diff options
| author | git commit -m first <[email protected]> | 2019-06-13 16:52:28 +0800 |
|---|---|---|
| committer | git commit -m first <[email protected]> | 2019-06-13 16:52:28 +0800 |
| commit | a229a3ec73dbd7678e2700eb18bc65632950614c (patch) | |
| tree | 40804646a85ada6a0afbdb82b77b12793302698d /src/inc | |
Diffstat (limited to 'src/inc')
| -rw-r--r-- | src/inc/MESA_logger.h | 72 | ||||
| -rw-r--r-- | src/inc/dj_rule.h | 72 | ||||
| -rw-r--r-- | src/inc/dns_analyse.h | 242 | ||||
| -rw-r--r-- | src/inc/ip_control.h | 57 | ||||
| -rw-r--r-- | src/inc/ip_jt.h | 60 | ||||
| -rw-r--r-- | src/inc/magellan_logger.h | 88 | ||||
| -rw-r--r-- | src/inc/qdjcq_magellan_id.h | 187 |
7 files changed, 778 insertions, 0 deletions
diff --git a/src/inc/MESA_logger.h b/src/inc/MESA_logger.h new file mode 100644 index 0000000..5f7e974 --- /dev/null +++ b/src/inc/MESA_logger.h @@ -0,0 +1,72 @@ +#ifndef H__LOGGER_H +#define H__LOGGER_H + +/* + * does runtime logging. + * xiang hong + * 2002-07-29 + */ + +#include <stdio.h> +#include <stdlib.h> +#include <stdarg.h> +#include <string.h> +#include <time.h> +#include <unistd.h> + +//#include "thread_safe.h" + +#define RLOG_LV_DEBUG 10 +#define RLOG_LV_INFO 20 +#define RLOG_LV_FATAL 30 + +#define LOGMSG_MAX_LEN 1024 + +#ifdef __cplusplus +extern "C" { +#endif + +#define RUNTIME_LOG(lv, mod, fmt, args...) \ + MESA_runtime_log((lv), (mod), "file %s, line %d, " fmt, \ + __FILE__, __LINE__, ##args) + +/* + * define your own version of RLOG. + */ +#define RLOGF(fmt, args...) RLOG(RLOG_LV_FATAL, fmt, ##args) +#define RLOGI(fmt, args...) RLOG(RLOG_LV_INFO, fmt, ##args) +#define RLOGD(fmt, args...) RLOG(RLOG_LV_DEBUG, fmt, ##args) + +/* + * returns: + * 0, if succeeded; + * -1, if file is not absolute path, or failed to create log file; + */ +int MESA_runtime_log_init(char * file, int level); +int MESA_system_log_init(char * file, int level); + +/* + * name: runtime_log + * functionality: appends log message to runtime log file. + * params: + * level: log level, messages with level value smaller the global var + * "runtime_log_level" are ignored; + * module: name of loggin module; + * fmt: format string; + * returns: + * none; + */ +void MESA_runtime_log(int level, char * module, char * fmt, ...); + +/* + * fake function. + */ +void MESA_system_log(int level, char * module, char * fmt, ...); + +#ifdef __cplusplus +} +#endif + +#endif + + diff --git a/src/inc/dj_rule.h b/src/inc/dj_rule.h new file mode 100644 index 0000000..a3b5577 --- /dev/null +++ b/src/inc/dj_rule.h @@ -0,0 +1,72 @@ +#ifndef _DJ_RULE_H_
+#define _DJ_RULE_H_
+
+#include <MESA/Maat_rule.h>
+#include <MESA/stream.h>
+#include <MESA/field_stat.h>
