更新framework, tfe等关键组件。
This commit is contained in:
Lu Qiuwen
Binary file not shown.
Binary file not shown.
Binary file not shown.
@@ -1,191 +0,0 @@
|
||||
#ifndef H_MAAT_COMMAND_H_INCLUDE
|
||||
#define H_MAAT_COMMAND_H_INCLUDE
|
||||
#ifndef __cplusplus
|
||||
#error("This file should be compiled with C++ compiler")
|
||||
#endif
|
||||
#include "Maat_rule.h"
|
||||
enum MAAT_OPERATION
|
||||
{
|
||||
MAAT_OP_DEL=0,
|
||||
MAAT_OP_ADD,
|
||||
MAAT_OP_RENEW_TIMEOUT //Rule expire time is changed to now+cmd->expire_after
|
||||
};
|
||||
enum MAAT_GROUP_RELATION
|
||||
{
|
||||
PARENT_TYPE_COMPILE=0,
|
||||
PARENT_TYPE_GROUP
|
||||
};
|
||||
enum MAAT_REGION_TYPE
|
||||
{
|
||||
REGION_EXPR,
|
||||
REGION_IP,
|
||||
REGION_INTERVAL,
|
||||
REGION_DIGEST,
|
||||
REGION_SIMILARITY
|
||||
};
|
||||
enum MAAT_EXPR_TYPE
|
||||
{
|
||||
EXPR_TYPE_STRING=0,
|
||||
EXPR_TYPE_AND,
|
||||
EXPR_TYPE_REGEX,
|
||||
EXPR_TYPE_OFFSET
|
||||
};
|
||||
enum MAAT_MATCH_METHOD
|
||||
{
|
||||
MATCH_METHOD_SUB=0,
|
||||
MATCH_METHOD_RIGHT,
|
||||
MATCH_METHOD_LEFT,
|
||||
MATCH_METHOD_COMPLETE
|
||||
};
|
||||
|
||||
enum MAAT_CASE_TYPE
|
||||
{
|
||||
UNCASE_PLAIN=0,
|
||||
CASE_HEXBIN,
|
||||
CASE_PLAIN
|
||||
};
|
||||
enum MAAT_ADDR_TYPE
|
||||
{
|
||||
ADDR_TYPE_IPv4=4,
|
||||
ADDR_TYPE_IPv6=6
|
||||
};
|
||||
enum MAAT_ADDR_DIRECTION
|
||||
{
|
||||
ADDR_DIR_DOUBLE=0,
|
||||
ADDR_DIR_SINGLE=1
|
||||
};
|
||||
struct Maat_rgn_str_t
|
||||
{
|
||||
const char *keywords;
|
||||
const char *district;// optional for expr_plus, otherwise set to NULL.
|
||||
enum MAAT_EXPR_TYPE expr_type;
|
||||
enum MAAT_MATCH_METHOD match_method;
|
||||
enum MAAT_CASE_TYPE hex_bin;
|
||||
};
|
||||
struct Maat_rgn_addr_t
|
||||
{
|
||||
enum MAAT_ADDR_TYPE addr_type;
|
||||
const char* src_ip;
|
||||
const char* mask_src_ip;
|
||||
const char* dst_ip;
|
||||
const char* mask_dst_ip;
|
||||
unsigned short src_port;
|
||||
unsigned short mask_src_port;
|
||||
unsigned short dst_port;
|
||||
unsigned short mask_dst_port;
|
||||
unsigned short protocol;
|
||||
enum MAAT_ADDR_DIRECTION direction;
|
||||
};
|
||||
struct Maat_rgn_intv_t
|
||||
{
|
||||
unsigned int low_boundary;
|
||||
unsigned int up_boundary;
|
||||
};
|
||||
struct Maat_rgn_digest_t
|
||||
{
|
||||
unsigned long long orgin_len;
|
||||
const char* digest_string;
|
||||
short confidence_degree;
|
||||
};
|
||||
struct Maat_rgn_sim_t
|
||||
{
|
||||
char* target;
|
||||
short threshold;// 1~100
|
||||
};
|
||||
struct Maat_region_t
|
||||
{
|
||||
const char* table_name;
|
||||
int region_id; //If MAAT_OPT_CMD_AUTO_NUMBERING==1, maat will assigned one. Or users must appoint a unique number.
|
||||
enum MAAT_REGION_TYPE region_type;
|
||||
union
|
||||
{
|
||||
struct Maat_rgn_str_t expr_rule;
|
||||
struct Maat_rgn_addr_t ip_rule;
|
||||
struct Maat_rgn_intv_t interval_rule;
|
||||
struct Maat_rgn_digest_t digest_rule;
|
||||
struct Maat_rgn_sim_t similarity_rule;
|
||||
};
|
||||
};
|
||||
struct Maat_group_t
|
||||
{
|
||||
const char* table_name;
|
||||
int group_id; //If MAAT_OPT_CMD_AUTO_NUMBERING==1, maat will assigned one. Or users must assign a unique number.
|
||||
int parent_id;
|
||||
int not_flag;
|
||||
enum MAAT_GROUP_RELATION parent_type;
|
||||
int region_num;
|
||||
struct Maat_region_t *regions;
|
||||
};
|
||||
struct Maat_cmd_t
|
||||
{
|
||||
//This Struct MUST alloced by Maat_create_cmd(), then released by Maat_free_cmd().
|
||||
struct Maat_rule_t compile; // for MAAT_OP_DEL, only compile.config_id is necessary.
|
||||
int group_num; // for MAAT_OP_DEL, set to 0.
|
||||
int expire_after; //expired after $expire_after$ seconds, set to 0 for never timeout.
|
||||
int label_id; //>0, to be indexed and quried by Maat_cmd_select; =0 not index
|
||||
struct Maat_group_t* groups;// Add regions with Maat_add_region2cmd
|
||||
};
|
||||
struct Maat_line_t
|
||||
{
|
||||
const char* table_name;
|
||||
const char* table_line;
|
||||
int rule_id; // for MAAT_OP_DEL, only rule_id and table_name are necessary.
|
||||
int label_id;
|
||||
int expire_after; //expired after $timeout$ seconds, set to 0 for never timeout.
|
||||
};
|
||||
struct Maat_cmd_t* Maat_create_cmd(const struct Maat_rule_t* rule, int group_num);
|
||||
int Maat_cmd_set_opt(struct Maat_cmd_t* cmd, enum MAAT_RULE_OPT type, const char* val, int size);
|
||||
//input: which_group 0~group_num
|
||||
//input: region can be freed after added.
|
||||
void Maat_add_region2cmd(struct Maat_cmd_t* cmd,int which_group,const struct Maat_region_t* region);
|
||||
|
||||
void Maat_free_cmd(struct Maat_cmd_t* cmd);
|
||||
int Maat_format_cmd(struct Maat_cmd_t* cmd, char* buffer, int size);
|
||||
//Input string of REGION_EXPR and REGION_SIMILARITY need to be escapeed.
|
||||
char* Maat_str_escape(char* dst,int size,const char*src);
|
||||
|
||||
//Deletion failed due to not complete synchronize with Redis.
|
||||
//To make sure the delete command is excecuted, user should try again after MAAT_OPT_SCANDIR_INTERVAL_MS ms.
|
||||
//Returns number of successfully updated rule.
|
||||
//The following functions are NOT thread safe.
|
||||
int Maat_cmd(Maat_feather_t feather,struct Maat_cmd_t* cmd,enum MAAT_OPERATION op);
|
||||
|
||||
//pipeline model
|
||||
int Maat_cmd_append(Maat_feather_t feather,struct Maat_cmd_t* cmd,enum MAAT_OPERATION op);
|
||||
|
||||
//Return number of successfully updated rule.
|
||||
//Return -1 for failed.
|
||||
int Maat_cmd_commit(Maat_feather_t feather);
|
||||
|
||||
|
||||
int Maat_cmd_set_group(Maat_feather_t feather, int group_id, const struct Maat_region_t* region, enum MAAT_OPERATION op);
|
||||
|
||||
//Returns number of successfully updated rule.
|
||||
//Return -1 for failed.
|
||||
int Maat_cmd_set_line(Maat_feather_t feather,const struct Maat_line_t* line_rule, enum MAAT_OPERATION op);
|
||||
int Maat_cmd_set_lines(Maat_feather_t feather,const struct Maat_line_t** line_rule, int line_num ,enum MAAT_OPERATION op);
|
||||
int Maat_cmd_set_file(Maat_feather_t feather,const char* key, const char* value, size_t size, enum MAAT_OPERATION op);
|
||||
|
||||
//Return the value of key after the increment.
|
||||
//If the key does not exist, it is set to 0 before performing the operation.
|
||||
long long Maat_cmd_incrby(Maat_feather_t feather,const char* key, int increment);
|
||||
struct Maat_cmd_key
|
||||
{
|
||||
char* table_name;
|
||||
int rule_id;
|
||||
};
|
||||
void Maat_cmd_key_free(struct Maat_cmd_key**keys, int number);
|
||||
int Maat_cmd_key_select(Maat_feather_t feather, int label_id, struct Maat_cmd_key** keys);
|
||||
int Maat_cmd_select(Maat_feather_t feather, int label_id, int * output_ids, unsigned int size);
|
||||
int Maat_cmd_flushDB(Maat_feather_t feather);
|
||||
|
||||
int Maat_command_raw_set_compile(Maat_feather_t feather, enum MAAT_OPERATION op, const struct Maat_rule_t* compile, const char* table_name, const char * huge_service_defined, int group_num);
|
||||
int Maat_command_raw_set_region(Maat_feather_t feather, enum MAAT_OPERATION op, const struct Maat_region_t* region, int group_id);
|
||||
int Maat_command_raw_set_group(Maat_feather_t feather, enum MAAT_OPERATION op, const struct Maat_group_t* group);
|
||||
|
||||
int Maat_cmd_get_new_group_id(Maat_feather_t feather);
|
||||
int Maat_cmd_get_new_region_id(Maat_feather_t feather);
|
||||
|
||||
|
||||
#endif
|
||||
|
||||
@@ -1,291 +0,0 @@
|
||||
|
||||
/*
|
||||
*****************Maat Deep Packet Inspection Policy Framework********
|
||||
* Maat is the Goddess of truth and justice in ancient Egyptian concept.
|
||||
* Her feather was the measure that determined whether the souls (considered
|
||||
* to reside in the heart) of the departed would reach the paradise of afterlife
|
||||
* successfully.
|
||||
* Author: zhengchao@iie.ac.cn, MESA
|
||||
* Version 2018-12-07 Plugin Extra Data.
