_id 0 to clause 2 of rule 979 failed, group is already existed + //For example: Add group 22 vt_id 0 to condition 2 of rule 979 failed, group is already existed maat_cmd_incrby(maat_inst, "MAAT_VERSION", -100); //Wating for scanner garbage collect expiration. diff --git a/test/maat_json.json b/test/maat_json.json index 35ec96d..c6cb0eb 100644 --- a/test/maat_json.json +++ b/test/maat_json.json @@ -846,7 +846,7 @@ "action": 1, "do_blacklist": 1, "do_log": 1, - "user_region": "NOTLogic.NotExprClauseAndNotIPClause", + "user_region": "NOTLogic.NotExprConditionAndNotIPCondition", "is_valid": "yes", "groups": [ { @@ -854,7 +854,7 @@ "group_name": "146_url_group", "group_id": 126, "not_flag": 0, - "clause_index": 0, + "condition_index": 0, "regions": [ { "table_name": "HTTP_URL", @@ -871,7 +871,7 @@ "group_name": "146_keywords_group", "group_id": 127, "not_flag": 1, - "clause_index": 1, + "condition_index": 1, "regions": [ { "table_name": "KEYWORDS_TABLE", @@ -887,7 +887,7 @@ "attribute": "ATTRIBUTE_IP_CONFIG", "group_name": "123_IP_group", "not_flag": 1, - "clause_index": 2 + "condition_index": 2 } ] }, @@ -897,7 +897,7 @@ "action": 1, "do_blacklist": 1, "do_log": 1, - "user_region": "NOTLogic.8NotClause", + "user_region": "NOTLogic.8NotCondition", "is_valid": "yes", "groups": [ { @@ -905,13 +905,13 @@ "group_name": "147_keywords_group1", "group_id": 128, "not_flag": 1, - "clause_index": 0, + "condition_index": 0, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "clause0-in-rule-147", + "keywords": "condition0-in-rule-147", "expr_type": "and" } } @@ -922,13 +922,13 @@ "group_name": "147_keywords_group2", "group_id": 129, "not_flag": 1, - "clause_index": 1, + "condition_index": 1, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "clause1-in-rule-147", + "keywords": "condition1-in-rule-147", "expr_type": "and" } } @@ -939,13 +939,13 @@ "group_name": "147_keywords_group3", "group_id": 130, "not_flag": 1, - "clause_index": 2, + "condition_index": 2, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "clause2-in-rule-147", + "keywords": "condition2-in-rule-147", "expr_type": "and" } } @@ -956,13 +956,13 @@ "group_name": "147_keywords_group4", "group_id": 131, "not_flag": 1, - "clause_index": 3, + "condition_index": 3, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "clause3-in-rule-147", + "keywords": "condition3-in-rule-147", "expr_type": "and" } } @@ -973,13 +973,13 @@ "group_name": "147_keywords_group5", "group_id": 132, "not_flag": 1, - "clause_index": 4, + "condition_index": 4, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "clause4-in-rule-147", + "keywords": "condition4-in-rule-147", "expr_type": "and" } } @@ -990,13 +990,13 @@ "group_name": "147_keywords_group6", "group_id": 133, "not_flag": 1, - "clause_index": 5, + "condition_index": 5, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "clause5-in-rule-147", + "keywords": "condition5-in-rule-147", "expr_type": "and" } } @@ -1007,13 +1007,13 @@ "group_name": "147_keywords_group7", "group_id": 134, "not_flag": 1, - "clause_index": 6, + "condition_index": 6, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "clause6-in-rule-147", + "keywords": "condition6-in-rule-147", "expr_type": "and" } } @@ -1024,13 +1024,13 @@ "group_name": "147_keywords_group8", "group_id": 135, "not_flag": 1, - "clause_index": 7, + "condition_index": 