+//#include <MESA/stream.h>
+//#include <MESA/field_stat.h>
+//#include <MESA/Maat_rule.h>
+#include <MESA/magellan_logger.h>
+//global maat scanner
+extern void* g_dj_feather;
+extern void* g_dj_stat_handle;
+
+//global doc analyse instance
+extern void* g_dj_doc_instance;
+
+
+/*cache and send*/
+typedef enum
+{
+ COMPLETE=0,
+ FRAG=1,
+ FRAG_END=2,
+}APPD_MSG_TYPE;
+
+typedef void* opt_unit_t;
+typedef void* dj_cache_t;
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+/*for 056jcq jt and audit*/
+int32_t dj_magellan_write_log (const struct streaminfo* a_tcp,const int user_id, const int table_id, magellan_opt_t* opt_array, int opt_num,int t_id);
+
+dj_cache_t create_dj_cache(const char* protocol, struct streaminfo* a_stream);
+void set_dj_cache_send(dj_cache_t handle);
+void destroy_dj_cache(dj_cache_t handle);
+/*
+*if set_dj_cache_send, callback add_dj_cache will send cache data, otherwise only cache not send
+*return -1: get mem_limit ; return 0: OK
+*opt will be free by add_dj_cache
+*/
+int add_dj_cache(dj_cache_t handle, APPD_MSG_TYPE status, opt_unit_t opt);
+
+/*
+*NULL value means nested option, otherwise is simple option
+*opt will be free by dj_cache, if not add_dj_cache, please do not create_opt_unit
+*/
+opt_unit_t create_opt_unit(const char* opt_name, const void* opt_value, int opt_len);
+void append_opt_nested_value(opt_unit_t ext_opt, opt_unit_t inner_opt);
+
+//return 1 if type match, otherwise return 0;
+int is_zip_type(int doctype);
+int is_scan_type(int doctype);
+
+/*
+ * dj_thread_safe_ctime: thread safe(no lock) time to string
+ * tp:current time
+ * buf: [out] to store the time string
+ * len:buffer length
+ */
+char *dj_thread_safe_ctime(const time_t *tp, char *buf, int len);
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
+
diff --git a/src/inc/dns_analyse.h b/src/inc/dns_analyse.h new file mode 100644 index 0000000..9f6e639 --- /dev/null +++ b/src/inc/dns_analyse.h @@ -0,0 +1,242 @@ +#ifndef DNS_ANALYSE_H
+#define DNS_ANALYSE_H
+
+#ifndef u_char
+#define u_char unsigned char
+#endif
+#ifndef u_int16_t
+#define u_int16_t unsigned short
+#endif
+#ifndef u_int32_t
+#define u_int32_t unsigned int //adjust by lqy 20070521 long to int
+#endif
+
+#include <MESA/stream.h>
+
+#define RUNTIME_DNSMODULE "[DNS MODULE:]"
+
+#define DNS_PORT 53
+#define PROTID_DNS 6
+
+#define DNS_MAX_UDP_MESSAGE 512
+#define DNS_MAX_LABEL 63
+#define DNS_MAX_NAME 255
+#define MAX_IP_NUM 128
+#define MAX_CNAME_NUM 32
+#define MAX_NS_NUM 32
+#define MAX_MB_NUM 32
+#define MAX_MX_NUM 32
+#define MAX_SOA_NUM 32
+#define IPV6_LEN 16
+
+#define MAX_FLAG_LEN 30
+
+typedef struct{
+ u_char type; //0-query, 1-response
+ void *apme;