|
||||
* NOTE: MUST compile with G++
|
||||
* All right reserved by Institute of Infomation Engineering,Chinese Academic of Science 2014~2018
|
||||
*********************************************************
|
||||
*/
|
||||
#ifndef H_MAAT_RULE_H_INCLUDE
|
||||
#define H_MAAT_RULE_H_INCLUDE
|
||||
#ifndef __cplusplus
|
||||
#error("This file should be compiled with C++ compiler")
|
||||
#endif
|
||||
#include <MESA/stream.h>
|
||||
enum MAAT_CHARSET
|
||||
{
|
||||
CHARSET_NONE=0,
|
||||
CHARSET_GBK,
|
||||
CHARSET_BIG5,
|
||||
CHARSET_UNICODE,
|
||||
CHARSET_UTF8, // 4
|
||||
CHARSET_BIN, //5
|
||||
CHARSET_UNICODE_ASCII_ESC, // Unicode Escape format, prefix backslash-u hex, e.g. "\u627;"
|
||||
CHARSET_UNICODE_ASCII_ALIGNED,//Unicode Escape format, prefix backslash-u with 4 bytes aligned, e.g. "\u0627"
|
||||
CHARSET_UNICODE_NCR_DEC, //SGML Numeric character reference,decimal base, e.g. "ا"
|
||||
CHARSET_UNICODE_NCR_HEX, //SGML Numeric character reference,hexdecimal base, e.g. "ا"
|
||||
CHARSET_URL_ENCODE_GB2312, //URL encode with GB2312, e.g. the chinese word "china" was encoded to %D6%D0%B9%FA
|
||||
CHARSET_URL_ENCODE_UTF8 //11, URL encode with UTF8,e.g. the chinese word "china" was encoded to %E4%B8%AD%E5%9B%BD
|
||||
};
|
||||
enum MAAT_ACTION
|
||||
{
|
||||
MAAT_ACTION_BLOCK=0,
|
||||
MAAT_ACTION_MONIT,
|
||||
MAAT_ACTION_WHITE
|
||||
};
|
||||
enum MAAT_POS_TYPE
|
||||
{
|
||||
MAAT_POSTYPE_EXPR=0,
|
||||
MAAT_POSTYPE_REGEX
|
||||
};
|
||||
typedef void* scan_status_t;
|
||||
typedef void* stream_para_t;
|
||||
typedef void* Maat_feather_t;
|
||||
|
||||
|
||||
#define MAX_SERVICE_DEFINE_LEN 128
|
||||
#define MAX_HUGE_SERVICE_DEFINE_LEN (1024*4)
|
||||
struct Maat_rule_t
|
||||
{
|
||||
int config_id;
|
||||
int service_id;
|
||||
char do_log;
|
||||
char do_blacklist;
|
||||
char action;
|
||||
char reserved;
|
||||
int serv_def_len;
|
||||
char service_defined[MAX_SERVICE_DEFINE_LEN];
|
||||
};
|
||||
#define MAAT_RULE_UPDATE_TYPE_FULL 1
|
||||
#define MAAT_RULE_UPDATE_TYPE_INC 2
|
||||
typedef void Maat_start_callback_t(int update_type,void* u_para);
|
||||
typedef void Maat_update_callback_t(int table_id,const char* table_line,void* u_para);
|
||||
typedef void Maat_finish_callback_t(void* u_para);
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
//--------------------HITTING DETAIL DESCRIPTION BEGIN
|
||||
|
||||
#define MAAT_MAX_HIT_RULE_NUM 8
|
||||
#define MAAT_MAX_EXPR_ITEM_NUM 8
|
||||
#define MAAT_MAX_HIT_POS_NUM 8
|
||||
#define MAAT_MAX_REGEX_GROUP_NUM 8
|
||||
|
||||
//NOTE position buffer as hitting_regex_pos and hit_pos,are ONLY valid before next scan or Maat_stream_scan_string_end
|
||||
struct regex_pos_t
|
||||
{
|
||||
int group_num;
|
||||
int hitting_regex_len;
|
||||
const char* hitting_regex_pos;
|
||||
int grouping_len[MAAT_MAX_REGEX_GROUP_NUM];
|
||||
const char* grouping_pos[MAAT_MAX_REGEX_GROUP_NUM];
|
||||
};
|
||||
struct str_pos_t
|
||||
{
|
||||
int hit_len;
|
||||
const char* hit_pos;
|
||||
};
|
||||
struct sub_item_pos_t
|
||||
{
|
||||
enum MAAT_POS_TYPE ruletype;
|
||||
int hit_cnt;
|
||||
union
|
||||
{
|
||||
struct regex_pos_t regex_pos[MAAT_MAX_HIT_POS_NUM];
|
||||
struct str_pos_t substr_pos[MAAT_MAX_HIT_POS_NUM];
|
||||
};
|
||||
};
|
||||
|
||||
struct Maat_region_pos_t
|
||||
{
|
||||
|
||||
int region_id;
|
||||
int sub_item_num;
|
||||
struct sub_item_pos_t sub_item_pos[MAAT_MAX_EXPR_ITEM_NUM];
|
||||
};
|
||||
|
||||
struct Maat_hit_detail_t
|
||||
{
|
||||
int config_id;//set <0 if half hit;
|
||||
int hit_region_cnt;
|
||||
struct Maat_region_pos_t region_pos[MAAT_MAX_HIT_RULE_NUM];
|
||||
};
|
||||
//--------------------HITTING DETAIL DESCRIPTION END
|
||||
|
||||
//Abondon interface ,left for compatible.
|
||||
Maat_feather_t Maat_summon_feather(int max_thread_num,
|
||||
const char* table_info_path,
|
||||
const char* ful_cfg_dir,
|
||||
const char* inc_cfg_dir,
|
||||
void*logger);//MESA_handle_logger
|
||||
//Abondon interface ,left for compatible.
|
||||
Maat_feather_t Maat_summon_feather_json(int max_thread_num,
|
||||
const char* table_info_path,
|
||||
const char* json_rule,
|
||||
void* logger);
|
||||
|
||||
Maat_feather_t Maat_feather(int max_thread_num,const char* table_info_path,void* logger);
|
||||
int Maat_initiate_feather(Maat_feather_t feather);
|
||||
|
||||
enum MAAT_INIT_OPT
|
||||
{
|
||||
MAAT_OPT_SCANDIR_INTERVAL_MS=1, //VALUE is interger, SIZE=sizeof(int). DEFAULT:1,000 milliseconds.
|
||||
MAAT_OPT_EFFECT_INVERVAL_MS, //VALUE is interger, SIZE=sizeof(int). DEFAULT:60,000 milliseconds.
|
||||
MAAT_OPT_FULL_CFG_DIR, //VALUE is a const char*, MUST end with '\0', SIZE= strlen(string+'\0')+1.DEFAULT: no default.
|
||||
MAAT_OPT_INC_CFG_DIR, //VALUE is a const char*, MUST end with '\0', SIZE= strlen(string+'\0')+1.DEFAULT: no default.
|
||||
MAAT_OPT_JSON_FILE_PATH, //VALUE is a const char*, MUST end with '\0', SIZE= strlen(string+'\0')+1.DEFAULT: no default.
|
||||
MAAT_OPT_STAT_ON, //VALUE is NULL, SIZE is 0. MAAT_OPT_STAT_FILE_PATH must be set. Default: stat OFF.
|
||||
MAAT_OPT_PERF_ON, //VALUE is NULL, SIZE is 0. MAAT_OPT_STAT_FILE_PATH must be set. Default: stat OFF.
|
||||
MAAT_OPT_STAT_FILE_PATH, //VALUE is a const char*, MUST end with '\0', SIZE= strlen(string+'\0')+1. DEFAULT: no default.
|
||||
MAAT_OPT_SCAN_DETAIL, //VALUE is interger *, SIZE=sizeof(int). 0: not return any detail;1: return hit pos, not include regex grouping.
|
||||
// 2 return hit pos and regex grouping pos;DEFAULT:0
|
||||
MAAT_OPT_INSTANCE_NAME, //VALUE is a const char*, MUST end with '\0', SIZE= strlen(string+'\0')+1, no more than 11 bytes.DEFAULT: MAAT_$tableinfo_path$.
|
||||
MAAT_OPT_DECRYPT_KEY, //VALUE is a const char*, MUST end with '\0', SIZE= strlen(string+'\0')+1. No DEFAULT.
|
||||
MAAT_OPT_REDIS_IP, //VALUE is a const char*, MUST end with '\0', SIZE= strlen(string+'\0')+1. No DEFAULT.
|
||||
MAAT_OPT_REDIS_PORT, //VALUE is a unsigned short or a signed int, host order, SIZE= sizeof(unsigned short) or sizeof(int). No DEFAULT.
|
||||
MAAT_OPT_REDIS_INDEX, //VALUE is interger *, 0~15, SIZE=sizeof(int). DEFAULT: 0.
|
||||
MAAT_OPT_CMD_AUTO_NUMBERING, //VALUE is a interger *, 1 or 0, SIZE=sizeof(int). DEFAULT: 1.
|
||||
MAAT_OPT_DEFERRED_LOAD, //VALUE is NULL,SIZE is 0. Default: Deffered initialization OFF.
|
||||
MAAT_OPT_CUMULATIVE_UPDATE_OFF, //VALUE is NULL,SIZE is 0. Default: CUMMULATIVE UPDATE ON.
|
||||
MAAT_OPT_LOAD_VERSION_FROM, //VALUE is a long long, SIZE=sizeof(long long). Default: Load the Latest. Only valid in redis mode, and maybe failed for too old.
|
||||
//This option also disables background update.
|
||||
MAAT_OPT_ENABLE_UPDATE, //VALUE is interger, SIZE=sizeof(int). 1: Enabled, 0:Disabled. DEFAULT: Backgroud update is enabled. Runtime setting is allowed.
|
||||
MAAT_OPT_ACCEPT_TAGS, //VALUE is a const char*, MUST end with '\0', SIZE= strlen(string+'\0')+1. Format is a JSON, e.g.{"tags":[{"tag":"location","value":"Beijing/ChaoYang/Huayan/22A"},{"tag":"isp","value":"telecom"}]}
|
||||
MAAT_OPT_FOREIGN_CONT_DIR, //VALUE is a const char*, MUST end with '\0', SIZE= strlen(string+'\0')+1. Specifies a local diretory to store foreign content. Default: []table_info_path]_files
|
||||
MAAT_OPT_FOREIGN_CONT_LINGER //VALUE is interger *, SIZE=sizeof(int). Greater than 0: delete after VALUE seconds; 0: delete foreign content right after the notification callbacks; Less than 0: NEVER delete. Default: 0.
|
||||
};
|
||||
//return -1 if failed, return 0 on success;
|
||||
int Maat_set_feather_opt(Maat_feather_t feather,enum MAAT_INIT_OPT type,const void* value,int size);
|
||||
enum MAAT_STATE_OPT
|
||||
{
|
||||
MAAT_STATE_VERSION=1, //Get current maat version, if maat is in update progress, the updating version is returned. VALUE is long long, SIZE=sizeof(long long).
