push: code changes x2
This commit is contained in:
Domingo Dirutigliano
@@ -20,6 +20,7 @@
|
||||
#include "../classes/netfilter.cpp"
|
||||
#include "stream_ctx.cpp"
|
||||
#include "regex_rules.cpp"
|
||||
#include "../utils.cpp"
|
||||
|
||||
using namespace std;
|
||||
|
||||
@@ -30,8 +31,6 @@ namespace Regex {
|
||||
using Tins::TCPIP::Stream;
|
||||
using Tins::TCPIP::StreamFollower;
|
||||
|
||||
|
||||
|
||||
class RegexNfQueue : public NfQueue::ThreadNfQueue<RegexNfQueue> {
|
||||
public:
|
||||
stream_ctx sctx;
|
||||
@@ -39,7 +38,7 @@ public:
|
||||
StreamFollower follower;
|
||||
NfQueue::PktRequest<RegexNfQueue>* pkt;
|
||||
|
||||
bool filter_action(NfQueue::PktRequest<RegexNfQueue>* pkt){
|
||||
bool filter_action(NfQueue::PktRequest<RegexNfQueue>* pkt, const string& data){
|
||||
shared_ptr<RegexRules> conf = regex_config;
|
||||
|
||||
auto current_version = conf->ver();
|
||||
@@ -85,12 +84,12 @@ public:
|
||||
stream_match = stream_search->second;
|
||||
}
|
||||
err = hs_scan_stream(
|
||||
stream_match,pkt->data, pkt->data_size,
|
||||
stream_match, data.c_str(), data.size(),
|
||||
0, scratch_space, match_func, &match_res
|
||||
);
|
||||
}else{
|
||||
err = hs_scan(
|
||||
regex_matcher,pkt->data, pkt->data_size,
|
||||
regex_matcher, data.c_str(), data.size(),
|
||||
0, scratch_space, match_func, &match_res
|
||||
);
|
||||
}
|
||||
@@ -102,7 +101,7 @@ public:
|
||||
throw invalid_argument("Cannot close stream match on hyperscan");
|
||||
}
|
||||
if (err != HS_SUCCESS && err != HS_SCAN_TERMINATED) {
|
||||
cerr << "[error] [filter_callback] Error while matching the stream (hs)" << endl;
|
||||
cerr << "[error] [filter_callback] Error while matching the stream (hs) " << err << endl;
|
||||
throw invalid_argument("Error while matching the stream with hyperscan");
|
||||
}
|
||||
if (match_res.has_matched){
|
||||
@@ -113,41 +112,13 @@ public:
|
||||
return true;
|
||||
}
|
||||
|
||||
void handle_next_packet(NfQueue::PktRequest<RegexNfQueue>* _pkt) override{
|
||||
pkt = _pkt; // Setting packet context
|
||||
if (pkt->tcp){
|
||||
if (pkt->ipv4){
|
||||
follower.process_packet(*pkt->ipv4);
|
||||
}else{
|
||||
follower.process_packet(*pkt->ipv6);
|
||||
}
|
||||
//Fallback to the default action
|
||||
if (pkt->get_action() == NfQueue::FilterAction::NOACTION){
|
||||
return pkt->accept();
|
||||
}
|
||||
}else{
|
||||
if (!pkt->udp){
|
||||
throw invalid_argument("Only TCP and UDP are supported");
|
||||
}
|
||||
if(pkt->data_size == 0){
|
||||
return pkt->accept();
|
||||
}else if (filter_action(pkt)){
|
||||
return pkt->accept();
|
||||
}else{
|
||||
return pkt->drop();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
//If the stream has already been matched, drop all data, and try to close the connection
|
||||
static void keep_fin_packet(RegexNfQueue* nfq){
|
||||
nfq->pkt->reject();// This is needed because the callback has to take the updated pkt pointer!
|
||||
nfq->pkt->reject(); // This is needed because the callback has to take the updated pkt pointer!
|
||||
}
|
||||
|
||||
static void on_data_recv(Stream& stream, RegexNfQueue* nfq, string data) {
|
||||
nfq->pkt->data = data.data();
|
||||
nfq->pkt->data_size = data.size();
|
||||
if (!nfq->filter_action(nfq->pkt)){
|
||||
static void on_data_recv(Stream& stream, RegexNfQueue* nfq, const string& data) {
|
||||
if (!nfq->filter_action(nfq->pkt, data)){
|
||||
nfq->sctx.clean_stream_by_id(nfq->pkt->sid);
|
||||
stream.client_data_callback(bind(keep_fin_packet, nfq));
|
||||
stream.server_data_callback(bind(keep_fin_packet, nfq));
|
||||
@@ -157,12 +128,14 @@ public:
|
||||
|
||||
//Input data filtering
|
||||
static void on_client_data(Stream& stream, RegexNfQueue* nfq) {
|
||||
on_data_recv(stream, nfq, string(stream.client_payload().begin(), stream.client_payload().end()));
|
||||
auto data = stream.client_payload();
|
||||
on_data_recv(stream, nfq, string((char*)data.data(), data.size()));
|
||||
}
|
||||
|
||||
//Server data filtering
|
||||
static void on_server_data(Stream& stream, RegexNfQueue* nfq) {
|
||||
on_data_recv(stream, nfq, string(stream.server_payload().begin(), stream.server_payload().end()));
|
||||
auto data = stream.server_payload();
|
||||
on_data_recv(stream, nfq, string((char*)data.data(), data.size()));
|
||||
}
|
||||
|
||||
// A stream was terminated. The second argument is the reason why it was terminated
|
||||
@@ -181,6 +154,32 @@ public:
|
||||
stream.stream_closed_callback(bind(on_stream_close, placeholders::_1, nfq));
|
||||
}
|
||||
|
||||
void handle_next_packet(NfQueue::PktRequest<RegexNfQueue>* _pkt) override{
|
||||
pkt = _pkt; // Setting packet context
|
||||
if (pkt->tcp){
|
||||
if (pkt->ipv4){
|
||||
follower.process_packet(*pkt->ipv4);
|
||||
}else{
|
||||
follower.process_packet(*pkt->ipv6);
|
||||
}
|
||||
//Fallback to the default action
|
||||
if (pkt->get_action() == NfQueue::FilterAction::NOACTION){
|
||||
return pkt->accept();
|
||||
}
|
||||
}else{
|
||||
if (!pkt->udp){
|
||||
throw invalid_argument("Only TCP and UDP are supported");
|
||||
}
|
||||
if(pkt->data_size() == 0){
|
||||
return pkt->accept();
|
||||
}else if (filter_action(pkt, string(pkt->data(), pkt->data_size()))){
|
||||
return pkt->accept();
|
||||
}else{
|
||||
return pkt->drop();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void before_loop() override{
|
||||
follower.new_stream_callback(bind(on_new_stream, placeholders::_1, this));
|
||||
follower.stream_termination_callback(bind(on_stream_close, placeholders::_1, this));
|
||||
|
||||
Reference in New Issue
Block a user