gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

增加ip_plus类型表,可以支持范围和掩码两种描述IP和端口的方式。

Browse Source
This commit is contained in:
zhengchao
2019-05-23 18:29:59 +08:00
parent c0dd6799df
commit 879da71422
10 changed files with 541 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/entry/Maat_api.cpp
View File

@@ -16,7 +16,7 @@
#include "rulescan.h"
#include "json2iris.h"
struct Maat_table_desc * acqurie_table(struct _Maat_feather_t* _feather,int table_id,enum MAAT_TABLE_TYPE expect_type)
struct Maat_table_desc * acqurie_table(struct _Maat_feather_t* _feather, int table_id, enum MAAT_TABLE_TYPE expect_type)
{
struct Maat_table_desc *p_table=NULL;
if(table_id>MAX_TABLE_NUM)
@@ -34,8 +34,8 @@ struct Maat_table_desc * acqurie_table(struct _Maat_feather_t* _feather,int tabl
}
if(p_table->table_type!=expect_type)
{
if(expect_type!=TABLE_TYPE_EXPR||
p_table->table_type!=TABLE_TYPE_EXPR_PLUS)
if((expect_type==TABLE_TYPE_EXPR && p_table->table_type!=TABLE_TYPE_EXPR_PLUS)||
(expect_type==TABLE_TYPE_IP && p_table->table_type!=TABLE_TYPE_IP_PLUS))
{
return NULL;
}

3
src/entry/Maat_command.cpp
View File

@@ -192,6 +192,9 @@ int get_valid_flag_offset(const char* line, enum MAAT_TABLE_TYPE type,int valid_
case TABLE_TYPE_IP:
column_seq=14;
break;
case TABLE_TYPE_IP_PLUS:
column_seq=18;
break;
case TABLE_TYPE_COMPILE:
column_seq=8;
break;