|
||||
MAAT_STATE_LAST_UPDATING_TABLE, //Query at Maat_finish_callback_t to determine whether this table is the last one to update. VALUE is interger, SIZE=sizeof(int), 1:yes, 0: no
|
||||
MAAT_STATE_IN_UPDATING
|
||||
};
|
||||
int Maat_read_state(Maat_feather_t feather, enum MAAT_STATE_OPT type, void* value, int size);
|
||||
|
||||
void Maat_burn_feather(Maat_feather_t feather);
|
||||
|
||||
//return table_id(>=0) if success,otherwise return -1;
|
||||
int Maat_table_register(Maat_feather_t feather,const char* table_name);
|
||||
//return 1 if success,otherwise return -1 incase invalid table_id or registed function number exceed 32;
|
||||
int Maat_table_callback_register(Maat_feather_t feather,short table_id,
|
||||
Maat_start_callback_t *start,//MAAT_RULE_UPDATE_TYPE_*,u_para
|
||||
Maat_update_callback_t *update,//table line ,u_para
|
||||
Maat_finish_callback_t *finish,//u_para
|
||||
void* u_para);
|
||||
|
||||
|
||||
enum MAAT_SCAN_OPT
|
||||
{
|
||||
MAAT_SET_SCAN_DISTRICT=1, //VALUE is a const char*,SIZE= strlen(string).DEFAULT: no default.
|
||||
MAAT_SET_SCAN_LAST_REGION //VALUE is NULL, SIZE=0. This option indicates that the follow scan is the last region of current scan cobination.
|
||||
};
|
||||
//return 0 if success, return -1 when failed;
|
||||
int Maat_set_scan_status(Maat_feather_t feather,scan_status_t* mid,enum MAAT_SCAN_OPT type,const void* value,int size);
|
||||
|
||||
//Return hit rule number, return -1 when error occurs,return -2 when hit current region
|
||||
//mid MUST set to NULL before fist call
|
||||
int Maat_scan_intval(Maat_feather_t feather,int table_id
|
||||
,unsigned int intval
|
||||
,struct Maat_rule_t*result,int rule_num
|
||||
,scan_status_t *mid,int thread_num);
|
||||
int Maat_scan_addr(Maat_feather_t feather,int table_id
|
||||
,struct ipaddr* addr
|
||||
,struct Maat_rule_t*result,int rule_num
|
||||
,scan_status_t *mid,int thread_num);
|
||||
int Maat_scan_proto_addr(Maat_feather_t feather,int table_id
|
||||
,struct ipaddr* addr,unsigned short int proto
|
||||
,struct Maat_rule_t*result,int rule_num
|
||||
,scan_status_t *mid,int thread_num);
|
||||
int Maat_full_scan_string(Maat_feather_t feather,int table_id
|
||||
,enum MAAT_CHARSET charset,const char* data,int data_len
|
||||
,struct Maat_rule_t*result,int* found_pos,int rule_num
|
||||
,scan_status_t* mid,int thread_num);
|
||||
//hite_detail could be NULL if unconcern
|
||||
int Maat_full_scan_string_detail(Maat_feather_t feather,int table_id
|
||||
,enum MAAT_CHARSET charset,const char* data,int data_len
|
||||
,struct Maat_rule_t*result,int rule_num,struct Maat_hit_detail_t *hit_detail,int detail_num
|
||||
,int* detail_ret,scan_status_t* mid,int thread_num);
|
||||
|
||||
stream_para_t Maat_stream_scan_string_start(Maat_feather_t feather,int table_id,int thread_num);
|
||||
int Maat_stream_scan_string(stream_para_t* stream_para
|
||||
,enum MAAT_CHARSET charset,const char* data,int data_len
|
||||
,struct Maat_rule_t*result,int* found_pos,int rule_num
|
||||
,scan_status_t* mid);
|
||||
//hited_detail could be NULL if unconcern
|
||||
int Maat_stream_scan_string_detail(stream_para_t* stream_para
|
||||
,enum MAAT_CHARSET charset,const char* data,int data_len
|
||||
,struct Maat_rule_t*result,int rule_num,struct Maat_hit_detail_t *hit_detail,int detail_num
|
||||
,int* detail_ret,scan_status_t* mid);
|
||||
void Maat_stream_scan_string_end(stream_para_t* stream_para);
|
||||
|
||||
stream_para_t Maat_stream_scan_digest_start(Maat_feather_t feather,int table_id,unsigned long long total_len,int thread_num);
|
||||
int Maat_stream_scan_digest(stream_para_t* stream_para
|
||||
,const char* data,int data_len,unsigned long long offset
|
||||
,struct Maat_rule_t*result,int rule_num
|
||||
,scan_status_t* mid);
|
||||
void Maat_stream_scan_digest_end(stream_para_t* stream_para);
|
||||
|
||||
int Maat_similar_scan_string(Maat_feather_t feather,int table_id
|
||||
,const char* data,int data_len
|
||||
,struct Maat_rule_t*result,int rule_num
|
||||
,scan_status_t* mid,int thread_num);
|
||||
|
||||
void Maat_clean_status(scan_status_t* mid);
|
||||
|
||||
typedef void* MAAT_RULE_EX_DATA;
|
||||
// The idx parameter is the index: this will be the same value returned by Maat_rule_get_ex_new_index() when the functions were initially registered.
|
||||
// Finally the argl and argp parameters are the values originally passed to the same corresponding parameters when Maat_rule_get_ex_new_index() was called.
|
||||
typedef void Maat_rule_EX_new_func_t(int idx, const struct Maat_rule_t* rule, const char* srv_def_large,
|
||||
MAAT_RULE_EX_DATA* ad, long argl, void *argp);
|
||||
typedef void Maat_rule_EX_free_func_t(int idx, const struct Maat_rule_t* rule, const char* srv_def_large,
|
||||
MAAT_RULE_EX_DATA* ad, long argl, void *argp);
|
||||
typedef void Maat_rule_EX_dup_func_t(int idx, MAAT_RULE_EX_DATA *to, MAAT_RULE_EX_DATA *from, long argl, void *argp);
|
||||
|
||||
int Maat_rule_get_ex_new_index(Maat_feather_t feather, const char* compile_table_name,
|
||||
Maat_rule_EX_new_func_t* new_func,
|
||||
Maat_rule_EX_free_func_t* free_func,
|
||||
Maat_rule_EX_dup_func_t* dup_func,
|
||||
long argl, void *argp);
|
||||
//returned data is duplicated by dup_func of Maat_rule_get_ex_new_index, caller is responsible to free the data.
|
||||
MAAT_RULE_EX_DATA Maat_rule_get_ex_data(Maat_feather_t feather, const struct Maat_rule_t* rule, int idx);
|
||||
|
||||
//Helper function for parsing space or tab seperated line.
|
||||
//Nth_column: the Nth column is numberd from 1.
|
||||
//Return 0 if success.
|
||||
int Maat_helper_read_column(const char* line, int Nth_column, size_t *column_offset, size_t *column_len);
|
||||
|
||||
|
||||
//Following functions are similar to Maat_rule_get_ex_data, except they are effective on plugin table.
|
||||
typedef void* MAAT_PLUGIN_EX_DATA;
|
||||
typedef void Maat_plugin_EX_new_func_t(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp);
|
||||
typedef void Maat_plugin_EX_free_func_t(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void *argp);
|
||||
typedef void Maat_plugin_EX_dup_func_t(int table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from, long argl, void *argp);
|
||||
typedef int Maat_plugin_EX_key2index_func_t(const char* key);
|
||||
|
||||
int Maat_plugin_EX_register(Maat_feather_t feather, int table_id,
|
||||
Maat_plugin_EX_new_func_t* new_func,
|
||||
Maat_plugin_EX_free_func_t* free_func,
|
||||
Maat_plugin_EX_dup_func_t* dup_func,
|
||||
Maat_plugin_EX_key2index_func_t* key2index_func,
|
||||
long argl, void *argp);
|
||||
//Data is duplicated by dup_func of Maat_plugin_EX_register, caller is responsible to free the data.
|
||||
MAAT_PLUGIN_EX_DATA Maat_plugin_get_EX_data(Maat_feather_t feather, int table_id, const char* key);
|
||||
|
||||
enum MAAT_RULE_OPT
|
||||
{
|
||||
MAAT_RULE_SERV_DEFINE //VALUE is a char* buffer,SIZE= buffer size.
|
||||
};
|
||||
int Maat_read_rule(Maat_feather_t feather, const struct Maat_rule_t* rule, enum MAAT_RULE_OPT type, void* value, int size);
|
||||
|
||||
|
||||
#endif // H_MAAT_RULE_H_INCLUDE
|
||||
|
||||
@@ -1,72 +0,0 @@
|
||||
#ifndef _GRAM_INDEX_ENGINE_
|
||||
#define _GRAM_INDEX_ENGINE_
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
enum GIE_operation
|
||||
{
|
||||
GIE_INSERT_OPT,
|
||||
GIE_DELETE_OPT
|
||||
};
|
||||
enum GIE_INPUT_FORMAT
|
||||
{
|
||||
GIE_INPUT_FORMAT_PLAIN,
|
||||
GIE_INPUT_FORMAT_SFH
|
||||
};
|
||||
|
||||
typedef struct
|
||||
{
|
||||
/* data */
|
||||
}GIE_handle_t;
|
||||
|
||||
|
||||
typedef struct
|
||||
{
|
||||
unsigned int id;
|
||||
unsigned int sfh_length;//size of fuzzy_hash
|
||||
enum GIE_operation operation;//GIE_INSERT_OPT or GIE_DELETE_OPT.if operation is GIE_DELETE_OPT, only id is needed;
|
||||
short cfds_lvl;
|
||||
char * sfh;
|
||||
void * tag;
|
||||
}GIE_digest_t;
|
||||
|
||||
|
||||
typedef struct
|
||||
{
|
||||
unsigned int id;
|
||||
short cfds_lvl;
|
||||
void * tag;
|
||||
}GIE_result_t;
|
||||
|
||||
|
||||
typedef struct
|
||||
{
|
||||
unsigned int gram_value;
|
||||
//unsigned int htable_num;
|
||||
unsigned int position_accuracy;
|
||||
enum GIE_INPUT_FORMAT format; //if format==GIE_INPUT_FORMAT_SFH, means the input string is a GIE_INPUT_FORMAT_SFH string
|
||||
//else id format==PALIN, means the input string is common string
|
||||
int ED_reexamine;//if ED_reexamine==1, calculate edit distance to verify the final result
|
||||
}GIE_create_para_t;
|
||||
|
||||
|
||||
GIE_handle_t * GIE_create(const GIE_create_para_t * para);
|
||||
|
||||
|
||||
int GIE_update(GIE_handle_t * handle, GIE_digest_t ** digests, int size);
|
||||
|
||||
|
||||
//return actual matched result count
|
||||
//return 0 when matched nothing;
|
||||
//return -1 when error occurs;
|
||||
int GIE_query(GIE_handle_t * handle, const char * data, int data_len, GIE_result_t * results, int result_size);
|
||||
|
||||
void GIE_destory(GIE_handle_t * handle);
|
||||
int GIE_string_similiarity(const char *str1, int len1, const char *str2, int len2);
|
||||
int GIE_sfh_similiarity(const char *sfh1, int len1, const char *sfh2, int len2);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
@@ -1,78 +0,0 @@
|
||||
#ifndef _STREAM_FUZZY_HASH_
|
||||
#define _STREAM_FUZZY_HASH_
|
||||
|
||||
/*
|
||||
* Copyright (C) MESA 2015
|
||||
|
||||
*
|
||||
*/
|
||||
|
||||
#include <stdint.h>
|
||||
#include <stdio.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#define TOTAL_LENGTH 0
|
||||
#define EFFECTIVE_LENGTH 1
|
||||
#define HASH_LENGTH 2
|
||||
|
||||
// typedef sfh_instance_t void*;
|
||||
typedef struct
|
||||
{
|
||||
}sfh_instance_t;
|
||||
|
||||
/**
|
||||
* create a fuzzy hash handle and return it.
