-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdpi_engine.h
215 lines (176 loc) · 6.58 KB
/
dpi_engine.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
#include <linux/skbuff.h>
#define SW_APP (1 << 1)
#define TDTS_RES_TYPE_APPID SW_APP
#define SW_FG_FINAL 0x0001 /* final */
#define SW_FG_NOTIA 0x0002 /* no interest (deprecated) */
#define SW_FG_NOINT SW_FG_NOTIA /* no interest */
#define SW_FG_NOMORE 0x0004 /* no more */
#define TDTS_DEVID_MAX_HOST_NAME_LEN 32
typedef struct {
char *name; // Attack name
char *cat_name; // Attack category name
uint32_t rule_id; // Rule ID
// unsigned short cat_id; // Attack category ID
uint16_t cat_id; // Attack category ID
uint8_t proto; // Protocol
uint8_t severity; // Severity
} tdts_ips_matching_results_t;
typedef struct {
/*
* Under-development.
*/
} tdts_adp_matching_results_t;
typedef struct {
char *cat_name; // Category name
char *app_name; // Application name
char *beh_name; // Behavior name
/*
* * behinst:
* 8 bit 16 bit 8 bit
* +-----------------------------+
* | cat id | app id | beh id |
* +-----------------------------+
*/
uint8_t cat_id; // Category ID
uint16_t app_id; // Application ID
uint8_t beh_id; // Behavior ID
/* misc */
uint32_t action; // Recommended action to take.
uint32_t fwmark; // Firewall mark (deprecated)
} tdts_appid_matching_results_t;
typedef struct {
uint16_t vendor_id; //!< Vendor ID, e.g. "Microsoft"
uint16_t name_id; //!< OS name ID, e.g. "Windows XP"
uint16_t class_id; //!< OS class ID, e.g. "Windows Series"
uint16_t cat_id; //!< Device Category ID, e.g. "Phone", "TV"
uint16_t dev_id; //!< Device Name ID, e.g. "iPhone 4", "Windows Phone"
uint16_t family_id; //!< Device family ID, e.g. "Handheld family", etc.
/* It's recommended to pick-up the higher prio rule. */
uint16_t prio; //!< Priority of matched rule (0: highest prio, 65535: lowest prio).
unsigned char host_name[TDTS_DEVID_MAX_HOST_NAME_LEN]; //!< Detected device host name in DHCP (if any).
} tdts_devid_matching_results_t;
typedef struct {
char *domain;
unsigned domain_len;
char *path;
unsigned path_len;
char *referer;
unsigned referer_len;
char cat[4];
char score;
char hook;
unsigned char *mac;
unsigned char act;
} tdts_url_matching_results_t;
typedef struct {
unsigned short type;
unsigned short flags;
int pkt_decoder_verdict;
tdts_ips_matching_results_t ips;
tdts_appid_matching_results_t appid;
tdts_devid_matching_results_t devid;
tdts_url_matching_results_t url;
tdts_adp_matching_results_t adp;
} tdts_pkt_matching_results_t;
typedef enum {
TDTS_PKT_PARAMETER_PKT_TYPE_NONE = 0,
TDTS_PKT_PARAMETER_PKT_TYPE_L2_ETHERNET,
TDTS_PKT_PARAMETER_PKT_TYPE_L3_IP,
TDTS_PKT_PARAMETER_PKT_TYPE_L3_IP6,
TDTS_PKT_PARAMETER_PKT_TYPE_MAX
} tdts_pkt_parameter_pkt_type_t;
typedef struct pkt_parameter {
/*
* Callers' arguments to pass to TDTS.
*/
unsigned short req_flag;
unsigned short reserved;
tdts_pkt_parameter_pkt_type_t pkt_type;
void *pkt_ptr;
unsigned pkt_len;
unsigned long pkt_time_sec;
char hook;
char cat[4];
struct pkt_parameter *(*async_prepare) (struct pkt_parameter *);
int (*async_send) (struct pkt_parameter *);
void *private_ptr;
/*
* TDTS response for callers to read.