321
src/entry/Maat_rule.cpp
View File

@@ -706,7 +706,8 @@ int read_table_description(struct Maat_table_desc** p_table_info,int num,const c
string2int_map=map_create();
map_register(string2int_map,"expr", TABLE_TYPE_EXPR);
map_register(string2int_map,"ip", TABLE_TYPE_IP);
map_register(string2int_map,"ip", TABLE_TYPE_IP);
map_register(string2int_map,"ip_plus", TABLE_TYPE_IP_PLUS);
map_register(string2int_map,"compile", TABLE_TYPE_COMPILE);
map_register(string2int_map,"plugin", TABLE_TYPE_PLUGIN);
map_register(string2int_map,"intval", TABLE_TYPE_INTERVAL);
@@ -1598,6 +1599,7 @@ void rulescan_batch_update(rule_scanner_t rs_handle,MESA_lqueue_head expr_queue,
assert(table_rt->expr.regex_rule_cnt>=0);
break;
case TABLE_TYPE_IP:
case TABLE_TYPE_IP_PLUS:
table_rt->ip.ipv4_rule_cnt+=region_counter[i].ipv4_rule_cnt;
table_rt->ip.ipv6_rule_cnt+=region_counter[i].ipv6_rule_cnt;
break;
@@ -2306,6 +2308,7 @@ int del_region_rule(struct Maat_table_desc* table,int region_id,int group_id,int
switch(table->table_type)
{
case TABLE_TYPE_IP:
case TABLE_TYPE_IP_PLUS:
case TABLE_TYPE_EXPR:
case TABLE_TYPE_EXPR_PLUS:
case TABLE_TYPE_INTERVAL:
@@ -2761,90 +2764,269 @@ error_out:
free(maat_str_rule);
maat_str_rule=NULL;
}
void update_ip_rule(struct Maat_table_desc* table,const char* table_line,struct Maat_scanner_t *scanner,void* logger,int group_mode_on)
enum MAAT_IP_FORMAT
{
FORMAT_RANGE,
FORMAT_MASK,
FORMAT_UNKNOWN
};
enum MAAT_IP_FORMAT ip_format_str2int(const char* format)
{
if(0==strcasecmp(format, "range"))
{
return FORMAT_RANGE;
}
else if(0==strcasecmp(format, "mask"))
{
return FORMAT_MASK;
}
else
{
assert(0);
}
return FORMAT_UNKNOWN;
}
void ipv6_mask2range(const unsigned int ip[], unsigned int mask[], unsigned int range_begin[], unsigned int range_end[])
{
int i=0;
for(i=0; i<4; i++)
{
range_begin[i]=ip[i]&mask[i];
range_end[i] = ip[i]|~mask[i];
}
return;
}
void update_ip_rule(struct Maat_table_desc* table, const char* table_line, struct Maat_scanner_t *scanner, void* logger, int group_mode_on)
{
struct db_ip_rule_t* ip_rule=(struct db_ip_rule_t*)calloc(sizeof(struct db_ip_rule_t),1);
char src_ip[40],mask_src_ip[40],dst_ip[40],mask_dst_ip[40];
char src_ip1[40]={0}, src_ip2[40]={0}, dst_ip1[40]={0}, dst_ip2[40]={0};
char saddr_format[16]={0}, sport_format[16]={0}, daddr_format[16]={0}, dport_format[16]={0};
struct Maat_table_runtime* table_rt=scanner->table_rt[table->table_id];
unsigned short i_src_port,i_sport_mask,i_dst_port,i_dport_mask;
unsigned short src_port1=0, src_port2=0, dst_port1=0, dst_port2=0;
int protocol=0,direction=0;
int ret=0,rule_type=0;
int ret=0;
int ret_array[8]={1},i=0;
ret=sscanf(table_line,"%d\t%d\t%d\t%s\t%s\t%hu\t%hu\t%s\t%s\t%hu\t%hu\t%d\t%d\t%d"
,&(ip_rule->region_id)
,&(ip_rule->group_id)
,&(ip_rule->addr_type)
,src_ip
,mask_src_ip
,&i_src_port
,&i_sport_mask
,dst_ip
,mask_dst_ip
,&i_dst_port
,&i_dport_mask
,&protocol
,&direction
,&(ip_rule->is_valid));
if(ret!=14||(ip_rule->addr_type!=4&&ip_rule->addr_type!=6)
||protocol>65535||protocol<0
||(direction!=0&&direction!=1))
unsigned int ipv4_addr1=0, ipv4_addr2=0, ipv6_addr1[4]={0}, ipv6_addr2[4]={0};
switch(table->table_type)
{
MESA_handle_runtime_log(logger,RLOG_LV_FATAL,maat_module ,
"update error,invalid format of ip table %s:%s"
,table->table_name[table->updating_name],table_line);
case TABLE_TYPE_IP:
strncpy(saddr_format, "mask", sizeof(saddr_format));
strncpy(sport_format, "mask", sizeof(sport_format));
strncpy(daddr_format, "mask", sizeof(daddr_format));
strncpy(dport_format, "mask", sizeof(dport_format));
ret=sscanf(table_line,"%d\t%d\t%d\t%s\t%s\t%hu\t%hu\t%s\t%s\t%hu\t%hu\t%d\t%d\t%d",
&(ip_rule->region_id),
&(ip_rule->group_id),
&(ip_rule->addr_type),
src_ip1,
src_ip2,
&src_port1,
&src_port2,
dst_ip1,
dst_ip2,
&dst_port1,
&dst_port2,
&protocol,
&direction,
&(ip_rule->is_valid));
if(ret!=14)
{
MESA_handle_runtime_log(logger,RLOG_LV_FATAL,maat_module ,
"update error, invalid column number of ip table %s:%s"
,table->table_name[table->updating_name],table_line);
table->udpate_err_cnt++;
goto error_out;
}
break;
case TABLE_TYPE_IP_PLUS:
ret=sscanf(table_line,"%d\t%d\t%d\t%s\t%s\t%s\t%s\t%hu\t%hu\t%s\t%s\t%s\t%s\t%hu\t%hu\t%d\t%d\t%d",
&(ip_rule->region_id),
&(ip_rule->group_id),
&(ip_rule->addr_type),
saddr_format,
src_ip1,
src_ip2,
sport_format,
&src_port1,
&src_port2,
daddr_format,
dst_ip1,
dst_ip2,
dport_format,
&dst_port1,
&dst_port2,
&protocol,
&direction,
&(ip_rule->is_valid));
if(ret!=18)
{
MESA_handle_runtime_log(logger,RLOG_LV_FATAL,maat_module ,
"update error, invalid column number of ip_plus table %s:%s"
,table->table_name[table->updating_name],table_line);
table->udpate_err_cnt++;
goto error_out;
}
break;
default:
table->udpate_err_cnt++;
goto error_out;
break;
}
if(ip_rule->addr_type!=4&&ip_rule->addr_type!=6)
{
MESA_handle_runtime_log(logger,RLOG_LV_FATAL,maat_module,
"update error, invalid addr type %d of ip/ip_plus table %s:%s",
ip_rule->addr_type,
table->table_name[table->updating_name], table_line);
table->udpate_err_cnt++;
goto error_out;
}
if(protocol>65535 || protocol<0)
{
MESA_handle_runtime_log(logger,RLOG_LV_FATAL,maat_module,
"update error, invalid protocol value %d of ip/ip_plus table %s:%s",
protocol,
table->table_name[table->updating_name],table_line);
table->udpate_err_cnt++;
goto error_out;
}
if(direction!=0 && direction!=1)
{
MESA_handle_runtime_log(logger,RLOG_LV_FATAL,maat_module,
"update error, invalid direction value %d of ip/ip_plus table %s:%s",
direction,
table->table_name[table->updating_name],table_line);
table->udpate_err_cnt++;
goto error_out;
}
if(FORMAT_UNKNOWN==ip_format_str2int(saddr_format)||
FORMAT_UNKNOWN==ip_format_str2int(sport_format)||
FORMAT_UNKNOWN==ip_format_str2int(daddr_format)||
FORMAT_UNKNOWN==ip_format_str2int(dport_format))
{
MESA_handle_runtime_log(logger,RLOG_LV_FATAL,maat_module,
"update error, invalid addr format of ip/ip_plus table %s:%s, should be range or mask",
table->table_name[table->updating_name],table_line);
table->udpate_err_cnt++;
goto error_out;
}
if(ip_rule->addr_type==4)
{
ret_array[0]=inet_pton(AF_INET,src_ip,&(ip_rule->ipv4_rule.saddr));
ip_rule->ipv4_rule.saddr=ntohl(ip_rule->ipv4_rule.saddr);
ret_array[1]=inet_pton(AF_INET,mask_src_ip,&(ip_rule->ipv4_rule.smask));
ip_rule->ipv4_rule.smask=ntohl(ip_rule->ipv4_rule.smask);
ret_array[2]=inet_pton(AF_INET,dst_ip,&(ip_rule->ipv4_rule.daddr));
ip_rule->ipv4_rule.daddr=ntohl(ip_rule->ipv4_rule.daddr);
ret_array[3]=inet_pton(AF_INET,mask_dst_ip,&(ip_rule->ipv4_rule.dmask));
ip_rule->ipv4_rule.dmask=ntohl(ip_rule->ipv4_rule.dmask);
ip_rule->ipv4_rule.min_sport=i_src_port&i_sport_mask;
ip_rule->ipv4_rule.max_sport=(i_src_port&i_sport_mask)+(~i_sport_mask);
ip_rule->ipv4_rule.min_dport=i_dst_port&i_dport_mask;
ip_rule->ipv4_rule.max_dport=(i_dst_port&i_dport_mask)+(~i_dport_mask);
ret_array[0]=inet_pton(AF_INET, src_ip1, &ipv4_addr1);
ipv4_addr1=ntohl(ipv4_addr1);
ret_array[1]=inet_pton(AF_INET, src_ip2, &ipv4_addr2);
ipv4_addr2=ntohl(ipv4_addr2);
if(FORMAT_MASK==ip_format_str2int(saddr_format))
{
// min_saddr=(saddr&mask) max_saddr=(saddr|~mask)
ip_rule->ipv4_rule.min_saddr=ipv4_addr1&ipv4_addr2;
ip_rule->ipv4_rule.max_saddr=ipv4_addr1|~ipv4_addr2;
}
else
{
ip_rule->ipv4_rule.min_saddr=ipv4_addr1;
ip_rule->ipv4_rule.max_saddr=ipv4_addr2;
}
if(FORMAT_MASK==ip_format_str2int(sport_format))
{
ip_rule->ipv4_rule.min_sport=src_port1&src_port2;
ip_rule->ipv4_rule.max_sport=src_port1|~src_port2;
}
else
{
ip_rule->ipv4_rule.min_sport=src_port1;
ip_rule->ipv4_rule.max_sport=src_port2;
}
ret_array[2]=inet_pton(AF_INET, dst_ip1, &ipv4_addr1);
ipv4_addr1=ntohl(ipv4_addr1);
ret_array[3]=inet_pton(AF_INET, dst_ip2, &ipv4_addr2);
ipv4_addr2=ntohl(ipv4_addr2);
if(FORMAT_MASK==ip_format_str2int(daddr_format))
{
ip_rule->ipv4_rule.min_daddr=ipv4_addr1&ipv4_addr2;
ip_rule->ipv4_rule.max_daddr=ipv4_addr1|~ipv4_addr2;
}
else
{
ip_rule->ipv4_rule.min_daddr=ipv4_addr1;
ip_rule->ipv4_rule.max_daddr=ipv4_addr2;
}
if(FORMAT_MASK==ip_format_str2int(dport_format))
{
ip_rule->ipv4_rule.min_dport=dst_port1&dst_port2;
ip_rule->ipv4_rule.max_dport=dst_port1|~dst_port2;
}
else
{
ip_rule->ipv4_rule.min_dport=dst_port1;
ip_rule->ipv4_rule.max_dport=dst_port2;
}
ip_rule->ipv4_rule.proto=protocol;