|
||||
* @return [handle]
|
||||
*/
|
||||
sfh_instance_t * SFH_instance(unsigned long long origin_len);
|
||||
|
||||
/**
|
||||
* destroy context by a fuzzy hash handle.
|
||||
* @param handle [handle]
|
||||
*/
|
||||
void SFH_release(sfh_instance_t * handle);
|
||||
|
||||
/**
|
||||
* Feed the function your data.
|
||||
* Call this function several times, if you have several parts of data to feed.
|
||||
* @param handle [handle]
|
||||
* @param data [data that you want to fuzzy_hash]
|
||||
* @param size [data size]
|
||||
* @param offset [offset]
|
||||
* @return [return effective data length in current feed]
|
||||
*/
|
||||
unsigned int SFH_feed(sfh_instance_t * handle, const char* data, unsigned int size, unsigned long long offset);
|
||||
|
||||
/**
|
||||
* Obtain the fuzzy hash values.
|
||||
* @param handle [handle]
|
||||
* @param result [fuzzy hash result]
|
||||
* Fuzzy hash result with offsets(in the square brackets, with colon splitted).
|
||||
* eg. abc[1:100]def[200:300]
|
||||
* @param size [@result size]
|
||||
* @return [return zero on success, non-zero on error]
|
||||
*/
|
||||
int SFH_digest(sfh_instance_t * handle, char* result, unsigned int size);
|
||||
|
||||
/**
|
||||
* Obtain certain length of fuzzy hash status.
|
||||
* @param handle [handle]
|
||||
* @param type [length type]
|
||||
* TOTAL_LENGTH:Total length of data you have fed.
|
||||
* Overlapped data will NOT count for 2 times.
|
||||
* EFFECTIVE_LENGTH:Length of data that involved in the calculation of hash.
|
||||
* HASH_LENGTH:Hash result length.
|
||||
* @return [length value]
|
||||
*/
|
||||
unsigned long long SFH_status(sfh_instance_t * handle, int type);
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif
|
||||
|
||||
@@ -1 +0,0 @@
|
||||
libmaatframe.so.2
|
||||
@@ -1 +0,0 @@
|
||||
libmaatframe.so.2.7
|
||||
BIN
roles/framework/files/maat/lib/libmaatframe.so.2.7 → roles/framework/files/maat/lib/libmaatframe.so.2.8
Executable file → Normal file
BIN
roles/framework/files/maat/lib/libmaatframe.so.2.7 → roles/framework/files/maat/lib/libmaatframe.so.2.8
Executable file → Normal file
Binary file not shown.
Binary file not shown.
@@ -1,322 +0,0 @@
|
||||
/*
|
||||
*
|
||||
* Copyright (c) 2014
|
||||
* String Algorithms Research Group
|
||||
* Institute of Information Engineering, Chinese Academy of Sciences (IIE-CAS)
|
||||
* National Engineering Laboratory for Information Security Technologies (NELIST)
|
||||
* All rights reserved
|
||||
*
|
||||
* Written by: LIU YANBING (liuyanbing@iie.ac.cn)
|
||||
* Last modification: 2016-06-05
|
||||
*
|
||||
* This code is the exclusive and proprietary property of IIE-CAS and NELIST.
|
||||
* Usage for direct or indirect commercial advantage is not allowed without
|
||||
* written permission from the authors.
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef H_RULE_SCAN_H
|
||||
#define H_RULE_SCAN_H
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C"
|
||||
{
|
||||
#endif
|
||||
|
||||
/* rulescan_set_param<61><6D><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>õIJ<C3B5><C4B2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
|
||||
enum RULESCAN_PARA_NAME
|
||||
{
|
||||
RULESCAN_DETAIL_RESULT=1, /* <20><><EFBFBD><EFBFBD>־λ<D6BE><CEBB>ʾ<EFBFBD><CABE><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ϸ<EFBFBD><CFB8><EFBFBD><EFBFBD>λ<EFBFBD>õ<EFBFBD><C3B5><EFBFBD>Ϣ, optval<61><6C>ΪNULL<4C><4C>optlen<65><6E>Ϊ0<CEAA><30>Ĭ<EFBFBD>ϲ<EFBFBD><CFB2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ϸ<EFBFBD><CFB8>Ϣ*/
|
||||
RULESCAN_REGEX_GROUP =2, /* <20><><EFBFBD><EFBFBD>־λ<D6BE><CEBB>ʾ<EFBFBD><CABE><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽƥ<CABD><C6A5><EFBFBD>ķ<EFBFBD><C4B7><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֶΣ<D6B6><CEA3><EFBFBD>Ҫ<EFBFBD><D2AA><EFBFBD><EFBFBD><EFBFBD><EFBFBD>RULESCAN_DETAIL_RESULT<4C><54>־λ,optval<61><6C>ΪNULL<4C><4C>optlen<65><6E>Ϊ0<CEAA><30>Ĭ<EFBFBD>ϲ<EFBFBD><CFB2><EFBFBD><EFBFBD>ط<EFBFBD><D8B7><EFBFBD><EFBFBD><EFBFBD>Ϣ */
|
||||
RULEACAN_ERRLOG_CLOSE, /* <20><><EFBFBD><EFBFBD>־λ<D6BE><CEBB>ʾ<EFBFBD><CABE><EFBFBD>ر<EFBFBD>Rulescan<61><6E><EFBFBD><EFBFBD><EFBFBD><EFBFBD>־<EFBFBD><D6BE><EFBFBD><EFBFBD><EFBFBD><EFBFBD>optval<61><6C>ΪNULL<4C><4C>optlen<65><6E>Ϊ0<CEAA><30><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>õĻ<C3B5>Ĭ<EFBFBD>ϴ<EFBFBD><CFB4><EFBFBD>Rulescan<61><6E><EFBFBD><EFBFBD><EFBFBD><EFBFBD>־<EFBFBD><D6BE><EFBFBD><EFBFBD> */
|
||||
RULESCAN_ERRLOG_FILE_PATH, /* <20><><EFBFBD><EFBFBD>Rulescan<61><6E><EFBFBD><EFBFBD><EFBFBD><EFBFBD>־<EFBFBD><D6BE>·<EFBFBD><C2B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD><C4BC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>û<EFBFBD><C3BB><EFBFBD><EFBFBD>룬optval<61><6C>ֵΪ<D6B5><CEAA><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD><C4BC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>־·<D6BE><C2B7><EFBFBD><EFBFBD>optlenΪ·<CEAA><C2B7><EFBFBD><EFBFBD><EFBFBD>ȡ<EFBFBD><C8A1><EFBFBD><EFBFBD><EFBFBD>û<EFBFBD><C3BB><EFBFBD>趨<EFBFBD><E8B6A8>
|
||||
<09><><EFBFBD><EFBFBD>־Ĭ<D6BE>ϴ洢<CFB4>ڿ<EFBFBD>ִ<EFBFBD>г<EFBFBD><D0B3><EFBFBD><EFBFBD><EFBFBD>ǰĿ¼<C4BF>µ<EFBFBD>rulescan_tmp<6D><70> */
|
||||
};
|
||||
|
||||
#define MAX_REGEX_GROUP_NUM 5 /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><CABD><EFBFBD><EFBFBD>֧<EFBFBD>ֵ<EFBFBD><D6B5><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ĸ<EFBFBD><C4B8><EFBFBD> */
|
||||
|
||||
#define MAX_EXPR_ITEM_NUM (1U<<3) /* ÿ<><C3BF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><CABD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>MAX_EXPR_ITEM_NUM<55><4D><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
|
||||
#define MAX_MATCH_POS_NUM 1024 /* ÿ<><C3BF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ص<EFBFBD><D8B5><EFBFBD><EFBFBD><EFBFBD>λ<EFBFBD>õĸ<C3B5><C4B8><EFBFBD> */
|
||||
#define MATCH_POS_NUM_INC 64 /* ÿ<><C3BF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ص<EFBFBD><D8B5><EFBFBD><EFBFBD><EFBFBD>λ<EFBFBD>õĸ<C3B5><C4B8><EFBFBD><EFBFBD><EFBFBD>ʼֵ<CABC><D6B5><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֵ */
|
||||
|
||||
/* <20><><EFBFBD>岻ͬ<E5B2BB>Ĺ<EFBFBD><C4B9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
|
||||
const unsigned int RULETYPE_STR = 0; /* <20>ַ<EFBFBD><D6B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ƹ<EFBFBD><C6B9><EFBFBD> */
|
||||
const unsigned int RULETYPE_REG = 1; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><CABD><EFBFBD><EFBFBD> */
|
||||
const unsigned int RULETYPE_INT = 2; /* <20><>ֵ<EFBFBD><D6B5><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
|
||||
const unsigned int RULETYPE_IPv4 = 3; /* IPv4<76><34><EFBFBD><EFBFBD> */
|
||||
const unsigned int RULETYPE_IPv6 = 4; /* IPv6<76><36><EFBFBD><EFBFBD> */
|
||||
|
||||
const unsigned int MAX_RULETYPE = 5; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
|
||||
const unsigned int MAX_SUB_RULETYPE = 4096; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
|
||||
|
||||
/* <20>ַ<EFBFBD><D6B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><CDB9>ɱ<F2A3A8BF>ʾ<EFBFBD>ı<EFBFBD><C4B1>ַ<EFBFBD><D6B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ַ<EFBFBD><D6B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><CABD> */
|
||||
typedef struct _string_rule_t
|
||||
{
|
||||
char * str; /* <20>ַ<EFBFBD><D6B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݣ<EFBFBD><DDA3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><CABD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>'\0'<27><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɲ<EFBFBD>ָ<EFBFBD><D6B8><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
|
||||
unsigned int len; /* <20>ַ<EFBFBD><D6B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
|
||||
unsigned char case_sensitive; /* <20>Ƿ<EFBFBD><C7B7><EFBFBD>Сд<D0A1><D0B4><EFBFBD><EFBFBD>ƥ<EFBFBD>䣨1<E4A3A8><31><EFBFBD><EFBFBD><EFBFBD>У<EFBFBD>0<EFBFBD><30><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>У<EFBFBD> */
|
||||
unsigned char match_mode; /* ƥ<><C6A5>ģʽ<C4A3><CABD><EFBFBD>Ӵ<EFBFBD>ƥ<EFBFBD>䣨0<E4A3A8><30><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ƥ<EFBFBD>䣨1<E4A3A8><31><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ծ<EFBFBD>ȷ<EFBFBD><C8B7>ƥ<EFBFBD><C6A5><EFBFBD><EFBFBD>Ч */