+} dns_info_t;
+
+typedef struct{
+ u_int16_t qtype;
+ u_int16_t qclass;
+ u_char qname[DNS_MAX_NAME + 1];
+} dns_question_t;
+
+typedef struct
+{
+ u_char type; //0-query, 1-response
+ dns_question_t question; //query structure
+ int ipv4_num; //number of ipv4s in response
+ int ipv6_num; //number of ipv6s in response
+ int cname_num; //number of cnames in response
+ int ns_num; //number of ns in response
+ int mb_num; //number of mbs in response
+ int mx_num; //number of mxs in response
+ int soa_num; //number of soa(start of authority) in response
+ unsigned int ipv4[MAX_IP_NUM]; //list of ips in response for ipv4 (network order)
+ unsigned char ipv6[MAX_IP_NUM][IPV6_LEN]; //list of ips in response for ipv6 (network order)
+ u_char cname[MAX_CNAME_NUM][DNS_MAX_NAME]; //list of cnames in response
+ u_char ns[MAX_NS_NUM][DNS_MAX_NAME]; //list of name server(ns)s in response
+ u_char mb[MAX_MB_NUM][DNS_MAX_NAME]; //list of mail box(nmb)s in response
+ u_char mx[MAX_MX_NUM][DNS_MAX_NAME]; //list of mail exchange(mx)s in response
+ u_char soa_manme[MAX_SOA_NUM][DNS_MAX_NAME]; //list of soa master name(mname)s in response
+ u_char soa_rname[MAX_SOA_NUM][DNS_MAX_NAME]; //list of soa responsible name(rname:ranme is a emalil addr)s in response
+} dns_response_t;
+
+typedef struct {
+ u_int16_t id;
+
+#if __BYTE_ORDER == __LITTLE_ENDIAN
+ u_char rd:1;
+ u_char tc:1;
+ u_char aa:1;
+ u_char opcode:4;
+ u_char qr:1;
+ u_char rcode:4;
+ u_char z:3;
+ u_char ra:1;
+#elif __BYTE_ORDER == __BIG_ENDIAN
+ u_char qr:1;
+ u_char opcode:4;
+ u_char aa:1;
+ u_char tc:1;
+ u_char rd:1;
+ u_char ra:1;
+ u_char z:3;
+ u_char rcode:4;
+#endif
+
+ u_int16_t qdcount;
+ u_int16_t ancount;
+ u_int16_t nscount;
+ u_int16_t arcount;
+} dnshdr_t;
+
+#define DNSHDR_OPCODE_QUERY 0
+#define DNSHDR_OPCODE_IQUERY 1
+#define DNSHDR_OPCODE_STATUS 2
+
+#define DNSHDR_RCODE_NOERR 0
+#define DNSHDR_RCODE_FMTERR 1
+#define DNSHDR_RCODE_SRVFAIL 2
+#define DNSHDR_RCODE_NAMEERR 3
+#define DNSHDR_RCODE_NOTIMPL 4
+#define DNSHDR_RCODE_REFUSE 5
+
+#define DNS_HINFO_MAX_CPU 40
+#define DNS_HINFO_MAX_OS 40
+
+typedef struct {
+ u_char name[DNS_MAX_NAME + 1];
+ u_int16_t type;
+ u_int16_t rr_class;
+ u_int32_t ttl;
+ u_int16_t rdlength;
+ union {
+ u_char cname[DNS_MAX_NAME + 1];
+ struct {
+ u_char cpu[DNS_HINFO_MAX_CPU + 1];
+ u_char os[DNS_HINFO_MAX_OS + 1];
+ } hinfo;
+ u_char mb[DNS_MAX_NAME + 1];
+ u_char md[DNS_MAX_NAME + 1];
+ u_char mf[DNS_MAX_NAME + 1];
+ u_char mg[DNS_MAX_NAME + 1];
+ struct {
+ u_char rmailbx[DNS_MAX_NAME + 1];
+ u_char emailbx[DNS_MAX_NAME + 1];
+ } minfo;
+ u_char mr[DNS_MAX_NAME + 1];
+ struct {
+ u_int16_t preference;
+ u_char exchange[DNS_MAX_NAME + 1];
+ } mx;