7, "regions": [ { "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "clause7-in-rule-147", + "keywords": "condition7-in-rule-147", "expr_type": "and" } } @@ -1637,7 +1637,7 @@ "attribute": "HTTP_URL", "group_name": "167_url_group", "group_id": 158, - "clause_index": 1, + "condition_index": 1, "regions": [ { "table_name": "HTTP_URL", @@ -1653,7 +1653,7 @@ "attribute": "HTTP_URL", "group_name": "167_url_group", "group_id": 158, - "clause_index": 3 + "condition_index": 3 } ] }, @@ -1671,13 +1671,13 @@ "attribute": "HTTP_URL", "group_name": "167_url_group", "group_id": 158, - "clause_index": 2 + "condition_index": 2 }, { "attribute": "HTTP_URL", "group_name": "167_url_group", "group_id": 158, - "clause_index": 6 + "condition_index": 6 } ] }, @@ -1694,7 +1694,7 @@ "attribute": "IP_PLUS_CONFIG", "group_name": "169_IP_group", "group_id": 160, - "clause_index": 0, + "condition_index": 0, "not_flag" : 0, "regions": [ { @@ -1766,20 +1766,20 @@ "action": 1, "do_blacklist": 1, "do_log": 1, - "user_region": "NOTLogic.MultiGroupsInOneNotClause", + "user_region": "NOTLogic.MultiGroupsInOneNotCondition", "is_valid": "yes", "groups": [ { "attribute": "ASN_NOT_LOGIC", "group_name": ["ASN1234", "ASN6789", "ASN9001"], "not_flag": 1, - "clause_index": 0 + "condition_index": 0 }, { "attribute": "DESTINATION_IP_ASN", "group_name": "ASN2345", "not_flag": 0, - "clause_index": 1 + "condition_index": 1 } ] }, @@ -1789,20 +1789,20 @@ "action": 1, "do_blacklist": 1, "do_log": 1, - "user_region": "Hierarchy.MultiGroupInOneClause", + "user_region": "Hierarchy.MultiGroupInOneCondition", "is_valid": "yes", "groups": [ { "attribute": "SOURCE_IP_ASN", "group_name": ["ASN1234", "ASN6789", "ASN9001"], "not_flag": 0, - "clause_index": 0 + "condition_index": 0 }, { "attribute": "DESTINATION_IP_ASN", "group_name": "ASN2345", "not_flag": 0, - "clause_index": 1 + "condition_index": 1 } ] }, @@ -1838,26 +1838,26 @@ "action": 1, "do_blacklist": 1, "do_log": 1, - "user_region": "Hierarchy.MultiGroupInOneClause", + "user_region": "Hierarchy.MultiGroupInOneCondition", "is_valid": "yes", "groups": [ { "attribute": "SOURCE_IP_ASN", "group_name": ["ASN1234", "ASN6789", "ASN9001"], "not_flag": 0, - "clause_index": 0 + "condition_index": 0 }, { "attribute": "SOURCE_IP_GEO", "group_name": "Country-Sparta-IP", "not_flag": 0, - "clause_index": 0 + "condition_index": 0 }, { "attribute": "IP_CONFIG", "group_name": "financial-department-ip", "not_flag": 0, - "clause_index": 1 + "condition_index": 1 } ] }, @@ -1867,26 +1867,26 @@ "action": 1, "do_blacklist": 1, "do_log": 1, - "user_region": "NOTLogic.MultiLiteralsInOneNotClause", + "user_region": "NOTLogic.MultiLiteralsInOneNotCondition", "is_valid": "yes", "groups": [ { "attribute": "SOURCE_IP_ASN", "group_name": ["ASN1234", "ASN6789", "ASN9001"], "not_flag": 1, - "clause_index": 0 + "condition_index": 0 }, { "attribute": "IP_PLUS_CONFIG", "group_name": "develop-department-ip", "not_flag": 1, - "clause_index": 0 + "condition_index": 0 }, { "attribute": "SOURCE_IP_GEO", "group_name": "Country-Sparta-IP", "not_flag": 0, - "clause_index": 1 + "condition_index": 1 } ] }, @@ -1948,38 +1948,38 @@ "action": 1, "do_blacklist": 1, "do_log": 1, - "user_region": "NOTLogic.SameAttributeInMultiClause", + "user_region": "NOTLogic.SameAttributeInMultiCondition", "is_valid": "yes", "groups": [ { "attribute": "DESTINATION_IP_ASN", "group_name": ["ASN1234", "ASN6789", "ASN9001"], "not_flag": 1, - "clause_index": 0 + "condition_index": 0 }, { "attribute": "SOURCE_IP_GEO", "group_name": "Country-Sparta-IP", "not_flag": 1, - "clause_index": 0 + "condition_index": 0 }, { "attribute": "DESTINATION_IP_ASN", "group_name": "ASN9002", "not_flag": 1, - "clause_index": 1 + "condition_index": 1 }, { "attribute": "DESTINATION_IP_ASN", "group_name": "ASN9003", "not_flag": 0, - "clause_index": 2 + "condition_index": 2 }, { "attribute": "IP_PLUS_CONFIG", "group_name": "security-department-ip", "not_flag": 0, - "clause_index": 3 + "condition_index": 3 } ] }, @@ -2423,7 +2423,7 @@ "group_name": "ExcludeLogicGroup199_1", "group_id": 189, "is_exclude": 0, - "clause_index": 0, + "condition_index": 0, "regions": [ { "table_name": "HTTP_URL", @@ -2439,7 +2439,7 @@ "group_name": "ExcludeLogicGroup199_2", "group_id": 190, "is_exclude": 1, - "clause_index": 0, + "condition_index": 0, "regions": [ { "table_name": "HTTP_URL", @@ -2474,7 +2474,7 @@ "group_name": "ExcludeLogicGroup200_1", "group_id": 192, "is_exclude": 0, - "clause_index": 0, + "condition_index": 0, "regions": [ { "table_name": "HTTP_URL", @@ -2491,7 +2491,7 @@ "group_name": "ExcludeLogicGroup200_2", "group_id": 193, "is_exclude": 1, - "clause_index": 0, + "condition_index": 0, "regions": [ { "table_name": "HTTP_URL", @@ -2520,7 +2520,7 @@ "attribute": "ATTRIBUTE_IP_PLUS_TABLE", "group_name": "ExcludeLogicGroup202", "group_id": 194, - "clause_index": 0, + "condition_index": 0, "sub_groups":[ { "group_name": "ExcludeLogicGroup202_1", @@ -2581,7 +2581,7 @@ "attribute": "ATTRIBUTE_IP_PLUS_SOURCE", "group_name": "ExcludeLogicGroup203_1", "group_id": 198, - "clause_index": 0, + "condition_index": 0, "regions": [ { "table_name": "IP_PLUS_CONFIG", @@ -2597,7 +2597,7 @@ "attribute": "ATTRIBUTE_IP_PLUS_DESTINATION", "group_name": "ExcludeLogicGroup203_2", "group_id": 199, - "clause_index": 1, + "condition_index": 1, "regions": [ { "table_name": "IP_PLUS_CONFIG", @@ -2612,7 +2612,7 @@ "attribute": "HTTP_RESPONSE_KEYWORDS", "group_name": "ExcludeLogicGroup203_3", "group_id": 200, - "clause_index": 2, + "condition_index": 2, "sub_groups": [ { "group_name": "ExcludeLogicGroup203_3_1", @@ -2661,7 +2661,7 @@ "attribute": "ATTRIBUTE_IP_PLUS_SOURCE", "group_name": "ExcludeLogicGroup204_1", "group_id": 203, - "clause_index": 0, + "condition_index": 0, "regions": [ { "table_name": "IP_PLUS_CONFIG", @@ -2677,7 +2677,7 @@ "attribute": "ATTRIBUTE_IP_PLUS_DESTINATION", "group_name": "ExcludeLogicGroup204_2", "group_id":204, - "clause_index": 1, + "condition_index": 1, "regions": [ { "table_name": "IP_PLUS_CONFIG", @@ -2692,7 +2692,7 @@ "attribute": "HTTP_RESPONSE_KEYWORDS", "group_name": "ExcludeLogicGroup204_3", "group_id": 205, - "clause_index": 2, + "condition_index": 2, "sub_groups": [ { "group_name": "ExcludeLogicGroup204_3_1", @@ -3040,21 +3040,21 @@ "action": 0, "do_blacklist": 0, "do_log": 0, - "user_region": "NOTClause&ExcludeGroup", + "user_region": "NOTCondition&ExcludeGroup", "is_valid": "yes", "groups": [ { "attribute": "HTTP_URL_FILTER", "group_name": "ExcludeLogicGroup200", "not_flag": 0, - "clause_index": 0 + "condition_index": 0 }, { "attribute": "HTTP_RESPONSE_KEYWORDS", - "group_name": "NOTClauseAndExcludeGroup216", + "group_name": "NOTConditionAndExcludeGroup216", "group_id": 