|
||||
int l_offset; /* <20><>ʾģʽ<C4A3><CABD>ֻ<EFBFBD><D6BB><EFBFBD><EFBFBD><EFBFBD>ı<EFBFBD><C4B1><EFBFBD>Χ[l_offset, r_offset]<5D>г<EFBFBD><D0B3>֣<EFBFBD>-1<><31>ʾ<EFBFBD><CABE><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,-2<><32>ʾ<EFBFBD><CABE>ƥ<EFBFBD>䣻<EFBFBD><E4A3BB><EFBFBD>Ծ<EFBFBD>ȷ<EFBFBD><C8B7>ƥ<EFBFBD><C6A5><EFBFBD><EFBFBD>Ч */
|
||||
int r_offset; /* <20><>ʾģʽ<C4A3><CABD>ֻ<EFBFBD><D6BB><EFBFBD><EFBFBD><EFBFBD>ı<EFBFBD><C4B1><EFBFBD>Χ[l_offset, r_offset]<5D>г<EFBFBD><D0B3>֣<EFBFBD>-1<><31>ʾ<EFBFBD><CABE><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,-2<><32>ʾ<EFBFBD><CABE>ƥ<EFBFBD>䣻<EFBFBD><E4A3BB><EFBFBD>Ծ<EFBFBD>ȷ<EFBFBD><C8B7>ƥ<EFBFBD><C6A5><EFBFBD><EFBFBD>Ч */
|
||||
}string_rule_t;
|
||||
|
||||
/* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֵ<EFBFBD><D6B5><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʾ<EFBFBD><CABE><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>[lb, ub] */
|
||||
typedef struct _interval_rule_t
|
||||
{
|
||||
unsigned int lb; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>½磨<C2BD><E7A3A8><EFBFBD><EFBFBD>lb<6C><62><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ĭ<EFBFBD><C4AC>Ϊ0 */
|
||||
unsigned int ub; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>½磨<C2BD><E7A3A8><EFBFBD><EFBFBD>ub<75><62><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ĭ<EFBFBD><C4AC>Ϊ0 */
|
||||
}interval_rule_t;
|
||||
|
||||
/* IPv4<76><34><EFBFBD><EFBFBD> */
|
||||
typedef struct _ipv4_rule_t
|
||||
{
|
||||
unsigned int min_saddr; /* Դ<><D4B4>ַ<EFBFBD>½磻0<E7A3BB><30>ʾ<EFBFBD><CABE><EFBFBD>Ա<EFBFBD><D4B1>ֶ<EFBFBD> */
|
||||
unsigned int max_saddr; /* Դ<><D4B4>ַ<EFBFBD>Ͻ磻0<E7A3BB><30>ʾ<EFBFBD>̶<EFBFBD>IP=min_saddr */
|
||||
unsigned int min_daddr; /* Ŀ<>ĵ<EFBFBD>ַ<EFBFBD>½磻0<E7A3BB><30>ʾ<EFBFBD><CABE><EFBFBD>Ա<EFBFBD><D4B1>ֶ<EFBFBD> */
|
||||
unsigned int max_daddr; /* Ŀ<>ĵ<EFBFBD>ַ<EFBFBD>Ͻ磻0<E7A3BB><30>ʾ<EFBFBD>̶<EFBFBD>IP=min_daddr */
|
||||
unsigned short min_sport; /* Դ<>˿ڷ<CBBF>Χ<EFBFBD>½磻0<E7A3BB><30>ʾ<EFBFBD><CABE><EFBFBD>Ա<EFBFBD><D4B1>ֶ<EFBFBD> */
|
||||
unsigned short max_sport; /* Դ<>˿ڷ<CBBF>Χ<EFBFBD>Ͻ磻0<E7A3BB><30>ʾ<EFBFBD>̶<EFBFBD><CCB6>˿<EFBFBD>=min_sport */
|
||||
unsigned short min_dport; /* Ŀ<>Ķ˿ڷ<CBBF>Χ<EFBFBD>½磻0<E7A3BB><30>ʾ<EFBFBD><CABE><EFBFBD>Ա<EFBFBD><D4B1>ֶ<EFBFBD> */
|
||||
unsigned short max_dport; /* Ŀ<>Ķ˿ڷ<CBBF>Χ<EFBFBD>Ͻ磻0<E7A3BB><30>ʾ<EFBFBD>̶<EFBFBD><CCB6>˿<EFBFBD>=min_dport */
|
||||
unsigned short proto; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Э<EFBFBD>飬6<E9A3AC><36>ʾTCP<43><50>17<31><37>ʾUDP<44><50>0<EFBFBD><30>ʾ<EFBFBD><CABE><EFBFBD>Ա<EFBFBD><D4B1>ֶ<EFBFBD> */
|
||||
unsigned short direction; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>0<EFBFBD><30>ʾ˫<CABE><CBAB><EFBFBD><EFBFBD>1<EFBFBD><31>ʾ<EFBFBD><CABE><EFBFBD><EFBFBD> */
|
||||
}ipv4_rule_t;
|
||||
|
||||
/* IPv6<76><36><EFBFBD><EFBFBD> */
|
||||
typedef struct _ipv6_rule_t
|
||||
{
|
||||
unsigned int min_saddr[4]; /* Դ<><D4B4>ַ<EFBFBD>½磻ȫ0<C8AB><30>ʾ<EFBFBD><CABE><EFBFBD>Ա<EFBFBD><D4B1>ֶ<EFBFBD> */
|
||||
unsigned int max_saddr[4]; /* Դ<><D4B4>ַ<EFBFBD>Ͻ磻ȫ0<C8AB><30>ʾ<EFBFBD>̶<EFBFBD>IP=min_saddr */
|
||||
unsigned int min_daddr[4]; /* Ŀ<>ĵ<EFBFBD>ַ<EFBFBD>½磻ȫ0<C8AB><30>ʾ<EFBFBD><CABE><EFBFBD>Ա<EFBFBD><D4B1>ֶ<EFBFBD> */
|
||||
unsigned int max_daddr[4]; /* Ŀ<>ĵ<EFBFBD>ַ<EFBFBD>Ͻ磻ȫ0<C8AB><30>ʾ<EFBFBD>̶<EFBFBD>IP=min_daddr */
|
||||
unsigned short min_sport; /* Դ<>˿ڷ<CBBF>Χ<EFBFBD>½磻0<E7A3BB><30>ʾ<EFBFBD><CABE><EFBFBD>Ա<EFBFBD><D4B1>ֶ<EFBFBD> */
|
||||
unsigned short max_sport; /* Դ<>˿ڷ<CBBF>Χ<EFBFBD>Ͻ磻0<E7A3BB><30>ʾ<EFBFBD>̶<EFBFBD><CCB6>˿<EFBFBD>=min_sport */
|
||||
unsigned short min_dport; /* Ŀ<>Ķ˿ڷ<CBBF>Χ<EFBFBD>½磻0<E7A3BB><30>ʾ<EFBFBD><CABE><EFBFBD>Ա<EFBFBD><D4B1>ֶ<EFBFBD> */
|
||||
unsigned short max_dport; /* Ŀ<>Ķ˿ڷ<CBBF>Χ<EFBFBD>Ͻ磻0<E7A3BB><30>ʾ<EFBFBD>̶<EFBFBD><CCB6>˿<EFBFBD>=min_dport */
|
||||
unsigned short proto; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Э<EFBFBD>飬6<E9A3AC><36>ʾTCP<43><50>17<31><37>ʾUDP<44><50><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ĭ<EFBFBD><C4AC>Ϊ0 */
|
||||
unsigned short direction; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>0<EFBFBD><30>ʾ˫<CABE><CBAB><EFBFBD><EFBFBD>1<EFBFBD><31>ʾ<EFBFBD><CABE><EFBFBD><EFBFBD> */
|
||||
}ipv6_rule_t;
|
||||
|
||||
/* ͨ<>õĹ<C3B5><C4B9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
|
||||
typedef struct _scan_rule_t
|
||||
{
|
||||
unsigned int rule_type; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͣ<EFBFBD><CDA3><EFBFBD><EFBFBD><EFBFBD>Ϊ<EFBFBD><CEAA><EFBFBD><EFBFBD>ö<EFBFBD>ٹ<EFBFBD><D9B9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֮һ */
|
||||
unsigned int sub_type; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͣ<EFBFBD><CDA3>û<EFBFBD><C3BB>Զ<EFBFBD><D4B6>壬<EFBFBD><E5A3AC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><CDB8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>MAX_SUB_RULETYPE<50><45><EFBFBD><EFBFBD>ǰ<EFBFBD>Ķ<EFBFBD><C4B6>壩 */
|
||||
union /* <20><><EFBFBD><EFBFBD>rule_type<70><65><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ַ<EFBFBD><D6B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֵ<EFBFBD><D6B5><EFBFBD>䡢<EFBFBD><E4A1A2><EFBFBD><EFBFBD>IP<49><50><EFBFBD><EFBFBD> */
|
||||
{
|
||||
string_rule_t string_rule; /* <20>ַ<EFBFBD><D6B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ַ<EFBFBD><D6B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ơ<EFBFBD><C6A1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><CABD> */
|
||||
interval_rule_t interval_rule; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֵ<EFBFBD><D6B5><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
|
||||
ipv4_rule_t ipv4_rule; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>IPv4<76><34><EFBFBD><EFBFBD> */
|
||||
ipv6_rule_t ipv6_rule; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>IPv6<76><36><EFBFBD><EFBFBD> */
|
||||
};
|
||||
}scan_rule_t;
|
||||
|
||||
/* һ<><D2BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><CABD><EFBFBD><EFBFBD> */
|
||||
typedef struct _boolean_expr_t
|
||||
{
|
||||
unsigned int expr_id; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><CABD>ID */
|
||||
unsigned int operation; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽִ<CABD>еIJ<D0B5><C4B2><EFBFBD><EFBFBD><EFBFBD>0<EFBFBD><30>ʾ<EFBFBD><CABE><EFBFBD>ӣ<EFBFBD>1<EFBFBD><31>ʾɾ<CABE><C9BE> */
|
||||
unsigned int rnum; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><CABD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ٸ<EFBFBD><D9B8><EFBFBD><EEA3BB><EFBFBD><EFBFBD>operation=1<><31><EFBFBD><EFBFBD>rnum=0<><30><EFBFBD><EFBFBD> */
|
||||
scan_rule_t * rules; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><CABD><EFBFBD><EFBFBD><EEA3BB><EFBFBD><EFBFBD>operation=1<><31><EFBFBD><EFBFBD>rules=NULL<4C><4C><EFBFBD><EFBFBD> */
|
||||
void * tag; /* <20>û<EFBFBD><C3BB>Զ<EFBFBD><D4B6><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݣ<EFBFBD><DDA3><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1>ƥ<EFBFBD><C6A5><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
|
||||
}boolean_expr_t;
|
||||
|
||||
|
||||
/* <20><>ɨ<EFBFBD><C9A8><EFBFBD><EFBFBD><EFBFBD>ı<EFBFBD><C4B1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
|
||||
typedef struct _text_data_t
|
||||
{
|
||||
const char * text; /* <20>ı<EFBFBD><C4B1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
|
||||
unsigned int tlen; /* <20>ı<EFBFBD><C4B1><EFBFBD><EFBFBD>ݳ<EFBFBD><DDB3><EFBFBD> */
|
||||
int toffset;/* <20><><EFBFBD><EFBFBD><EFBFBD>ı<EFBFBD><C4B1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>е<EFBFBD>ƫ<EFBFBD><C6AB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽɨ<CABD><C9A8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ч<EFBFBD><D0A7><EFBFBD><EFBFBD><EFBFBD>û<EFBFBD><C3BB><EFBFBD><EFBFBD>룬<EFBFBD><EBA3AC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϊ0(<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϊ0) */
|
||||
}text_data_t;
|
||||
|
||||
/* <20><>ɨ<EFBFBD><C9A8><EFBFBD><EFBFBD>IPv4Ԫ<34><D4AA> */
|
||||
typedef struct _ipv4_data_t
|
||||
{
|
||||
unsigned int saddr; /* ԴIP<49><50>ַ */
|
||||
unsigned int daddr; /* Ŀ<><C4BF>IP<49><50>ַ */
