forked from Angelic47/aids-dpi
-
Notifications
You must be signed in to change notification settings - Fork 0
/
appinfo.h
133 lines (105 loc) · 3.51 KB
/
appinfo.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
#ifndef AIDS_APPINFO_H
#define AIDS_APPINFO_H
#include <linux/kernel.h>
#include <linux/init.h>
#include <linux/module.h>
#include "packageinfo.h"
#include "aids.h"
#include "aids_bm.h"
#include "kpcre2.h"
#define AIDS_REGEXP_HTTPREQ "(GET|HEAD|POST|PUT|OPTION|DELETE|TRACE|CONNECT) (.+) HTTP/([0-9.]+)\\r\\n(.+?\\r\\n)\\r\\n(.*)"
#define AIDS_REGEXP_HTTPRESP "HTTP/([0-9.]+) ([0-9]+) (.+?)\\r\\n(.+?\\r\\n)\\r\\n(.*)"
#define AIDS_REGEXP_HTTPHEADER "[ ]*(.+?)[ ]*:[ ]*(.+?)\\r\\n"
#define AIDS_REGEXP_HTTP_PMATCHCOUNT 6
#define AIDS_REGEXP_HTTPHEADER_PMATCHCOUNT 3
enum MatchMethod {
EXACT_MATCH = 0,
REGULAR_MATCH = 1,
NO_FIXED_DATA_MATCH = 2,
MATCH_MULTI_DATA = 3,
PART_EXACT_MATCH = 4,
BM_MATCH_STR = 5
};
struct MultiSubnet
{
u32 net;
u32 mask;
};
struct aids_http_match_info
{
u8 index;
enum MatchMethod match_method;
char *data;
u32 data_len;
regex_t re;
struct aids_bm* bm;
};
struct aids_app_info
{
u8 is_http;
u32 appid;
u16 *len_range;
u16 len_range_count;
u16* port_range;
u16 port_range_count;
enum Proto proto;
enum DIR dir;
u8 *pkt_seq;//bool[]
u32 *multi_dst_addr;
u16 multi_dst_addr_count;
struct MultiSubnet *multi_subnet;
u16 multi_subnet_count;
u32 rule_id;
enum MatchMethod match_method;
struct aids_http_match_info *http_match_info;
u16 http_match_info_count;
regex_t re;
struct aids_bm* bm;
char *data;
u32 data_len;
};
struct aids_app_info_list
{
struct aids_app_info app_info;
struct aids_app_info_list* next;
};
struct aids_info_list_port
{
struct aids_app_info_list* appinfo;
struct aids_info_list_port* next;
};
struct aids_seg_tree_list
{
struct aids_app_info_list* appinfo;
struct aids_seg_tree_list* next;
};
struct aids_seg_tree_node
{
u16 min_num, max_num, mid_num;
struct aids_seg_tree_list *list;
struct aids_seg_tree_node *left, *right;
};
void aids_package_info_http_cleanup(struct aids_package_info* package_info);
int aids_init_reg_http(void);
void aids_deinit_reg_http(void);
void aids_http_reg_match(struct aids_package_info* package_info);
void aids_init_appinfo(u16 max_seq_t);
void aids_deinit_appinfo(void);
void aids_del_app_info(struct aids_app_info* app_info);
struct aids_app_info_list* aids_create_info_list_node(struct aids_app_info appinfo);
void aids_set_info_list_node(struct aids_app_info_list** position, struct aids_app_info appinfo);
void aids_del_info_list(struct aids_app_info_list* position);
struct aids_info_list_port* aids_create_port_list_node(struct aids_app_info_list* appinfo);
void aids_set_port_list_node(struct aids_info_list_port** position, struct aids_app_info_list* appinfo);
void aids_del_port_list(struct aids_info_list_port* position);
struct aids_seg_tree_list* aids_create_seg_list_node(struct aids_app_info_list* appinfo);
void aids_set_seg_list_node(struct aids_seg_tree_list** position, struct aids_app_info_list* appinfo);
void aids_del_seg_list(struct aids_seg_tree_list* position);
struct aids_seg_tree_node* aids_create_seg_tree(u16 min, u16 max);
void aids_add_seg_tree_rule(u16 min, u16 max, struct aids_seg_tree_node* head, struct aids_app_info_list* appinfo);
void aids_init_seg_tree(struct aids_seg_tree_node* head, struct aids_app_info_list* info_list);
struct aids_seg_tree_list* aids_seg_tree_get_query_list(struct aids_seg_tree_node* head, u16 length);
u32 aids_seg_tree_get_appid(struct aids_seg_tree_node* head, struct aids_package_info* conn_info);
void aids_delete_seg_tree(struct aids_seg_tree_node* head);
u32 aids_check_if_app(struct aids_seg_tree_list* pointer, struct aids_package_info * conn_info);
#endif