*/
tdts_pkt_matching_results_t results;
} tdts_pkt_parameter_t;
#define IS_FLAGS_FINAL(__sw) ((__sw)->flags & SW_FG_FINAL)
#define IS_FLAGS_NOINT(__sw) ((__sw)->flags & SW_FG_NOINT)
#define IS_FLAGS_NOMORE(__sw) ((__sw)->flags & SW_FG_NOMORE)
/*
* APPID results
*/
#define TDTS_PKT_PARAMETER_RES_APPID(_param) (&((_param)->results.appid))
#define TDTS_PKT_PARAMETER_RES_APPID_CAT_ID(__param) TDTS_PKT_PARAMETER_RES_APPID(__param)->cat_id
#define TDTS_PKT_PARAMETER_RES_APPID_CAT_NAME(__param) TDTS_PKT_PARAMETER_RES_APPID(__param)->cat_name
#define TDTS_PKT_PARAMETER_RES_APPID_APP_ID(__param) TDTS_PKT_PARAMETER_RES_APPID(__param)->app_id
#define TDTS_PKT_PARAMETER_RES_APPID_APP_NAME(__param) TDTS_PKT_PARAMETER_RES_APPID(__param)->app_name
#define TDTS_PKT_PARAMETER_RES_APPID_BEH_ID(__param) TDTS_PKT_PARAMETER_RES_APPID(__param)->beh_id
#define TDTS_PKT_PARAMETER_RES_APPID_BEH_NAME(__param) TDTS_PKT_PARAMETER_RES_APPID(__param)->beh_name
#define TDTS_PKT_PARAMETER_RES_APPID_ACTION(__param) TDTS_PKT_PARAMETER_RES_APPID(__param)->action
#define TDTS_PKT_PARAMETER_RES_APPID_FWMARK(__param) TDTS_PKT_PARAMETER_RES_APPID(__param)->fwmark
#define TDTS_PKT_PARAMETER_RES_APPID_CHECK_FINAL(__param) IS_FLAGS_FINAL(&((__param)->results))
#define TDTS_PKT_PARAMETER_RES_APPID_CHECK_NOMORE(__param) IS_FLAGS_NOMORE(&((__param)->results))
#define TDTS_PKT_PARAMETER_RES_APPID_CHECK_NOINT(__param) IS_FLAGS_NOINT(&((__param)->results))
static inline unsigned short
__attribute__ ((unused)) tdts_check_pkt_parameter_res(const
tdts_pkt_parameter_t *
pkt_param,
unsigned short
res_type)
{
return (pkt_param->results.type & res_type);
}
#define tdts_init_pkt_matching_results_url(__mr) \
do { \
(__mr)->url.domain = NULL; \
(__mr)->url.domain_len = 0; \
(__mr)->url.path = NULL; \
(__mr)->url.path_len = 0; \
(__mr)->url.referer = NULL; \
(__mr)->url.referer_len = 0; \
} while (0)
#define tdts_init_pkt_matching_results(_mr) \
do { \
(_mr)->type = 0; \
(_mr)->flags = 0; \
tdts_init_pkt_matching_results_url(_mr); \
} while (0)
/* req flag */
#define tdts_set_pkt_parameter_req_flag(__param, __req_flag) \
do { \
(__param)->req_flag = __req_flag; \
} while (0)
#define tdts_get_pkt_parameter_req_flag(__param) ((__param)->req_flag)
/* pkt time */
#define tdts_set_pkt_parameter_pkt_time(__param, __sec) \
do { \
(__param)->pkt_time_sec = (unsigned long) (__sec); \
} while (0)
#define tdts_get_pkt_parameter_pkt_time(__param, __sec) ((__param)->pkt_time_sec)
/* pkt param */
#define tdts_set_pkt_parameter(_param, _pkt, _pkt_len, _pkt_type) \
do { \
(_param)->pkt_type = _pkt_type; \
(_param)->pkt_ptr = (void *) (_pkt); \
(_param)->pkt_len = _pkt_len; \
tdts_init_pkt_matching_results(&((_param)->results)); \
} while (0)
#define tdts_init_pkt_parameter(___param, ___req_flag, ___pkt_time) \
do { \
tdts_set_pkt_parameter(___param, NULL, 0, TDTS_PKT_PARAMETER_PKT_TYPE_NONE); \
tdts_set_pkt_parameter_req_flag(___param, ___req_flag); \
tdts_set_pkt_parameter_pkt_time(___param, ___pkt_time); \
} while (0)
#define tdts_set_pkt_parameter_l3_ip(__param, __pkt, __pkt_len) \
tdts_set_pkt_parameter(__param, __pkt, __pkt_len, TDTS_PKT_PARAMETER_PKT_TYPE_L3_IP)
#define tdts_set_pkt_parameter_l3_ip6(__param, __pkt, __pkt_len) \
tdts_set_pkt_parameter(__param, __pkt, __pkt_len, TDTS_PKT_PARAMETER_PKT_TYPE_L3_IP6)
extern int tdts_shell_dpi_l3_skb(struct sk_buff *skb,
tdts_pkt_parameter_t * param);
extern int tdts_shell_dpi_l3_data(struct sk_buff *, tdts_pkt_parameter_t *);