|
||||
unsigned short int sport; /* Դ<>˿<EFBFBD> */
|
||||
unsigned short int dport; /* Ŀ<>Ķ˿<C4B6> */
|
||||
unsigned short int proto; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Э<EFBFBD>飬6<E9A3AC><36>ʾTCP<43><50>17<31><37>ʾUDP */
|
||||
}ipv4_data_t;
|
||||
|
||||
/* <20><>ɨ<EFBFBD><C9A8><EFBFBD><EFBFBD>IPv6Ԫ<36><D4AA> */
|
||||
typedef struct _ipv6_data_t
|
||||
{
|
||||
unsigned int saddr[4]; /* ԴIP<49><50>ַ */
|
||||
unsigned int daddr[4]; /* Ŀ<><C4BF>IP<49><50>ַ */
|
||||
unsigned short int sport; /* Դ<>˿<EFBFBD> */
|
||||
unsigned short int dport; /* Ŀ<>Ķ˿<C4B6> */
|
||||
unsigned short int proto; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Э<EFBFBD>飬6<E9A3AC><36>ʾTCP<43><50>17<31><37>ʾUDP */
|
||||
}ipv6_data_t;
|
||||
|
||||
/* ͨ<>õĴ<C3B5>ɨ<EFBFBD><C9A8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
|
||||
typedef struct _scan_data_t
|
||||
{
|
||||
unsigned int rule_type; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͣ<EFBFBD><CDA3><EFBFBD><EFBFBD><EFBFBD>Ϊ<EFBFBD><CEAA><EFBFBD><EFBFBD>ö<EFBFBD>ٹ<EFBFBD><D9B9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֮һ */
|
||||
unsigned int sub_type; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͣ<EFBFBD><CDA3>û<EFBFBD><C3BB>Զ<EFBFBD><D4B6>壬<EFBFBD><E5A3AC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><CDB8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>MAX_SUB_RULETYPE<50><45><EFBFBD><EFBFBD>ǰ<EFBFBD>Ķ<EFBFBD><C4B6>壩 */
|
||||
union /* <20><><EFBFBD><EFBFBD>rule_type<70><65><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݸ<EFBFBD><DDB8><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ַ<EFBFBD><D6B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֵ<EFBFBD><D6B5><EFBFBD><EFBFBD><EFBFBD><EFBFBD>IPԪ<50><D4AA> */
|
||||
{
|
||||
text_data_t text_data; /* <20><>ɨ<EFBFBD><C9A8><EFBFBD>ı<EFBFBD><C4B1><EFBFBD><EFBFBD>ݣ<EFBFBD><DDA3><EFBFBD>ƥ<EFBFBD><C6A5><EFBFBD>ַ<EFBFBD><D6B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ơ<EFBFBD><C6A1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><CABD> */
|
||||
unsigned int int_data; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֵ<EFBFBD><D6B5><EFBFBD><EFBFBD>ƥ<EFBFBD><C6A5><EFBFBD><EFBFBD>ֵ<EFBFBD><D6B5><EFBFBD>䣩 */
|
||||
ipv4_data_t ipv4_data; /* <20><>ɨ<EFBFBD><C9A8><EFBFBD><EFBFBD>IPv4Ԫ<34><D4AA> */
|
||||
ipv6_data_t ipv6_data; /* <20><>ɨ<EFBFBD><C9A8><EFBFBD><EFBFBD>IPv6Ԫ<36><D4AA> */
|
||||
};
|
||||
}scan_data_t;
|
||||
|
||||
/*
|
||||
ɨ<><C9A8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>scan_result_t<5F><74>rule_result_t˵<74><CBB5><EFBFBD><EFBFBD>
|
||||
1<><31><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>е<EFBFBD>ÿ<EFBFBD><C3BF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><CABD>һ<EFBFBD><D2BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><CABD>Ӧһ<D3A6><D2BB>scan_result_t<5F><74><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ò<EFBFBD><C3B2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><CABD><EFBFBD><EFBFBD>rnum<75><6D><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ÿ<EFBFBD><C3BF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ӧ<EFBFBD><D3A6>һ<EFBFBD><D2BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD>scan_result_t::result[k]<5D><>0<=k<rnum<75><6D><EFBFBD><EFBFBD>
|
||||
|
||||
2<><32><EFBFBD><EFBFBD><EFBFBD>ھ<EFBFBD>ȷ<EFBFBD>ַ<EFBFBD><D6B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>position<6F><6E>length<74><68><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>£<EFBFBD>
|
||||
<09><><EFBFBD>еľ<D0B5>ȷ<EFBFBD>ַ<EFBFBD><D6B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>result_num<75><6D>ƥ<EFBFBD><C6A5><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>i<EFBFBD><69>0<=i<result_num<75><6D><EFBFBD><EFBFBD>ƥ<EFBFBD><C6A5><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʼλ<CABC>úͳ<C3BA><CDB3>ȷֱ<C8B7><D6B1>ǣ<EFBFBD>
|
||||
(position[i], length[i])
|
||||
|
||||
3<><33><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><CABD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>position<6F><6E>length<74><68><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>£<EFBFBD>
|
||||
<09><><EFBFBD>е<EFBFBD><D0B5><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><CABD><EFBFBD><EFBFBD>result_num<75><6D>ƥ<EFBFBD><C6A5><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ÿ<EFBFBD><C3BF>ƥ<EFBFBD><C6A5><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>group_num+1<><31><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ԫ<EFBFBD>ء<EFBFBD><D8A1><EFBFBD><EFBFBD>ڵ<EFBFBD>i<EFBFBD><69>0<=i<result_num<75><6D><EFBFBD><EFBFBD>ƥ<EFBFBD><C6A5><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
<09><>a<EFBFBD><61><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽƥ<CABD><C6A5><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʼλ<CABC>úͳ<C3BA><CDB3>ȷֱ<C8B7><D6B1>ǣ<EFBFBD>
|
||||
(position[(group_num+1)*i], length[(group_num+1)*i])
|
||||
<09><>b<EFBFBD><62><EFBFBD><EFBFBD>j<EFBFBD><6A>0<=j<group_num<75><6D><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʼλ<CABC>úͳ<C3BA><CDB3>ȷֱ<C8B7><D6B1>ǣ<EFBFBD>
|
||||
(position[(group_num+1)*i+j+1], length[(group_num+1)*i+j+1])
|
||||
*/
|
||||
|
||||
/* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɨ<EFBFBD><C9A8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
|
||||
typedef struct _rule_result_t
|
||||
{
|
||||
unsigned int rule_type; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͣ<EFBFBD><CDA3><EFBFBD><EFBFBD><EFBFBD>Ϊ<EFBFBD><CEAA><EFBFBD><EFBFBD>ö<EFBFBD>ٹ<EFBFBD><D9B9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֮һ */
|
||||
unsigned int group_num; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><CABD><EFBFBD><EFBFBD><CDB9><EFBFBD><F2A3ACB1>ֶα<D6B6>ʾ<EFBFBD><CABE><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>飨capturing group<75><70><EFBFBD>ĸ<EFBFBD><C4B8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϊ0 */
|
||||
unsigned int result_num; /* <20>ù<EFBFBD><C3B9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>н<EFBFBD><D0BD><EFBFBD><EFBFBD>ĸ<EFBFBD><C4B8><EFBFBD> */
|
||||
unsigned int position[MAX_MATCH_POS_NUM]; /* <20>ù<EFBFBD><C3B9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>н<EFBFBD><D0BD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʼλ<CABC><CEBB> */
|
||||
unsigned int length[MAX_MATCH_POS_NUM]; /* <20>ù<EFBFBD><C3B9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>н<EFBFBD><D0BD><EFBFBD><EFBFBD>ij<EFBFBD><C4B3>ȣ<EFBFBD><C8A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>н<EFBFBD><D0BD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ǰ<EFBFBD><C7B0><EFBFBD><EFBFBD><EFBFBD>ݰ<EFBFBD><DDB0><EFBFBD><EFBFBD><EFBFBD><EFBFBD>еģ<D0B5><C4A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ö<EFBFBD>Ӧ<EFBFBD><D3A6>length=0, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>IP<49>࣬<EFBFBD><E0A3AC><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϊ0*/
|
||||
}rule_result_t;
|
||||
|
||||
/* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><CABD>ɨ<EFBFBD><C9A8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
|
||||
typedef struct _scan_result_t
|
||||
{
|
||||
unsigned int expr_id; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><CABD>ID */
|
||||
unsigned int rnum; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><CABD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ٸ<EFBFBD><D9B8><EFBFBD><EFBFBD><EFBFBD> */
|
||||
rule_result_t result[MAX_EXPR_ITEM_NUM]; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><CABD>ÿ<EFBFBD><C3BF><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ӧ<EFBFBD><D3A6>ɨ<EFBFBD><C9A8><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
|
||||
void * tag; /* <20>û<EFBFBD><C3BB>Զ<EFBFBD><D4B6><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݣ<EFBFBD><DDA3><EFBFBD><EFBFBD><EFBFBD>ʱ<EFBFBD><CAB1>ƥ<EFBFBD><C6A5><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
|
||||
}scan_result_t;
|
||||
|
||||
/*
|
||||
<09><><EFBFBD>ܣ<EFBFBD>ɨ<EFBFBD><C9A8><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʼ<EFBFBD><CABC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɨ<EFBFBD><C9A8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
<09><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