221, "not_flag": 1, - "clause_index": 1, + "condition_index": 1, "regions": [ { "table_name": "KEYWORDS_TABLE", @@ -3074,15 +3074,15 @@ "action": 0, "do_blacklist": 0, "do_log": 0, - "user_region": "NOTClause&ExcludeGroup", + "user_region": "NOTCondition&ExcludeGroup", "is_valid": "yes", "groups": [ { "attribute": "HTTP_URL_FILTER", - "group_name": "NOTClauseAndExcludeGroup217_1", + "group_name": "NOTConditionAndExcludeGroup217_1", "group_id": 222, "not_flag": 1, - "clause_index": 0, + "condition_index": 0, "sub_groups": [ { "group_name": "ExcludeLogicGroup217_1_1", @@ -3118,10 +3118,10 @@ }, { "attribute": "HTTP_RESPONSE_KEYWORDS", - "group_name": "NOTClauseAndExcludeGroup217_2", + "group_name": "NOTConditionAndExcludeGroup217_2", "group_id": 225, "not_flag": 0, - "clause_index": 1, + "condition_index": 1, "regions": [ { "table_name": "KEYWORDS_TABLE", @@ -3171,10 +3171,10 @@ "groups": [ { "attribute": "HTTP_DUMMY", - "group_name": "NOTClauseAndExcludeGroup219_1", + "group_name": "NOTConditionAndExcludeGroup219_1", "group_id": 227, "not_flag": 0, - "clause_index": 0, + "condition_index": 0, "regions": [ { "table_name": "KEYWORDS_TABLE", @@ -3188,10 +3188,10 @@ }, { "attribute": "HTTP_DUMMY", - "group_name": "NOTClauseAndExcludeGroup219_2", + "group_name": "NOTConditionAndExcludeGroup219_2", "group_id": 228, "not_flag": 1, - "clause_index": 1, + "condition_index": 1, "regions": [ { "table_name": "KEYWORDS_TABLE", @@ -3205,10 +3205,10 @@ }, { "attribute": "HTTP_DUMMY", - "group_name": "NOTClauseAndExcludeGroup219_3", + "group_name": "NOTConditionAndExcludeGroup219_3", "group_id": 229, "not_flag": 1, - "clause_index": 2, + "condition_index": 2, "regions": [ { "table_name": "KEYWORDS_TABLE", @@ -3222,10 +3222,10 @@ }, { "attribute": "HTTP_DUMMY", - "group_name": "NOTClauseAndExcludeGroup219_4", + "group_name": "NOTConditionAndExcludeGroup219_4", "group_id": 230, "not_flag": 1, - "clause_index": 3, + "condition_index": 3, "regions": [ { "table_name": "KEYWORDS_TABLE", @@ -3239,10 +3239,10 @@ }, { "attribute": "HTTP_DUMMY", - "group_name": "NOTClauseAndExcludeGroup219_5", + "group_name": "NOTConditionAndExcludeGroup219_5", "group_id": 231, "not_flag": 1, - "clause_index": 4, + "condition_index": 4, "regions": [ { "table_name": "KEYWORDS_TABLE", @@ -3256,10 +3256,10 @@ }, { "attribute": "HTTP_DUMMY", - "group_name": "NOTClauseAndExcludeGroup219_6", + "group_name": "NOTConditionAndExcludeGroup219_6", "group_id": 232, "not_flag": 1, - "clause_index": 5, + "condition_index": 5, "regions": [ { "table_name": "KEYWORDS_TABLE", @@ -3273,10 +3273,10 @@ }, { "attribute": "HTTP_DUMMY", - "group_name": "NOTClauseAndExcludeGroup219_7", + "group_name": "NOTConditionAndExcludeGroup219_7", "group_id": 233, "not_flag": 1, - "clause_index": 6, + "condition_index": 6, "regions": [ { "table_name": "KEYWORDS_TABLE", @@ -3290,10 +3290,10 @@ }, { "attribute": "HTTP_DUMMY", - "group_name": "NOTClauseAndExcludeGroup219_8", + "group_name": "NOTConditionAndExcludeGroup219_8", "group_id": 234, "not_flag": 1, - "clause_index": 7, + "condition_index": 7, "regions": [ { "table_name": "KEYWORDS_TABLE", @@ -3318,10 +3318,10 @@ "groups": [ { "attribute": "HTTP_DUMMY", - "group_name": "NOTClauseAndExcludeGroup220_1", + "group_name": "NOTConditionAndExcludeGroup220_1", "group_id": 235, "not_flag": 0, - "clause_index": 