+ u_char ns[DNS_MAX_NAME + 1];
+ u_char ptr[DNS_MAX_NAME + 1];
+ struct {
+ u_char mname[DNS_MAX_NAME + 1];
+ u_char rname[DNS_MAX_NAME + 1];
+ u_int32_t serial;
+ u_int32_t refresh;
+ u_int32_t retry;
+ u_int32_t expire;
+ u_int32_t minimum;
+ } soa;
+ u_int32_t a;
+ u_char aaaa[16];
+ struct {
+ u_char * txt;
+ u_int32_t size;
+ } txt;
+ struct {
+ u_char * null;
+ u_int32_t size;
+ } null;
+ struct {
+ u_int32_t addr;
+ u_char protocol;
+ u_char * bitmap;
+ u_int32_t size;
+ } wks;
+ } rdata;
+} dns_rr_t;
+
+#define DNS_TYPE_A 1
+#define DNS_TYPE_NS 2
+#define DNS_TYPE_MD 3
+#define DNS_TYPE_MF 4
+#define DNS_TYPE_CNAME 5
+#define DNS_TYPE_SOA 6
+#define DNS_TYPE_MB 7
+#define DNS_TYPE_MG 8
+#define DNS_TYPE_MR 9
+#define DNS_TYPE_NULL 10
+#define DNS_TYPE_WKS 11
+#define DNS_TYPE_PTR 12
+#define DNS_TYPE_HINFO 13
+#define DNS_TYPE_MINFO 14
+#define DNS_TYPE_MX 15
+#define DNS_TYPE_TXT 16
+#define DNS_TYPE_AAAA 28 //dns_ipv6
+
+#define DNS_QTYPE_AXFR 252
+#define DNS_QTYPE_MAILB 253
+#define DNS_QTYPE_MAILA 254
+#define DNS_QTYPE_ANY 255
+
+#define DNS_CLASS_IN 1
+#define DNS_CLASS_CS 2
+#define DNS_CLASS_CH 3
+#define DNS_CLASS_HS 4
+#define DNS_QCLASS_ANY 255
+
+#define NS_INT16SZ 2
+#define NS_INT32SZ 4
+
+#define NS_GET16(s, cp) do { \
+ register u_char *t_cp = (u_char *)(cp); \
+ (s) = ((u_int16_t)t_cp[0] << 8) \
+ | ((u_int16_t)t_cp[1]) \
+ ; \
+ (cp) += NS_INT16SZ; \
+} while (0)
+
+#define NS_GET32(l, cp) do { \
+ register u_char *t_cp = (u_char *)(cp); \
+ (l) = ((u_int32_t)t_cp[0] << 24) \
+ | ((u_int32_t)t_cp[1] << 16) \
+ | ((u_int32_t)t_cp[2] << 8) \
+ | ((u_int32_t)t_cp[3]) \
+ ; \
+ (cp) += NS_INT32SZ; \
+} while (0)
+
+#define NS_PUT16(s, cp) do { \
+ register u_int16_t t_s = (u_int16_t)(s); \
+ register u_char *t_cp = (u_char *)(cp); \
+ *t_cp++ = t_s >> 8; \
+ *t_cp = t_s; \
+ (cp) += NS_INT16SZ; \
+} while (0)
+
+#define NS_PUT32(l, cp) do { \
+ register u_int32_t t_l = (u_int32_t)(l); \
+ register u_char *t_cp = (u_char *)(cp); \
+ *t_cp++ = t_l >> 24; \
+ *t_cp++ = t_l >> 16; \
+ *t_cp++ = t_l >> 8; \
+ *t_cp = t_l; \
+ (cp) += NS_INT32SZ; \
+} while (0)
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif
+
diff --git a/src/inc/ip_control.h b/src/inc/ip_control.h new file mode 100644 index 0000000..c95f201 --- /dev/null +++ b/src/inc/ip_control.h @@ -0,0 +1,57 @@ +/* + * ip_control.h + * + * Created on: 2015年5月26日 + * Author: byte + */ + +#ifndef IP_CONTROL_H_ +#define IP_CONTROL_H_ + +#ifdef __cplusplus +extern "C" +{ +#endif + +#define IPC_WHITE_IP_TYPE 1 +#define IPC_BLACK_IP_TYPE 2 + +typedef struct black_ip_t{ + int thread_num;//线程号 仅DNS使用 + int ip_type;//IP地址类型 IPC_WHITE_IP_TYPE/IPC_BLACK_IP_TYPE 仅DNS使用 + int ip_num;//黑IP个数 + unsigned int ipv4[MAX_IP_NUM];//解析出的IP地址 仅DNS使用 +}black_ip; + +typedef struct target_tag_t +{ + int type;//业务类型 + int rule_id;//规则ID + short risk;//告警级别 + char id[22];//唯一日志ID + black_ip *dns_ip;//仅DNS使用 +}target_tag; + + +/* +* name:make_ip_control_wblist +* functionality:add white or black list +* param: +* [IN]: +* stream:stream info +* thread_num:the thread num +* rule_id:Maat result config_id +* risk:alarm risk +* type:IPC_WHITE_IP_TYPE or IPC_BLACK_IP_TYPE +* [OUT]: none +* returns: +* >0,success; +* <=0, there is error +* */ +//wblist:white black list +int make_ip_control_wblist(struct streaminfo* stream,int thread_num,int rule_id,int risk,int type); + +#ifdef __cplusplus +} +#endif +#endif /* IP_CONTROL_H_ */ diff --git a/src/inc/ip_jt.h b/src/inc/ip_jt.h new file mode 100644 index 0000000..609efe0 --- /dev/null +++ b/src/inc/ip_jt.h @@ -0,0 +1,60 @@ +/* + * ip_control.h + * + * Created on: 2015年5月26日 + * Author: byte + */ + +#ifndef IP_CONTROL_H_ +#define IP_CONTROL_H_ + +#ifdef __cplusplus +extern "C" +{ +#endif + +#define IPC_WHITE_IP_TYPE 1 +#define IPC_BLACK_IP_TYPE 2 + +typedef struct black_ip_t{ + int thread_num;//线程号 仅DNS使用 + int ip_type;//IP地址类型 IPC_WHITE_IP_TYPE/IPC_BLACK_IP_TYPE 仅DNS使用 + int ip_num;//黑IP个数 + unsigned int ipv4[MAX_IP_NUM];//解析出的IP地址 仅DNS使用 +}black_ip; + +typedef struct target_tag_t +{ + int type;//业务类型 + int rule_id;//规则ID + short risk;//告警级别 + char id[22];//唯一日志ID + void *dns_ip;//仅DNS使用 +}target_tag; + + +/* +* name:make_ip_control_wblist +* functionality:add white or black list +* param: +* [IN]: +* stream:stream info +* thread_num:the thread num +* rule_id:Maat result config_id +* risk:alarm risk +* type:IPC_WHITE_IP_TYPE or IPC_BLACK_IP_TYPE +* [OUT]: none +* returns: +* >0,success; +* <=0, there is error +* */ +//wblist:white black list +//int make_ip_control_wblist(struct streaminfo* stream,int thread_num,int rule_id,int risk,int type); +int make_ip_control_wblist(black_ip* dns_black_ip,int rule_id,int risk); + +int ip_control_send_pkt(struct streaminfo *stream,target_tag *flow_tag,const void *raw_pkt,int thread_seq); + +#ifdef __cplusplus +} +#endif +#endif /* IP_CONTROL_H_ */ diff --git a/src/inc/magellan_logger.h b/src/inc/magellan_logger.h new file mode 100644 index 0000000..a73b836 --- /dev/null +++ b/src/inc/magellan_logger.h @@ -0,0 +1,88 @@ +/* +* +*interface:magellan's logger +*the function of magellan_write_log is send the message which contains logrecord +* +*@xj +*@2014-04-30 +************************************************************************* +*@xj 2014-06-30 +*添加支持目的地址组和负载均衡功能 +*/ + +#ifndef _SEND_LOG_H +#define _SEND_LOG_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include <stdint.h> + +/*set type*/ +#define MAGELLAN_BALANCE_MAX_NUM (1) //类型int; ip负载均衡的日志条数,默认50万 +#define MAGELLAN_LOG_INTERVAL_TIME (2) //类型int; 内部统计信息输出的间隔时间,默认1分钟 +#define MAGELLAN_TCP_CONNECT_TIME_OUT (3) //类型int; tcp建立连接最大等待时间,默认5s +#define MAGELLAN_KEEP_LIVE_CHECK_TIME (4) //类型int; 检测ip是否存在的时间,默认5分钟 +#define MAGELLAN_DEBUG_LOG_PATH (5) //类型char *; 打开保存发送成功的日志原始信息开关, 保存的路径 +#define MAGELLAN_THREAD_AMOUNT (6) //类型int; 支持多线程发送 + +typedef struct _magellan_opt{ + int opt_type; + int opt_len; + const void* opt_value; +} magellan_opt_t; + +typedef struct _addr_list{ + unsigned int ip_nr; //network + unsigned short port_nr; //network +}addr_list_t ; + +typedef void * magellan_logger_t; + +/* +* arguments: +* arg1: MAGELLAN handle +* arg2: set type (MAGELLAN_BALANCE_MAX_NUM ......) +* arg3: set value +* arg 4: value size +* returns: +* 成功时返回0, 失败时返回-1。 +*/ +int magellan_set (magellan_logger_t handle, int type, const char *value, int size); + +/* +* arguments: +* arg1:用户ID +* arg2: 库表对应的ID +* arg3:日志选项数组 +* arg 4: 选项的个数 +* arg 5:线程ID + * returns: + * 成功时返回发送长度,失败时返回小于0的值 + * -1, 构造日志信息失败 + * -2, 发送失败 + * -3, 发送的长度和真实长度不相等 + * -4,ip不存在或port未监听 + * -5,线程ID超过最大值 +*/ +int32_t magellan_write_log(magellan_logger_t handle, const int user_id, const int table_id,magellan_opt_t* opt_array,int opt_num, int th_id); + +/* +* +* arguments: +* arg1: 目的地址组, ip和port为网络字节序 +* arg2: 目的地址的个数 +* arg3: MESA_run_time_log 的句柄,为NULL时表示不写日志;5分钟统计一次 +* returns: +* ,失败时返回NULL +*/ +magellan_logger_t magellan_logger_init(addr_list_t *dst_addr, int dst_addr_num, void *run_time_log_handle); + +void magellan_logger_destroy (magellan_logger_t handle); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/src/inc/qdjcq_magellan_id.h b/src/inc/qdjcq_magellan_id.h new file mode 100644 index 0000000..419f88c --- /dev/null +++ b/src/inc/qdjcq_magellan_id.h @@ -0,0 +1,187 @@ +#ifndef __QDJCQ_MAGELLAN_ID_H__
+#define __QDJCQ_MAGELLAN_ID_H__
+
+#define MAX_OPT_VALUE_LEN 10485760
+
+//ѡ��ID
+#define MAGELLAN_OPT_ID 1
+#define MAGELLAN_OPT_BUSINESS_DETECT_ID 2
+#define MAGELLAN_OPT_NAME 3
+#define MAGELLAN_OPT_STATUS 4
+#define MAGELLAN_OPT_SUBMODULE_NAME 5
+#define MAGELLAN_OPT_SUBMODULE_STATUS 6
+#define MAGELLAN_OPT_SUBMODULE_VERSION 7
+#define MAGELLAN_OPT_SUBMODULE_WARNING 8
+#define MAGELLAN_OPT_INSERT_TIME 9
+#define MAGELLAN_OPT_CAP_TIME 10
+#define MAGELLAN_OPT_FILENAME 11
+#define MAGELLAN_OPT_FILEPATH 12
+#define MAGELLAN_OPT_CHECKSUM 13
+#define MAGELLAN_OPT_FILESIZE 14
+#define MAGELLAN_OPT_FILETYPE 15
+#define MAGELLAN_OPT_PROTOCOL 16
+#define MAGELLAN_OPT_ACCOUNT 17
+#define MAGELLAN_OPT_DOMAIN 18
+#define MAGELLAN_OPT_SYSTEM_DETECT_ID 19