max_thread_num [in]: ɨ<><C9A8><EFBFBD><EFBFBD><EFBFBD>ɲ<EFBFBD><C9B2><EFBFBD>ִ<EFBFBD>е<EFBFBD><D0B5>߳<EFBFBD><DFB3><EFBFBD><EFBFBD><EFBFBD>
|
||||
<09><><EFBFBD><EFBFBD>ֵ<EFBFBD><D6B5>
|
||||
ɨ<><C9A8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֵΪNULLʱ<4C><CAB1><EFBFBD><EFBFBD>ʾ<EFBFBD><CABE>ʼ<EFBFBD><CABC>ʧ<EFBFBD>ܡ<EFBFBD>
|
||||
*/
|
||||
void * rulescan_initialize(unsigned int max_thread_num);
|
||||
|
||||
/*
|
||||
<09><><EFBFBD>ܣ<EFBFBD>
|
||||
<09><><EFBFBD><EFBFBD>ɨ<EFBFBD><C9A8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>rulescan_update֮ǰ<D6AE>ɶ<EFBFBD><C9B6>ε<EFBFBD><CEB5>ã<EFBFBD>ÿ<EFBFBD><C3BF><EFBFBD><EFBFBD><EFBFBD><EFBFBD>һ<EFBFBD><D2BB>ɨ<EFBFBD><C9A8><EFBFBD><EFBFBD><EFBFBD>͡<EFBFBD>Rulescan<61><6E>Ĭ<EFBFBD>ϲ<EFBFBD><CFB2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>λ<EFBFBD>õ<EFBFBD><C3B5><EFBFBD>ϸ<EFBFBD><CFB8>Ϣ
|
||||
<09><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
instance[in]: ɨ<><C9A8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ָ<EFBFBD>룻
|
||||
optname [in]: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͣ<EFBFBD>
|
||||
optval [in]: optval<61><6C>optlen<65><6E>ʾ<EFBFBD><CABE><EFBFBD><EFBFBD><EFBFBD>ľ<EFBFBD><C4BE><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݣ<EFBFBD>
|
||||
optlen [in]: optval<61><6C>optlen<65><6E>ʾ<EFBFBD><CABE><EFBFBD><EFBFBD><EFBFBD>ľ<EFBFBD><C4BE><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ݡ<EFBFBD>
|
||||
<09><><EFBFBD><EFBFBD>ֵ<EFBFBD><D6B5>
|
||||
1<><31><EFBFBD><EFBFBD>ȷ<EFBFBD><C8B7><EFBFBD>ã<EFBFBD>-1<><31><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʧ<EFBFBD>ܡ<EFBFBD>
|
||||
*/
|
||||
int rulescan_set_param(void * instance, enum RULESCAN_PARA_NAME optname, const void * optval, unsigned int optlen);
|
||||
|
||||
/*
|
||||
<09><><EFBFBD>ܣ<EFBFBD><DCA3><EFBFBD>̬ע<CCAC><D7A2>һ<EFBFBD><D2BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><CABD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɨ<EFBFBD><C9A8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><F3A1A3B6><EFBFBD>ͬһ<CDAC><D2BB>instance<63><65><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͬʱ<CDAC>ж<EFBFBD><D0B6><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>̡߳<DFB3>
|
||||
<09><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
instance[in]: ɨ<><C9A8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ָ<EFBFBD>룻
|
||||
expr_array[in]: һ<><D2BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><CABD>
|
||||
epxr_num[in]: <09><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD>ĸ<EFBFBD><C4B8><EFBFBD><EFBFBD><EFBFBD>
|
||||
failed_ids[out]: <09>Ƿ<EFBFBD><C7B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>id<69><64>failed_ids[0]<5D><>ʾ<EFBFBD>Ƿ<EFBFBD>id<69>ĸ<EFBFBD><C4B8><EFBFBD><EFBFBD><EFBFBD>failed_ids[1...failed_ids[0]]<5D><>¼<EFBFBD>Ƿ<EFBFBD>id<69><64>Ŀǰֻ<C7B0>Ժ<EFBFBD>һ<EFBFBD><D2BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>಼<EFBFBD><E0B2BC><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><CABD>Ч<EFBFBD><D0A7>
|
||||
failed_size[in]: failed_ids<64><73><EFBFBD><EFBFBD><EFBFBD>Ĵ<EFBFBD>С<EFBFBD><D0A1>
|
||||
<09><><EFBFBD><EFBFBD>ֵ<EFBFBD><D6B5>
|
||||
<09><><EFBFBD><EFBFBD>ֵΪ1ʱ<31><CAB1><EFBFBD><EFBFBD>ʾע<CABE><D7A2><EFBFBD>ɹ<EFBFBD><C9B9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֵΪ-1ʱ<31><CAB1><EFBFBD><EFBFBD>ʾ<EFBFBD><CABE><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
*/
|
||||
int rulescan_update(void * instance, boolean_expr_t * expr_array, unsigned int expr_num, unsigned int * failed_ids, unsigned int failed_size);
|
||||
|
||||
/*
|
||||
<09><><EFBFBD>ܣ<EFBFBD><DCA3>ͷ<EFBFBD>ɨ<EFBFBD><C9A8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><F3A3BBB1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>һ<EFBFBD>Ρ<EFBFBD>
|
||||
<09><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
instance [in]: ɨ<><C9A8><EFBFBD><EFBFBD>ָ<EFBFBD>롣
|
||||
<09><><EFBFBD><EFBFBD>ֵ<EFBFBD><D6B5>
|
||||
<09>ޡ<EFBFBD>
|
||||
*/
|
||||
void rulescan_destroy(void * instance);
|
||||
|
||||
/*
|
||||
<09><><EFBFBD>ܣ<EFBFBD><DCA3><EFBFBD><EFBFBD><EFBFBD>һ<EFBFBD><D2BB><EFBFBD><EFBFBD>ʽɨ<CABD>裬<EFBFBD><E8A3AC><EFBFBD>뱣<EFBFBD><EBB1A3><EFBFBD><EFBFBD>״̬<D7B4>IJ<EFBFBD><C4B2><EFBFBD><EFBFBD><EFBFBD>
|
||||
<09><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
instance [in]: ɨ<><C9A8><EFBFBD><EFBFBD>ָ<EFBFBD>룻
|
||||
thread_id [in]: <20><>ǰִ<C7B0><D6B4>ɨ<EFBFBD><C9A8><EFBFBD><EFBFBD><EFBFBD>߳<EFBFBD>id<69><64><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ڷ<EFBFBD>Χ[0, max_thread_num-1]֮<>ڡ<EFBFBD>
|
||||
<09><><EFBFBD><EFBFBD>ֵ<EFBFBD><D6B5>
|
||||
<09><><EFBFBD>ر<EFBFBD><D8B1><EFBFBD><EFBFBD><EFBFBD>״̬<D7B4>IJ<EFBFBD><C4B2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֵΪNULLʱ<4C><CAB1><EFBFBD><EFBFBD>ʾʧ<CABE>ܡ<EFBFBD>
|
||||
*/
|
||||
void * rulescan_startstream(void * instance, unsigned int thread_id);
|
||||
|
||||
/*
|
||||
<09><><EFBFBD>ܣ<EFBFBD><DCA3><EFBFBD>ʽɨ<CABD><C9A8><EFBFBD>ӿڣ<D3BF>ɨ<EFBFBD><C9A8>һ<EFBFBD><D2BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD>scan_data<74><61><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>м<EFBFBD>ɨ<EFBFBD><C9A8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>״̬stream_param<61>У<EFBFBD>
|
||||
<09><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>֧<EFBFBD><D6A7><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɨ<EFBFBD><C9A8>ģʽ<C4A3><CABD>
|
||||
<09><>1<EFBFBD><31>presults<74><73>ΪNULL<4C><4C><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɨ<EFBFBD><C9A8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͨ<EFBFBD><CDA8>*presults<74><73><EFBFBD><EFBFBD>һ<EFBFBD><D2BB><EFBFBD>˴ε<CBB4><CEB5><EFBFBD><EFBFBD>н<EFBFBD><D0BD><EFBFBD><EFBFBD><EFBFBD>
|
||||
<09><>2<EFBFBD><32>presultsΪNULL <20><><EFBFBD><EFBFBD>ȫɨ<C8AB><C9A8>ģʽ<C4A3><CABD><EFBFBD><EFBFBD>ʾ<EFBFBD>ȴ<EFBFBD><C8B4><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɨ<EFBFBD><C9A8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ټ<EFBFBD><D9BC>㲢<EFBFBD><E3B2A2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȫ<EFBFBD><C8AB><EFBFBD><EFBFBD><EFBFBD>н<EFBFBD><D0BD><EFBFBD><EFBFBD><EFBFBD>
|
||||
<20><><EFBFBD><EFBFBD>rulescan_computeresult<6C><74><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
<09><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
stream_param [in]: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>״̬<D7B4>IJ<EFBFBD><C4B2><EFBFBD><EFBFBD><EFBFBD>
|
||||
scan_data [in]: <20><>ɨ<EFBFBD><C9A8><EFBFBD><EFBFBD><EFBFBD>ݣ<EFBFBD>
|
||||
presults [out]: <20><><EFBFBD><EFBFBD>presults<74><73>ΪNULL<4C><4C><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>DZ<EFBFBD><C7B1><EFBFBD><EFBFBD><EFBFBD><EFBFBD>е<EFBFBD>һ<EFBFBD><D2BB>ɨ<EFBFBD><C9A8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
size [in]: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>presults<74>Ĵ<EFBFBD>С<EFBFBD><D0A1>
|
||||
<09><><EFBFBD><EFBFBD>ֵ<EFBFBD><D6B5>
|
||||
<09><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><CABD><EFBFBD><EFBFBD>ȫɨ<C8AB>裨presultsΪNULL<4C><4C><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֵΪ<D6B5><CEAA><EFBFBD><EFBFBD>ɨ<EFBFBD><C9A8><EFBFBD><EFBFBD><EFBFBD>еĹؼ<C4B9><D8BC>ʣ<EFBFBD><CAA3><EFBFBD>ֵ<EFBFBD><D6B5><EFBFBD>䡢IP<49><50><EFBFBD><EFBFBD><EFBFBD>ȣ<EFBFBD><C8A3>ĸ<EFBFBD><C4B8><EFBFBD><EFBFBD><EFBFBD>
|
||||
<09><><EFBFBD><EFBFBD>presult<6C><74>ΪNULL<4C><4C><EFBFBD><EFBFBD>ֵΪ<D6B5><CEAA><EFBFBD><EFBFBD>ɨ<EFBFBD><C9A8><EFBFBD><EFBFBD><EFBFBD>е<EFBFBD><D0B5><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD>ĸ<EFBFBD><C4B8><EFBFBD><EFBFBD><EFBFBD>-1<><31>ʾ<EFBFBD><CABE><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
*/
|
||||
int rulescan_searchstream(void * stream_param, scan_data_t * scan_data, scan_result_t * presults, unsigned int size);
|
||||
|
||||
/*
|
||||
<09><><EFBFBD>ܣ<EFBFBD><DCA3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɨ<EFBFBD><C9A8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><F3A3ACBC><EFBFBD>ɨ<EFBFBD><C9A8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
<09><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
stream_param [in]: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>״̬<D7B4><CCAC>ָ<EFBFBD>룻
|
||||