0, + "condition_index": 0, "regions": [ { "table_name": "KEYWORDS_TABLE", @@ -3335,10 +3335,10 @@ }, { "attribute": "HTTP_DUMMY", - "group_name": "NOTClauseAndExcludeGroup220_2", + "group_name": "NOTConditionAndExcludeGroup220_2", "group_id": 236, "not_flag": 1, - "clause_index": 1, + "condition_index": 1, "regions": [ { "table_name": "KEYWORDS_TABLE", @@ -3352,10 +3352,10 @@ }, { "attribute": "HTTP_DUMMY", - "group_name": "NOTClauseAndExcludeGroup220_3", + "group_name": "NOTConditionAndExcludeGroup220_3", "group_id": 237, "not_flag": 1, - "clause_index": 2, + "condition_index": 2, "regions": [ { "table_name": "KEYWORDS_TABLE", @@ -3419,7 +3419,7 @@ "action": 0, "do_blacklist": 0, "do_log": 0, - "user_region": "NOTLogic.SingleNotClause", + "user_region": "NOTLogic.SingleNotCondition", "is_valid": "yes", "groups": [ { @@ -3427,7 +3427,7 @@ "group_name": "NOTLogicGroup_222", "group_id": 240, "not_flag": 1, - "clause_index": 0, + "condition_index": 0, "regions": [ { "table_name": "KEYWORDS_TABLE", @@ -3447,7 +3447,7 @@ "action": 0, "do_blacklist": 0, "do_log": 0, - "user_region": "NOTLogic.MultiNotClause", + "user_region": "NOTLogic.MultiNotCondition", "is_valid": "yes", "groups": [ { @@ -3455,7 +3455,7 @@ "group_name": "NOTLogicGroup_223_1", "group_id": 241, "not_flag": 1, - "clause_index": 0, + "condition_index": 0, "regions": [ { "table_name": "KEYWORDS_TABLE", @@ -3472,7 +3472,7 @@ "group_name": "NOTLogicGroup_223_2", "group_id": 242, "not_flag": 1, - "clause_index": 1, + "condition_index": 1, "regions": [ { "table_name": "KEYWORDS_TABLE", @@ -3489,7 +3489,7 @@ "group_name": "NOTLogicGroup_223_1", "group_id": 243, "not_flag": 1, - "clause_index": 2, + "condition_index": 2, "regions": [ { "table_name": "KEYWORDS_TABLE", @@ -3517,7 +3517,7 @@ "group_name": "NOTLogicGroup_224_1", "group_id": 244, "not_flag": 1, - "clause_index": 0, + "condition_index": 0, "regions": [ { "table_name": "KEYWORDS_TABLE", @@ -3534,7 +3534,7 @@ "group_name": "NOTLogicGroup_224_2", "group_id": 245, "not_flag": 0, - "clause_index": 1, + "condition_index": 1, "regions": [ { "table_name": "KEYWORDS_TABLE", @@ -3562,7 +3562,7 @@ "group_name": "EscapeGroup_225_1", "group_id": 246, "not_flag": 0, - "clause_index": 0, + "condition_index": 0, "regions": [ { "table_name": "KEYWORDS_TABLE", @@ -3616,7 +3616,7 @@ "action": 1, "do_blacklist": 1, "do_log": 1, - "user_region": "NotClauseHitPath", + "user_region": "NotConditionHitPath", "is_valid": "yes", "groups": [ { @@ -3624,7 +3624,7 @@ "group_name": "228_url_group", "group_id": 249, "not_flag": 0, - "clause_index": 1, + "condition_index": 1, "regions": [ { "table_name": "HTTP_URL", @@ -3641,7 +3641,7 @@ "group_name": "228_IP_group", "group_id": 250, "not_flag": 1, - "clause_index": 2, + "condition_index": 2, "regions": [ { "table_name": "IP_CONFIG", @@ -3788,7 +3788,7 @@ "group_name": "EscapeGroup_234_1", "group_id": 260, "not_flag": 0, - "clause_index": 0, + "condition_index": 0, "regions": [ { "table_name": "KEYWORDS_TABLE", @@ -3816,7 +3816,7 @@ "group_name": "EscapeGroup_235_1", "group_id": 261, "not_flag": 0, - "clause_index": 0, + "condition_index": 0, "regions": [ { "table_name": "KEYWORDS_TABLE", diff --git a/test/table_info.conf b/test/table_info.conf index 8c65d26..e5deca3 100644 --- a/test/table_info.conf +++ b/test/table_info.conf @@ -7,7 +7,7 @@ "custom": { "rule_id":1, "tags":6, - "clause_num":8 + "condition_num":8 } }, { @@ -19,7 +19,7 @@ "custom": { "rule_id":1, "tags":6, - "clause_num":8 + "condition_num":8 } }, { @@ -33,7 +33,7 @@ "custom": { "rule_id":1, "tags":6, - "clause_num":8 + "condition_num":8 } }, { @@ -49,7 +49,7 @@ "rule_id":2, "not_flag":3, "attribute_name":4, - "clause_index":5 + "condition_index":5 } }, { @@ -60,7 +60,7 @@ "custom": { "rule_id":1, "tags":6, - "clause_num":8 + "condition_num":8 } }, { @@ -72,7 +72,7 @@ "custom": { "rule_id":1, "tags":6, - "clause_num":8 + "condition_num":8 } }, { @@ -86,7 +86,7 @@ "rule_id":2, "not_flag":3, "attribute_name":4, - "clause_index":5 + "condition_index":5 } }, { diff --git a/test/test_utils.cpp b/test/test_utils.cpp index f22ee1f..0fe704e 100644 --- a/test/test_utils.cpp +++ b/test/test_utils.cpp @@ -149,12 +149,12 @@ int write_json_to_redis(const char *json_filename, char *redis_ip, int redis_por int rule_table_set_line(struct maat *maat_inst, const char *table_name, enum maat_operation op, long long rule_id, - const char *user_region, int clause_num, + const char *user_region, int condition_num, int expire_after) { char table_line[1024 * 16] = {0}; sprintf(table_line, "%lld\t0\t0\t0\t0\t0\t%s\t%d\t%d\t0.0", - rule_id, user_region, clause_num, op); + rule_id, user_region, condition_num, op); struct maat_cmd_line line_rule; line_rule.rule_id = rule_id; @@ -165,21 +165,21 @@ int rule_table_set_line(struct maat *maat_inst, const char *table_name, return maat_cmd_set_line(maat_inst, &line_rule); } -#define TO_GROUP2X_KEY(group_id, parent_id, clause_index) \ - (((unsigned long)group_id<<32|parent_id) + clause_index) +#define TO_GROUP2X_KEY(group_id, parent_id, condition_index) \ + (((unsigned long)group_id<<32|parent_id) + condition_index) int group2rule_table_set_line(struct maat *maat_inst, const char *table_name, enum maat_operation op, long long group_id, long long rule_id, int not_flag, - const char *attribute_name, int clause_index, + const char *attribute_name, int condition_index, int expire_after) { char table_line[128] = {0}; sprintf(table_line, "%lld\t%lld\t%d\t%s\t%d\t%d", - group_id, rule_id, not_flag, attribute_name, clause_index, op); + group_id, rule_id, not_flag, attribute_name, condition_index, op); struct maat_cmd_line line_rule; - line_rule.rule_id = TO_GROUP2X_KEY(group_id, rule_id, clause_index); + line_rule.rule_id = TO_GROUP2X_KEY(group_id, rule_id, condition_index); line_rule.table_line = table_line; line_rule.table_name = table_name; line_rule.expire_after = expire_after; diff --git a/test/test_utils.h b/test/test_utils.h index 24e2561..6c44207 100644 --- a/test/test_utils.h +++ b/test/test_utils.h @@ -15,13 +15,13 @@ int write_json_to_iris(const char* json_fn, char *iris_path, size_t path_sz, int rule_table_set_line(struct maat *maat_inst, const char *table_name, enum maat_operation op, long long rule_id, - const char *user_region, int clause_num, + const char *user_region, int condition_num, int expire_after); int group2rule_table_set_line(struct maat *maat_inst, const char *table_name, enum maat_operation op, long long group_id, long long rule_id, int not_flag, - const char *attribute_name, int clause_index, + const char *attribute_name, int condition_index, int expire_after); int group2group_table_set_line(struct maat *maat_inst, const char *table_name,