ip_rule->ipv4_rule.direction=direction;
rule_type=RULETYPE_IPv4;
}
else
{
ret_array[0]=inet_pton(AF_INET6,src_ip,&(ip_rule->ipv6_rule.saddr));
ipv6_ntoh(ip_rule->ipv6_rule.saddr);
ret_array[1]=inet_pton(AF_INET6,mask_src_ip,&(ip_rule->ipv6_rule.smask));
ipv6_ntoh(ip_rule->ipv6_rule.smask);
ret_array[0]=inet_pton(AF_INET6, src_ip1, ipv6_addr1);
ipv6_ntoh(ipv6_addr1);
ret_array[1]=inet_pton(AF_INET6, src_ip2, ipv6_addr2);
ipv6_ntoh(ipv6_addr2);
if(FORMAT_MASK==ip_format_str2int(saddr_format))
{
// min_saddr=(saddr&mask) max_saddr=(saddr|~mask)
ipv6_mask2range(ipv6_addr1, ipv6_addr2, ip_rule->ipv6_rule.min_saddr, ip_rule->ipv6_rule.max_saddr);
}
else
{
memcpy(ip_rule->ipv6_rule.min_saddr, ipv6_addr1, sizeof(ip_rule->ipv6_rule.min_saddr));
memcpy(ip_rule->ipv6_rule.max_saddr, ipv6_addr2, sizeof(ip_rule->ipv6_rule.max_saddr));
}
if(FORMAT_MASK==ip_format_str2int(sport_format))
{
ip_rule->ipv6_rule.min_sport=src_port1&src_port2;
ip_rule->ipv6_rule.max_sport=src_port1|~src_port2;
}
else
{
ip_rule->ipv6_rule.min_sport=src_port1;
ip_rule->ipv6_rule.max_sport=src_port2;
}
ret_array[2]=inet_pton(AF_INET6,dst_ip,&(ip_rule->ipv6_rule.daddr));
ipv6_ntoh(ip_rule->ipv6_rule.daddr);
ret_array[3]=inet_pton(AF_INET6,mask_dst_ip,&(ip_rule->ipv6_rule.dmask));
ipv6_ntoh(ip_rule->ipv6_rule.dmask);
ip_rule->ipv6_rule.min_sport=i_src_port&i_sport_mask;
ip_rule->ipv6_rule.max_sport=(i_src_port&i_sport_mask)+(~i_sport_mask);
ip_rule->ipv6_rule.min_dport=i_dst_port&i_dport_mask;
ip_rule->ipv6_rule.max_dport=(i_dst_port&i_dport_mask)+~(i_dport_mask);
ret_array[2]=inet_pton(AF_INET6, dst_ip1, &ipv6_addr1);
ipv6_ntoh(ipv6_addr1);
ret_array[3]=inet_pton(AF_INET6, dst_ip2, &ipv6_addr2);
ipv6_ntoh(ipv6_addr2);
if(FORMAT_MASK==ip_format_str2int(daddr_format))
{
// min_saddr=(saddr&mask) max_saddr=(saddr|~mask)
ipv6_mask2range(ipv6_addr1, ipv6_addr2, ip_rule->ipv6_rule.min_daddr, ip_rule->ipv6_rule.max_daddr);
}
else
{
memcpy(ip_rule->ipv6_rule.min_daddr, ipv6_addr1, sizeof(ip_rule->ipv6_rule.min_daddr));
memcpy(ip_rule->ipv6_rule.max_daddr, ipv6_addr2, sizeof(ip_rule->ipv6_rule.max_daddr));
}
if(FORMAT_MASK==ip_format_str2int(dport_format))
{
ip_rule->ipv6_rule.min_dport=dst_port1&dst_port2;
ip_rule->ipv6_rule.max_dport=dst_port1|~dst_port2;
}
else
{
ip_rule->ipv6_rule.min_sport=dst_port1;
ip_rule->ipv6_rule.max_sport=dst_port2;
}
ip_rule->ipv6_rule.proto=protocol;
ip_rule->ipv6_rule.direction=direction;
rule_type=RULETYPE_IPv6;
}
for(i=0;i<4;i++)
{
if(ret_array[i]<=0)
{
MESA_handle_runtime_log(logger,RLOG_LV_FATAL,maat_module ,
"update error,invalid format of ip table %s:%s"
"update error, invalid IP address format of ip table %s:%s"
,table->table_name[table->updating_name],table_line);
table->udpate_err_cnt++;
goto error_out;
@@ -2861,19 +3043,19 @@ void update_ip_rule(struct Maat_table_desc* table,const char* table_line,struct
}
if(group_mode_on==FALSE)//for compatible old version
{
compatible_group_udpate(table
,ip_rule->region_id
,ip_rule->group_id
,ip_rule->is_valid
,scanner
,logger);
compatible_group_udpate(table,
ip_rule->region_id,
ip_rule->group_id,
ip_rule->is_valid,
scanner,
logger);
ip_rule->group_id=ip_rule->region_id;
}
if(ip_rule->is_valid==FALSE)
{
ret=del_region_rule(table
,ip_rule->region_id,ip_rule->group_id,rule_type
,scanner, logger);
ret=del_region_rule(table,
ip_rule->region_id, ip_rule->group_id, ip_rule->addr_type==6?RULETYPE_IPv6:RULETYPE_IPv4,
scanner, logger);
if(ret<0)
{
table->udpate_err_cnt++;
@@ -2886,7 +3068,7 @@ void update_ip_rule(struct Maat_table_desc* table,const char* table_line,struct
else
{
ret=add_ip_rule(table, ip_rule,scanner, logger);
ret=add_ip_rule(table, ip_rule, scanner, logger);
if(ret<0)
{
MESA_handle_runtime_log(logger,RLOG_LV_INFO,maat_module ,
@@ -3689,6 +3871,7 @@ int maat_update_cb(const char* table_name,const char* line,void *u_para)
update_expr_rule(feather->p_table_info[table_id], line, scanner,feather->logger,feather->GROUP_MODE_ON);
break;
case TABLE_TYPE_IP:
case TABLE_TYPE_IP_PLUS:
update_ip_rule(feather->p_table_info[table_id], line, scanner,feather->logger,feather->GROUP_MODE_ON);
break;
case TABLE_TYPE_INTERVAL:

1
src/entry/Maat_stat.cpp
View File

@@ -234,6 +234,7 @@ void maat_stat_output(struct _Maat_feather_t* feather)
total_iconv_error=p_table->expr.iconv_err_cnt;
break;
case TABLE_TYPE_IP:
case TABLE_TYPE_IP_PLUS:
table_regex_ipv6_num=table_rt->ip.ipv6_rule_cnt;
break;
default:

116
src/entry/json2iris.cpp
View File

@@ -141,6 +141,7 @@ int set_iris_descriptor(const char* json_file,cJSON *json,const char*compile_tn,
map_register(iris_cfg->str2int_map, "no",0);
map_register(iris_cfg->str2int_map, "ip",TABLE_TYPE_IP);
map_register(iris_cfg->str2int_map, "ip_plus",TABLE_TYPE_IP_PLUS);
map_register(iris_cfg->str2int_map, "string",TABLE_TYPE_EXPR);
map_register(iris_cfg->str2int_map, "expr",TABLE_TYPE_EXPR);
map_register(iris_cfg->str2int_map, "expr_plus",TABLE_TYPE_EXPR_PLUS);
@@ -407,6 +408,118 @@ int write_ip_line(cJSON *region_json, struct iris_description_t *p_iris, const c
return direct_write_rule(region_json, p_iris->str2int_map,json_cmd, cmd_cnt,path,logger);
}
int write_ip_plus_line(cJSON *region_json, struct iris_description_t *p_iris, const char* path, void * logger)
{
struct traslate_command_t json_cmd[MAX_COLUMN_NUM];
int cmd_cnt=0;
memset(json_cmd,0,sizeof(json_cmd));
json_cmd[cmd_cnt].json_string="region_id";
json_cmd[cmd_cnt].json_type=cJSON_Number;
cmd_cnt++;
json_cmd[cmd_cnt].json_string="group_id";
json_cmd[cmd_cnt].json_type=cJSON_Number;
cmd_cnt++;
json_cmd[cmd_cnt].json_string="addr_type";
json_cmd[cmd_cnt].json_type=cJSON_String;
json_cmd[cmd_cnt].str2int_flag=1;
cmd_cnt++;
json_cmd[cmd_cnt].json_string="saddr_format";
json_cmd[cmd_cnt].json_type=cJSON_String;
json_cmd[cmd_cnt].empty_allowed=1;
json_cmd[cmd_cnt].default_string="mask";
cmd_cnt++;
json_cmd[cmd_cnt].json_string="src_ip1";
json_cmd[cmd_cnt].json_type=cJSON_String;
json_cmd[cmd_cnt].empty_allowed=1;
json_cmd[cmd_cnt].default_string="0.0.0.0";
cmd_cnt++;
json_cmd[cmd_cnt].json_string="src_ip2";
json_cmd[cmd_cnt].json_type=cJSON_String;
json_cmd[cmd_cnt].empty_allowed=1;
json_cmd[cmd_cnt].default_string="255.255.255.255";
cmd_cnt++;
json_cmd[cmd_cnt].json_string="sport_format";
json_cmd[cmd_cnt].json_type=cJSON_String;
json_cmd[cmd_cnt].empty_allowed=1;
json_cmd[cmd_cnt].default_string="mask";
cmd_cnt++;
json_cmd[cmd_cnt].json_string="src_port1";
json_cmd[cmd_cnt].json_type=cJSON_String;
json_cmd[cmd_cnt].empty_allowed=1;
json_cmd[cmd_cnt].default_string="0";
cmd_cnt++;
json_cmd[cmd_cnt].json_string="src_port2";
json_cmd[cmd_cnt].json_type=cJSON_String;
json_cmd[cmd_cnt].empty_allowed=1;
json_cmd[cmd_cnt].default_string="65535";
cmd_cnt++;
json_cmd[cmd_cnt].json_string="daddr_format";
json_cmd[cmd_cnt].json_type=cJSON_String;
json_cmd[cmd_cnt].empty_allowed=1;
json_cmd[cmd_cnt].default_string="mask";
cmd_cnt++;
json_cmd[cmd_cnt].json_string="dst_ip1";
json_cmd[cmd_cnt].json_type=cJSON_String;
json_cmd[cmd_cnt].empty_allowed=1;
json_cmd[cmd_cnt].default_string="0.0.0.0";
cmd_cnt++;
json_cmd[cmd_cnt].json_string="dst_ip2";
json_cmd[cmd_cnt].json_type=cJSON_String;
json_cmd[cmd_cnt].empty_allowed=1;
json_cmd[cmd_cnt].default_string="255.255.255.255";
cmd_cnt++;
json_cmd[cmd_cnt].json_string="dport_format";
json_cmd[cmd_cnt].json_type=cJSON_String;
json_cmd[cmd_cnt].empty_allowed=1;
json_cmd[cmd_cnt].default_string="mask";
cmd_cnt++;
json_cmd[cmd_cnt].json_string="dst_port1";
json_cmd[cmd_cnt].json_type=cJSON_String;
json_cmd[cmd_cnt].empty_allowed=1;
json_cmd[cmd_cnt].default_string="0";
cmd_cnt++;
json_cmd[cmd_cnt].json_string="dst_port2";
json_cmd[cmd_cnt].json_type=cJSON_String;
json_cmd[cmd_cnt].empty_allowed=1;
json_cmd[cmd_cnt].default_string="65535";
cmd_cnt++;
json_cmd[cmd_cnt].json_string="protocol";
json_cmd[cmd_cnt].json_type=cJSON_Number;
json_cmd[cmd_cnt].empty_allowed=1;
json_cmd[cmd_cnt].default_int=0;
cmd_cnt++;
json_cmd[cmd_cnt].json_string="direction";
json_cmd[cmd_cnt].json_type=cJSON_String;
json_cmd[cmd_cnt].str2int_flag=1;
json_cmd[cmd_cnt].empty_allowed=1;
json_cmd[cmd_cnt].default_string="double";
cmd_cnt++;
json_cmd[cmd_cnt].json_string="is_valid";
json_cmd[cmd_cnt].json_type=cJSON_Number;
cmd_cnt++;
return direct_write_rule(region_json, p_iris->str2int_map,json_cmd, cmd_cnt,path,logger);
}
int write_expr_line(cJSON *region_json,struct iris_description_t *p_iris,const char* path,enum MAAT_TABLE_TYPE table_type,void * logger)
{
struct traslate_command_t json_cmd[MAX_COLUMN_NUM];
@@ -670,6 +783,9 @@ int write_region_rule(cJSON* region_json,int compile_id,int group_id,iris_descri
case TABLE_TYPE_IP:
ret=write_ip_line(table_content, p_iris, table_info->table_path, logger);
break;
case TABLE_TYPE_IP_PLUS:
write_ip_plus_line(table_content, p_iris, table_info->table_path, logger);
break;
case TABLE_TYPE_INTERVAL:
ret=write_intval_line(table_content, p_iris, table_info->table_path, logger);
break;

1
src/inc_internal/Maat_table_description.h
View File

@@ -18,6 +18,7 @@ enum MAAT_TABLE_TYPE
{
TABLE_TYPE_EXPR=0,
TABLE_TYPE_IP,
TABLE_TYPE_IP_PLUS,
TABLE_TYPE_INTERVAL,
TABLE_TYPE_DIGEST,
TABLE_TYPE_EXPR_PLUS,