+#define MAGELLAN_OPT_PHYSICAL_ID 20
+#define MAGELLAN_OPT_CPU_USAGE 21
+#define MAGELLAN_OPT_RULE_ID 22
+#define MAGELLAN_OPT_NUM 23
+#define MAGELLAN_OPT_SIP 24
+#define MAGELLAN_OPT_SPORT 25
+#define MAGELLAN_OPT_SMAC 26
+#define MAGELLAN_OPT_DIP 27
+#define MAGELLAN_OPT_DPORT 28
+#define MAGELLAN_OPT_DMAC 29
+#define MAGELLAN_OPT_ALERT_TYPE 30
+#define MAGELLAN_OPT_ALERT_POLICY 31
+#define MAGELLAN_OPT_ALERT_DESC 32
+#define MAGELLAN_OPT_RISK 33
+#define MAGELLAN_OPT_ATTACK_TYPE 34
+#define MAGELLAN_OPT_APPLICATION 35
+#define MAGELLAN_OPT_OS 36
+#define MAGELLAN_OPT_IS_UPLOAD 37
+#define MAGELLAN_OPT_PWD 38
+#define MAGELLAN_OPT_TRANS_DIR 39
+#define MAGELLAN_OPT_PLUGIN_ID 40
+#define MAGELLAN_OPT_CPU_RANGE 41
+#define MAGELLAN_OPT_MEM_RANGE 42
+#define MAGELLAN_OPT_MEM_USAGE 43
+#define MAGELLAN_OPT_DISK_UASAGE 44
+#define MAGELLAN_OPT_APP 45
+#define MAGELLAN_OPT_TIME 46
+#define MAGELLAN_OPT_REQUEST 47
+#define MAGELLAN_OPT_RESPONSE 48
+#define MAGELLAN_OPT_UPTIME 49
+#define MAGELLAN_OPT_SOFT_VERSION 50
+#define MAGELLAN_OPT_MALWARE_TYPE 51
+#define MAGELLAN_OPT_MALWARE_NAME 52
+#define MAGELLAN_OPT_PROTO_INFO 53
+#define MAGELLAN_OPT_TROJAN_ID 54
+#define MAGELLAN_OPT_TROJAN_NAME 55
+#define MAGELLAN_OPT_TROJAN_TYPE 56
+#define MAGELLAN_OPT_DESC 57
+#define MAGELLAN_OPT_URL 58
+#define MAGELLAN_OPT_METHOD 59
+#define MAGELLAN_OPT_RET_CODE 60
+#define MAGELLAN_OPT_USER_AGENT 61
+#define MAGELLAN_OPT_COOKIE 62
+#define MAGELLAN_OPT_SERVER 63
+#define MAGELLAN_OPT_REFER 64
+#define MAGELLAN_OPT_MEM 65
+#define MAGELLAN_OPT_DISK 66
+#define MAGELLAN_OPT_FINGER 67
+#define MAGELLAN_OPT_COUNTRY 68
+#define MAGELLAN_OPT_ORGANIZE 69
+#define MAGELLAN_OPT_CNAME 70
+#define MAGELLAN_OPT_SNI 71
+#define MAGELLAN_OPT_UORGANIZE 72
+#define MAGELLAN_OPT_UCNAME 73
+#define MAGELLAN_OPT_DNS 74
+#define MAGELLAN_OPT_DOMAIN_IP 75
+#define MAGELLAN_OPT_EVENT_TYPE 76
+#define MAGELLAN_OPT_MSG 77
+#define MAGELLAN_OPT_IP 78
+#define MAGELLAN_OPT_USER 79
+#define MAGELLAN_OPT_PROGRAM 80
+#define MAGELLAN_OPT_OBJECT 81
+#define MAGELLAN_OPT_RESULT 82
+#define MAGELLAN_OPT_SM_INPATH 83
+#define MAGELLAN_OPT_SM_SUMMARY 84
+#define MAGELLAN_OPT_SM_DESC 85
+#define MAGELLAN_OPT_XM_DIR 86
+#define MAGELLAN_OPT_PROTOCOL_TYPE 87
+#define MAGELLAN_OPT_PROTOCOL_ID 88
+#define MAGELLAN_OPT_SENDER 89
+#define MAGELLAN_OPT_RECEIVER 90
+#define MAGELLAN_OPT_MSG_CONTENT 91
+#define MAGELLAN_OPT_TCP_FLAG 92
+#define MAGELLAN_OPT_IN_BYTES 93
+#define MAGELLAN_OPT_OUT_BYTES 94
+#define MAGELLAN_OPT_IN_PKTS 95
+#define MAGELLAN_OPT_OUT_PKTS 96
+#define MAGELLAN_OPT_START_TIME 97
+#define MAGELLAN_OPT_END_TIME 98
+#define MAGELLAN_OPT_INTERFACE_SEQ 99
+#define MAGELLAN_OPT_INTERFACE_FLAG 100