presults [out]: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>飬<EFBFBD><E9A3AC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>е<EFBFBD><D0B5><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><CABD><EFBFBD><EFBFBD>id<69><64>
|
||||
size [in]: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>presults<74>Ĵ<EFBFBD>С<EFBFBD><D0A1>
|
||||
<09><><EFBFBD><EFBFBD>ֵ<EFBFBD><D6B5>
|
||||
<09><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><CABD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><=size<7A><65><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֵΪ-1<><31>ʾ<EFBFBD><CABE><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
*/
|
||||
int rulescan_computeresult(void * stream_param, scan_result_t * presults, unsigned int size);
|
||||
|
||||
/*
|
||||
<09><><EFBFBD>ܣ<EFBFBD><DCA3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽɨ<CABD>裬<EFBFBD>ͷ<EFBFBD><CDB7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>µ<EFBFBD><C2B5>øýӿ<C3BD><D3BF>ͷ<EFBFBD><CDB7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ָ<EFBFBD>ڽ<EFBFBD><DABD><EFBFBD><EFBFBD><EFBFBD>ɨ<EFBFBD><C9A8>֮ǰ<D6AE><C7B0>û<EFBFBD>е<EFBFBD><D0B5><EFBFBD>
|
||||
rulescan_destroy<6F><79><EFBFBD><EFBFBD>rulescan<61><6E><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
<09><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
stream_param [in]: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ָ<EFBFBD>롣
|
||||
<09><><EFBFBD><EFBFBD>ֵ<EFBFBD><D6B5>
|
||||
<09>ޡ<EFBFBD>
|
||||
*/
|
||||
void rulescan_endstream(void * stream_param);
|
||||
|
||||
/*
|
||||
<09><><EFBFBD>ܣ<EFBFBD><DCA3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽɨ<CABD>裬<EFBFBD>ͷ<EFBFBD><CDB7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ȵ<EFBFBD><C8B5><EFBFBD>rulescan_destroy<6F><79><EFBFBD><EFBFBD><EFBFBD><EFBFBD>rulescan<61><6E><EFBFBD><EFBFBD>֮<EFBFBD><D6AE><EFBFBD>ٽ<EFBFBD><D9BD><EFBFBD><EFBFBD><EFBFBD>ɨ<EFBFBD><C9A8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
<20><>Ҫ<EFBFBD><D2AA><EFBFBD><EFBFBD>rulescan_endstream_simple<6C><65><EFBFBD>ͷ<EFBFBD><CDB7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>²ŵ<C2B2><C5B5>øýӿڡ<D3BF>
|
||||
<09><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
stream_param [in]: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ָ<EFBFBD>롣
|
||||
<09><><EFBFBD><EFBFBD>ֵ<EFBFBD><D6B5>
|
||||
<09>ޡ<EFBFBD>
|
||||
*/
|
||||
void rulescan_endstream_simple(void * stream_param);
|
||||
|
||||
/*
|
||||
<09><><EFBFBD>ܣ<EFBFBD><DCA3><EFBFBD><EFBFBD><EFBFBD>ʽɨ<CABD><C9A8><EFBFBD>ӿڣ<D3BF>ɨ<EFBFBD><C9A8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><F3B7B5BB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>н<EFBFBD><D0BD><EFBFBD><EFBFBD><EFBFBD>
|
||||
<09><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
instance [in]: ɨ<><C9A8><EFBFBD><EFBFBD>ָ<EFBFBD>룻
|
||||
thread_id [in]: <20><>ǰִ<C7B0><D6B4>ɨ<EFBFBD><C9A8><EFBFBD><EFBFBD><EFBFBD>߳<EFBFBD>id<69><64><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ڷ<EFBFBD>Χ[0, max_thread_num-1]֮<>ڣ<EFBFBD>
|
||||
scan_data [in]: <20><>ɨ<EFBFBD><C9A8><EFBFBD><EFBFBD><EFBFBD>ݣ<EFBFBD>
|
||||
presults [out]: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>飬<EFBFBD><E9A3AC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>е<EFBFBD><D0B5><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><CABD><EFBFBD><EFBFBD>id<69><64>
|
||||
size [in]: <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>presults<74>Ĵ<EFBFBD>С<EFBFBD><D0A1>
|
||||
<09><><EFBFBD><EFBFBD>ֵ<EFBFBD><D6B5>
|
||||
<09><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><CABD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><=size<7A><65><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֵΪ-1<><31>ʾ<EFBFBD><CABE><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||||
*/
|
||||
int rulescan_search(void * instance, unsigned int thread_id, scan_data_t * scan_data, scan_result_t * presults, unsigned int size);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* !defined(H_RULE_SCAN_H) */
|
||||
|
||||
@@ -11,32 +11,34 @@
|
||||
vars:
|
||||
packages:
|
||||
- /tmp/ansible_deploy/dkms/dkms-2.7.1-1.el7.noarch.rpm
|
||||
- /tmp/ansible_deploy/framework/framework-2.0.9.f583d06-1.el7.centos.x86_64.rpm
|
||||
- /tmp/ansible_deploy/framework/framework-2.0.11.aad8b7e-1.el7.centos.x86_64.rpm
|
||||
|
||||
- name: "install framework ld.conf"
|
||||
synchronize:
|
||||
src: "{{ role_path }}/files/framework/framework.conf"
|
||||
dest: /etc/ld.so.conf.d/framework.conf
|
||||
|
||||
- name: "install/update rulescan header files"
|
||||
synchronize:
|
||||
src: "{{ role_path }}/files/rulescan/rulescan.h"
|
||||
dest: /opt/MESA/include/MESA/rulescan.h
|
||||
|
||||
- name: "install/update rulescan library"
|
||||
synchronize:
|
||||
src: "{{ role_path }}/files/rulescan/librulescan.so"
|
||||
dest: /opt/MESA/lib/librulescan.so
|
||||
|
||||
- name: "install/update maat header files"
|
||||
synchronize:
|
||||
src: "{{ role_path }}/files/maat/include/"
|
||||
dest: /opt/MESA/include/MESA/
|
||||
|
||||
- name: "install/update maat library files"
|
||||
synchronize:
|
||||
src: "{{ role_path }}/files/maat/lib/"
|
||||
dest: /opt/MESA/lib/
|
||||
|
||||
- name: "create maat library symbol links - A"
|
||||
file:
|
||||
src: "libmaatframe.so.2.8"
|
||||
path: /opt/MESA/lib/libmaatframe.so.2
|
||||
state: link
|
||||
|
||||
- name: "create maat library symbol links - B"
|
||||
file:
|
||||
src: "libmaatframe.so.2"
|
||||
path: /opt/MESA/lib/libmaatframe.so
|
||||
state: link
|
||||
|
||||
- name: "update ld"
|
||||
command: ldconfig
|
||||
|
||||
Binary file not shown.
Binary file not shown.
BIN
roles/tfe/files/tfe-4.1.0.d94c397-1.el7.x86_64.rpm
Normal file
BIN
roles/tfe/files/tfe-4.1.0.d94c397-1.el7.x86_64.rpm
Normal file
Binary file not shown.
Binary file not shown.
Binary file not shown.
BIN
roles/tfe/files/tfe-kmod-v1.0.3.20190828-1dkms.noarch.rpm
Normal file
BIN
roles/tfe/files/tfe-kmod-v1.0.3.20190828-1dkms.noarch.rpm
Normal file
Binary file not shown.
@@ -8,24 +8,10 @@
|
||||
yum:
|
||||
name: "{{ packages }}"
|
||||
state: present
|
||||
allow_downgrade: yes
|
||||
vars:
|
||||
packages:
|
||||
- /tmp/ansible_deploy/tfe-4.0.5.348afbc-1.el7.x86_64.rpm
|
||||
|
||||
- name: "hotfix tfe program"
|
||||
synchronize:
|
||||
src: "{{ role_path }}/files/tfe"
|
||||
dest: /home/tsg/tfe/bin/tfe
|
||||
|
||||
#- name: "remove the old tfe-kmod"
|
||||
# command: rpm -e tfe-kmod
|
||||
|
||||
#- name: "delete the tfe_kmod.ko"
|
||||
# command: rm -f /lib/modules/5.1.8-1.el7.elrepo.x86_64/extra/tfe_kmod.ko
|
||||
|
||||
#- name: "reinstall the tfe-kmod"
|
||||
# command: rpm -i /tmp/ansible_deploy/tfe-kmod-c498d30-1dkms.noarch.rpm --force
|
||||
- /tmp/ansible_deploy/tfe-kmod-v1.0.3.20190828-1dkms.noarch.rpm
|
||||
- /tmp/ansible_deploy/tfe-4.1.0.d94c397-1.el7.x86_64.rpm
|
||||
|
||||
- name: "template tfe-env config"
|
||||
template:
|
||||
@@ -42,11 +28,6 @@
|
||||
src: "{{ role_path }}/templates/pangu_pxy.conf.j2"
|
||||
dest: /home/tsg/tfe/conf/pangu/pangu_pxy.conf
|
||||
|
||||
- name: "deploy qaznet cert"
|
||||
copy:
|
||||
src: "{{ role_path }}/files/qaznet_intermedia.pem"
|
||||
dest: "/home/tsg/tfe/resource/tfe/qaznet_intermedia.pem"
|
||||
|
||||
- name: "start tfe-kmod"
|
||||
modprobe:
|
||||
name: tfe_kmod
|
||||
@@ -57,17 +38,3 @@
|
||||
name: tfe-env
|
||||
enabled: yes
|
||||
daemon_reload: yes
|
||||
state: restarted
|
||||
|
||||
- name: "add tfe-kmod to boot"
|
||||
template:
|
||||
src: "{{ role_path }}/templates/tfe_kmod.conf.j2"
|
||||
dest: /etc/modules-load.d/tfe_kmod.conf
|
||||
|
||||
- name: "bootup tfe"
|
||||
blockinfile:
|
||||
path: /etc/rc.d/rc.local
|
||||
marker: "## {mark} bootstrap tfe"
|
||||
block: |
|
||||
systemctl start tfe-env
|
||||
cd /home/tsg/tfe; ./r2_tfe
|
||||
|
||||
@@ -29,7 +29,7 @@ mode= {{ tfe.keykeeper.mode }}
|
||||
no_cache=0
|
||||
cert_store_host= {{ cert_store_server.address }}
|
||||
cert_store_port= {{ cert_store_server.port }}
|
||||
ca_path=resource/tfe/qaznet_intermedia.pem
|
||||
ca_path=resource/tfe/tango-ca-v3-trust-ca.pem
|
||||
untrusted_ca_path=resource/tfe/tango-ca-v3-untrust-ca.pem
|
||||
|
||||
[debug]
|
||||
|
||||
Reference in New Issue
Block a user