52
src/inc_internal/view_only/rulescan.h
View File

@@ -28,7 +28,9 @@ extern "C"
{
RULESCAN_DETAIL_RESULT=1, /* <20><><EFBFBD><EFBFBD>־λ<D6BE><CEBB>ʾ<EFBFBD><CABE><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ϸ<EFBFBD><CFB8><EFBFBD><EFBFBD>λ<EFBFBD>õ<EFBFBD><C3B5><EFBFBD>Ϣ, optval<61><6C>ΪNULL<4C><4C>optlen<65><6E>Ϊ0<CEAA><30>Ĭ<EFBFBD>ϲ<EFBFBD><CFB2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ϸ<EFBFBD><CFB8>Ϣ*/
RULESCAN_REGEX_GROUP =2, /* <20><><EFBFBD><EFBFBD>־λ<D6BE><CEBB>ʾ<EFBFBD><CABE><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽƥ<CABD><C6A5><EFBFBD>ķ<EFBFBD><C4B7><EFBFBD><EFBFBD><EFBFBD>Ϣ<EFBFBD><CFA2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ֶΣ<D6B6><CEA3><EFBFBD>Ҫ<EFBFBD><D2AA><EFBFBD><EFBFBD><EFBFBD><EFBFBD>RULESCAN_DETAIL_RESULT<4C><54>־λ,optval<61><6C>ΪNULL<4C><4C>optlen<65><6E>Ϊ0<CEAA><30>Ĭ<EFBFBD>ϲ<EFBFBD><CFB2><EFBFBD><EFBFBD>ط<EFBFBD><D8B7><EFBFBD><EFBFBD><EFBFBD>Ϣ */
RULESCAN_QUICK_SCAN /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ҫ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɨ<EFBFBD><EFBFBD>ģʽ<EFBFBD><EFBFBD>sub_type, <20><><EFBFBD>û<EFBFBD><EFBFBD>Լ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>optval<EFBFBD><EFBFBD>ֵΪ0-4096<EFBFBD><EFBFBD>optlen<EFBFBD><EFBFBD>Ϊ4<EFBFBD><EFBFBD>Ĭ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͨɨ<EFBFBD><EFBFBD>ģʽ<EFBFBD><EFBFBD>*/
RULEACAN_ERRLOG_CLOSE, /* <20><><EFBFBD><EFBFBD>־λ<EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD><EFBFBD>ر<EFBFBD>Rulescan<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>־<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>optval<EFBFBD><EFBFBD>ΪNULL<EFBFBD><EFBFBD>optlen<EFBFBD><EFBFBD>Ϊ0<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>õĻ<EFBFBD>Ĭ<EFBFBD>ϴ<EFBFBD><EFBFBD><EFBFBD>Rulescan<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>־<EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
RULESCAN_ERRLOG_FILE_PATH, /* <20><><EFBFBD><EFBFBD>Rulescan<61><6E><EFBFBD><EFBFBD><EFBFBD><EFBFBD>־<EFBFBD><D6BE>·<EFBFBD><C2B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD><C4BC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>û<EFBFBD><C3BB><EFBFBD><EFBFBD>룬optval<61><6C>ֵΪ<D6B5><CEAA><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD><C4BC><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>־·<D6BE><C2B7><EFBFBD><EFBFBD>optlenΪ·<CEAA><C2B7><EFBFBD><EFBFBD><EFBFBD>ȡ<EFBFBD><C8A1><EFBFBD><EFBFBD><EFBFBD>û<EFBFBD><C3BB><EFBFBD><EFBFBD><E8B6A8>
<09><><EFBFBD><EFBFBD>־Ĭ<D6BE>ϴ洢<CFB4>ڿ<EFBFBD>ִ<EFBFBD>г<EFBFBD><D0B3><EFBFBD><EFBFBD><EFBFBD>ǰĿ¼<C4BF>µ<EFBFBD>rulescan_tmp<6D><70> */
};
#define MAX_REGEX_GROUP_NUM 5 /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><CABD><EFBFBD><EFBFBD>֧<EFBFBD>ֵ<EFBFBD><D6B5><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ĸ<EFBFBD><C4B8><EFBFBD> */
@@ -45,7 +47,7 @@ extern "C"
const unsigned int RULETYPE_IPv6 = 4; /* IPv6<76><36><EFBFBD><EFBFBD> */
const unsigned int MAX_RULETYPE = 5; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
const unsigned int MAX_SUB_RULETYPE = 4096; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
const unsigned int MAX_SUB_RULETYPE = 4096; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
/* <20>ַ<EFBFBD><D6B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD>͹<EFBFBD><CDB9>򣨿ɱ<F2A3A8BF>ʾ<EFBFBD>ı<EFBFBD><C4B1>ַ<EFBFBD><D6B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ַ<EFBFBD><D6B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><CABD> */
typedef struct _string_rule_t
@@ -65,34 +67,34 @@ extern "C"