+#define MAGELLAN_OPT_INTERFACE_STAT 101
+#define MAGELLAN_OPT_INTERFACE_FLOW 102
+#define MAGELLAN_OPT_INTERFACE_ERROR 103
+#define MAGELLAN_OPT_INTERFACE_DROP 104
+#define MAGELLAN_OPT_DURATION_TIME 105
+#define MAGELLAN_OPT_CC 106
+#define MAGELLAN_OPT_BCC 107
+#define MAGELLAN_OPT_SUBJECT 108
+#define MAGELLAN_OPT_AUTHINFO 109
+#define MAGELLAN_OPT_ATTACHMENT 110
+#define MAGELLAN_OPT_MAIL_CONTENT 111
+#define MAGELLAN_OPT_ATTACHMENT_NAME 112
+#define MAGELLAN_OPT_PLUGIN_VERSION 113
+#define MAGELLAN_OPT_PLUGIN_POLICY_VERSION 114
+#define MAGELLAN_OPT_PLUG_ID 115
+
+//AUTHINFO����ʱ��ʹ��
+#define MAGELLAN_OPT_MAIL_FROM 116
+#define MAGELLAN_OPT_RCPT_TO 117
+#define MAGELLAN_OPT_EHLO 118
+
+
+//�ļ�/PCAPѡ��
+#define MAGELLAN_OPT_STREAM_START 200
+#define MAGELLAN_OPT_STREAM_CONT 201
+#define MAGELLAN_OPT_STREAM_END 202
+
+#define MAGELLAN_OPT_PCAP_START MAGELLAN_OPT_STREAM_START
+#define MAGELLAN_OPT_PCAP_CONT MAGELLAN_OPT_STREAM_CONT
+#define MAGELLAN_OPT_PCAP_END MAGELLAN_OPT_STREAM_END
+
+//��ID
+#define TABID_BUSINESS_MODULE_DETECT_INFO 1
+#define TABID_COMPRESS_ALARM_FILE 2
+#define TABID_KEYWORD_ALARM_FILE 3
+#define TABID_SM_NETDISK_ELEMENT 4
+#define TABID_SYSTEM_CPU_DETECT_INFO 5
+#define TABID_DOMAIN_LISTEN_FILE 9 //9
+#define TABID_ABNORMAL_ALARM 7
+#define TABID_IP_LISTEN_FILE 8
+#define TABID_ATTACK_ALARM 6
+#define TABID_URL_LISTEN_FILE 10 //10
+#define TABID_SM_FILETRANSFER_ELEMENT 38
+#define TABID_SYSTEM_PLUGIN_DETECT_INFO 12
+#define TABID_DNS_AUDIT_LOG 13
+#define TABID_MALWARE_ALARM_FILE 14
+#define TABID_BUSINESS_DETECT_INFO 15
+#define TABID_MALWARE_ALARM 16
+#define TABID_TROJAN_ALARM 17
+#define TABID_FILE_TRNS_AUDIT_LOG 18
+#define TABID_ATTACK_ALARM_FILE 19
+#define TABID_SM_HTTP_ELEMENT 20
+#define TABID_SENSITIVE_ALARM_FILE 21
+#define TABID_SYSTEM_DETECT_INFO 22
+#define TABID_SSL_AUDIT_LOG 23
+#define TABID_DOMAIN_LISTEN_ALARM 24
+#define TABID_ABNORMAL_FILE 25
+#define TABID_URL_LISTEN_ALARM 26
+#define TABID_BUSINESS_SUSPECTED_DETECT_INFO 27
+#define TABID_SYSTEM_AUDIT_LOG 28
+#define TABID_TROJAN_ALARM_FILE 29
+#define TABID_SM_CONTENT_ALARM 30
+#define TABID_SM_IM_ELEMENT 31
+#define TABID_PICTURE_ALARM_FILE 32
+#define TABID_NET_AUDIT 33
+#define TABID_BUSINESS_INTERFACE_DETECT_INFO 34
+#define TABID_SM_EMAIL_ELEMENT 35
+#define TABID_STYLE_ALARM_FILE 36
+#define TABID_MAIL_AUDIT_LOG 37
+#define TABID_ACCOUNT_LISTEN_FILE 11 //11
+#define TABID_WEB_AUDIT_LOG 39
+#define TABID_ENCRYPT_ALARM_FILE 40
+#define TABID_ACCOUNT_LISTEN_ALARM 41
+#define TABID_BUSINESS_PLUGIN_DETECT_INFO 42
+#define TABID_IP_LISTEN_ALARM 43
+#define TABID_PLUG_STATUS_INFO 44
+
+//�û�ID
+#define QDJCQ_MGLL_USERID 1
+
+#endif
|