unsigned int ub; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>½磨<C2BD><E7A3A8><EFBFBD><EFBFBD>ub<75><62><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ĭ<EFBFBD><C4AC>Ϊ0 */
}interval_rule_t;
/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>IPv4<EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
/* IPv4<76><34><EFBFBD><EFBFBD> */
typedef struct _ipv4_rule_t
{
unsigned int saddr; /* ԴIP<EFBFBD><EFBFBD>ַ<EFBFBD><EFBFBD>0<EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD><EFBFBD>Ա<EFBFBD><EFBFBD>ֶ<EFBFBD> */
unsigned int smask; /* ԴIP<EFBFBD><EFBFBD>ַ<EFBFBD><EFBFBD><EFBFBD>0<EFBFBD><EFBFBD>ʾ<EFBFBD>̶<EFBFBD>IP=saddr */
unsigned int daddr; /* Ŀ<><EFBFBD>IP<EFBFBD><EFBFBD>ַ<EFBFBD><EFBFBD>0<EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD><EFBFBD>Ա<EFBFBD><EFBFBD>ֶ<EFBFBD> */
unsigned int dmask; /* Ŀ<><EFBFBD>IP<EFBFBD><EFBFBD>ַ<EFBFBD><EFBFBD><EFBFBD>0<EFBFBD><EFBFBD>ʾ<EFBFBD>̶<EFBFBD>IP=daddr */
unsigned short int min_sport; /* Դ<>˿ڷ<CBBF>Χ<EFBFBD>½磻0<E7A3BB><30>ʾ<EFBFBD><CABE><EFBFBD>Ա<EFBFBD><D4B1>ֶ<EFBFBD> */
unsigned short int max_sport; /* Դ<>˿ڷ<CBBF>Χ<EFBFBD>Ͻ磻0<E7A3BB><30>ʾ<EFBFBD>̶<EFBFBD><CCB6>˿<EFBFBD>=min_sport */
unsigned short int min_dport; /* Ŀ<>Ķ˿ڷ<CBBF>Χ<EFBFBD>½磻0<E7A3BB><30>ʾ<EFBFBD><CABE><EFBFBD>Ա<EFBFBD><D4B1>ֶ<EFBFBD> */
unsigned short int max_dport; /* Ŀ<>Ķ˿ڷ<CBBF>Χ<EFBFBD>Ͻ磻0<E7A3BB><30>ʾ<EFBFBD>̶<EFBFBD><CCB6>˿<EFBFBD>=min_dport */
unsigned short int proto; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Э<EFBFBD>飬6<E9A3AC><36>ʾTCP<43><50>17<31><37>ʾUDP<44><50>0<EFBFBD><30>ʾ<EFBFBD><CABE><EFBFBD>Ա<EFBFBD><D4B1>ֶ<EFBFBD> */
unsigned short int direction; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>0<EFBFBD><30>ʾ˫<CABE><CBAB><EFBFBD><EFBFBD>1<EFBFBD><31>ʾ<EFBFBD><CABE><EFBFBD><EFBFBD> */
unsigned int min_saddr; /* Դ<><D4B4>ַ<EFBFBD>½磻0<EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD><EFBFBD>Ա<EFBFBD><EFBFBD>ֶ<EFBFBD> */
unsigned int max_saddr; /* Դ<><D4B4>ַ<EFBFBD>Ͻ磻0<EFBFBD><EFBFBD>ʾ<EFBFBD>̶<EFBFBD>IP=min_saddr */
unsigned int min_daddr; /* Ŀ<>ĵ<EFBFBD>ַ<EFBFBD>½磻0<EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD><EFBFBD>Ա<EFBFBD><EFBFBD>ֶ<EFBFBD> */
unsigned int max_daddr; /* Ŀ<>ĵ<EFBFBD>ַ<EFBFBD>Ͻ磻0<EFBFBD><EFBFBD>ʾ<EFBFBD>̶<EFBFBD>IP=min_daddr */
unsigned short min_sport; /* Դ<>˿ڷ<CBBF>Χ<EFBFBD>½磻0<E7A3BB><30>ʾ<EFBFBD><CABE><EFBFBD>Ա<EFBFBD><D4B1>ֶ<EFBFBD> */
unsigned short max_sport; /* Դ<>˿ڷ<CBBF>Χ<EFBFBD>Ͻ磻0<E7A3BB><30>ʾ<EFBFBD>̶<EFBFBD><CCB6>˿<EFBFBD>=min_sport */
unsigned short min_dport; /* Ŀ<>Ķ˿ڷ<CBBF>Χ<EFBFBD>½磻0<E7A3BB><30>ʾ<EFBFBD><CABE><EFBFBD>Ա<EFBFBD><D4B1>ֶ<EFBFBD> */
unsigned short max_dport; /* Ŀ<>Ķ˿ڷ<CBBF>Χ<EFBFBD>Ͻ磻0<E7A3BB><30>ʾ<EFBFBD>̶<EFBFBD><CCB6>˿<EFBFBD>=min_dport */
unsigned short proto; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Э<EFBFBD>飬6<E9A3AC><36>ʾTCP<43><50>17<31><37>ʾUDP<44><50>0<EFBFBD><30>ʾ<EFBFBD><CABE><EFBFBD>Ա<EFBFBD><D4B1>ֶ<EFBFBD> */
unsigned short direction; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>0<EFBFBD><30>ʾ˫<CABE><CBAB><EFBFBD><EFBFBD>1<EFBFBD><31>ʾ<EFBFBD><CABE><EFBFBD><EFBFBD> */
}ipv4_rule_t;
/* <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>IPv6<EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
/* IPv6<76><36><EFBFBD><EFBFBD> */
typedef struct _ipv6_rule_t
{
unsigned int saddr[4]; /* ԴIP<EFBFBD><EFBFBD>ַ<EFBFBD><EFBFBD>0<EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD><EFBFBD>Ա<EFBFBD><EFBFBD>ֶ<EFBFBD> */
unsigned int smask[4]; /* ԴIP<EFBFBD><EFBFBD>ַ<EFBFBD><EFBFBD><EFBFBD>0<EFBFBD><EFBFBD>ʾ<EFBFBD>̶<EFBFBD>IP=saddr */
unsigned int daddr[4]; /* Ŀ<><EFBFBD>IP<EFBFBD><EFBFBD>ַ<EFBFBD><EFBFBD>0<EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD><EFBFBD>Ա<EFBFBD><EFBFBD>ֶ<EFBFBD> */
unsigned int dmask[4]; /* Ŀ<><EFBFBD>IP<EFBFBD><EFBFBD>ַ<EFBFBD><EFBFBD><EFBFBD>0<EFBFBD><EFBFBD>ʾ<EFBFBD>̶<EFBFBD>IP=daddr */
unsigned short int min_sport; /* Դ<>˿ڷ<CBBF>Χ<EFBFBD>½磻0<E7A3BB><30>ʾ<EFBFBD><CABE><EFBFBD>Ա<EFBFBD><D4B1>ֶ<EFBFBD> */
unsigned short int max_sport; /* Դ<>˿ڷ<CBBF>Χ<EFBFBD>Ͻ磻0<E7A3BB><30>ʾ<EFBFBD>̶<EFBFBD><CCB6>˿<EFBFBD>=min_sport */
unsigned short int min_dport; /* Ŀ<>Ķ˿ڷ<CBBF>Χ<EFBFBD>½磻0<E7A3BB><30>ʾ<EFBFBD><CABE><EFBFBD>Ա<EFBFBD><D4B1>ֶ<EFBFBD> */
unsigned short int max_dport; /* Ŀ<>Ķ˿ڷ<CBBF>Χ<EFBFBD>Ͻ磻0<E7A3BB><30>ʾ<EFBFBD>̶<EFBFBD><CCB6>˿<EFBFBD>=min_dport */
unsigned short int proto; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Э<EFBFBD>飬6<E9A3AC><36>ʾTCP<43><50>17<31><37>ʾUDP<44><50><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ĭ<EFBFBD><C4AC>Ϊ0 */
unsigned short int direction; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>0<EFBFBD><30>ʾ˫<CABE><CBAB><EFBFBD><EFBFBD>1<EFBFBD><31>ʾ<EFBFBD><CABE><EFBFBD><EFBFBD> */
unsigned int min_saddr[4]; /* Դ<><D4B4>ַ<EFBFBD>½磻ȫ0<EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD><EFBFBD>Ա<EFBFBD><EFBFBD>ֶ<EFBFBD> */
unsigned int max_saddr[4]; /* Դ<><D4B4>ַ<EFBFBD>Ͻ磻ȫ0<EFBFBD><EFBFBD>ʾ<EFBFBD>̶<EFBFBD>IP=min_saddr */
unsigned int min_daddr[4]; /* Ŀ<>ĵ<EFBFBD>ַ<EFBFBD>½磻ȫ0<EFBFBD><EFBFBD>ʾ<EFBFBD><EFBFBD><EFBFBD>Ա<EFBFBD><EFBFBD>ֶ<EFBFBD> */
unsigned int max_daddr[4]; /* Ŀ<>ĵ<EFBFBD>ַ<EFBFBD>Ͻ磻ȫ0<EFBFBD><EFBFBD>ʾ<EFBFBD>̶<EFBFBD>IP=min_daddr */
unsigned short min_sport; /* Դ<>˿ڷ<CBBF>Χ<EFBFBD>½磻0<E7A3BB><30>ʾ<EFBFBD><CABE><EFBFBD>Ա<EFBFBD><D4B1>ֶ<EFBFBD> */
unsigned short max_sport; /* Դ<>˿ڷ<CBBF>Χ<EFBFBD>Ͻ磻0<E7A3BB><30>ʾ<EFBFBD>̶<EFBFBD><CCB6>˿<EFBFBD>=min_sport */
unsigned short min_dport; /* Ŀ<>Ķ˿ڷ<CBBF>Χ<EFBFBD>½磻0<E7A3BB><30>ʾ<EFBFBD><CABE><EFBFBD>Ա<EFBFBD><D4B1>ֶ<EFBFBD> */
unsigned short max_dport; /* Ŀ<>Ķ˿ڷ<CBBF>Χ<EFBFBD>Ͻ磻0<E7A3BB><30>ʾ<EFBFBD>̶<EFBFBD><CCB6>˿<EFBFBD>=min_dport */
unsigned short proto; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Э<EFBFBD>飬6<E9A3AC><36>ʾTCP<43><50>17<31><37>ʾUDP<44><50><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ĭ<EFBFBD><C4AC>Ϊ0 */
unsigned short direction; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>0<EFBFBD><30>ʾ˫<CABE><CBAB><EFBFBD><EFBFBD>1<EFBFBD><31>ʾ<EFBFBD><CABE><EFBFBD><EFBFBD> */
}ipv6_rule_t;
/* ͨ<>õĹ<C3B5><C4B9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
@@ -188,7 +190,7 @@ extern "C"
unsigned int length[MAX_MATCH_POS_NUM]; /* <20>ù<EFBFBD><C3B9><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>н<EFBFBD><D0BD><EFBFBD><EFBFBD>ij<EFBFBD><C4B3>ȣ<EFBFBD><C8A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>н<EFBFBD><D0BD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ǰ<EFBFBD><C7B0><EFBFBD><EFBFBD><EFBFBD>ݰ<EFBFBD><DDB0><EFBFBD><EFBFBD><EFBFBD><EFBFBD>еģ<D0B5><C4A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ö<EFBFBD>Ӧ<EFBFBD><D3A6>length=0, <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>IP<49><EFBFBD><E0A3AC><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ϊ0*/
}rule_result_t;
/* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><CABD>ɨ<EFBFBD><C9A8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ͣ<EFBFBD>quickģʽ<EFBFBD><EFBFBD>ֻ<EFBFBD><EFBFBD>expr_id<EFBFBD>Լ<EFBFBD>tag<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ч */
/* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><CABD>ɨ<EFBFBD><C9A8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> */
typedef struct _scan_result_t
{
unsigned int expr_id; /* <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ʽ<EFBFBD><CABD>ID */