summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--include/stellar/kv.h52
-rw-r--r--include/stellar/scanner.h132
2 files changed, 105 insertions, 79 deletions
diff --git a/include/stellar/kv.h b/include/stellar/kv.h
new file mode 100644
index 0000000..c9c2c81
--- /dev/null
+++ b/include/stellar/kv.h
@@ -0,0 +1,52 @@
+#pragma once
+
+#include <stddef.h>
+#include <uuid/uuid.h>
+
+enum vtype
+{
+ FIELD_VALUE_INTEGER,
+ FIELD_VALUE_DOUBLE,
+ FIELD_VALUE_CSTRING,
+};
+
+struct kv
+{
+ const char *key;
+ size_t key_sz;
+ enum vtype type;
+ union
+ {
+ long long value_longlong;
+ double value_double;
+ struct
+ {
+ const char *str;
+ size_t sz;
+ }value_str;
+ uuid_t uuid;
+ struct
+ {
+ struct kv **elements;
+ size_t n_element;
+ }value_list;
+ };
+};
+
+struct kv_table;
+
+struct kv_table *kv_table_new(size_t n_reserved);
+struct kv_table *kv_table_new_by_indexing(struct kv *kv);
+
+
+
+struct kv_table
+{
+ struct kv *kv;
+ UT_handle hh;
+};
+
+
+int kv_table_add(struct kv_table *table, struct kv *kv);
+
+const struct kv *kv_table_get(struct kv_table *table, const char *key, size_t key_sz); \ No newline at end of file
diff --git a/include/stellar/scanner.h b/include/stellar/scanner.h
index 6655b9b..442f632 100644
--- a/include/stellar/scanner.h
+++ b/include/stellar/scanner.h
@@ -8,13 +8,13 @@ extern "C"
#include "maat.h"
#include <stddef.h>
-struct scanner_module;
-struct scanner_module *stellar_module_get_scanner(struct stellar_module_manager *mod_mgr);
+struct scanner;
+struct scanner *stellar_module_get_scanner(struct stellar_module_manager *mod_mgr);
/*
@ return cm maat instance
*/
-struct maat *scanner_module_get_maat_instance(struct scanner_module *scanner);
+struct maat *scanner_module_get_maat_instance(struct scanner *scanner);
//const char *plugin_exdata_get0_object_table_name(struct maat *cm_maat, const char *attribute_name);
@@ -22,23 +22,6 @@ struct maat *scanner_module_get_maat_instance(struct scanner_module *scanner);
@ exdata/message shares the memory of policy_exdata, so we need to free the memory of policy_exdata in exdata free callback
*/
-typedef void security_rule_on_packet_callback(struct packet *pkt, uuid_t rule_uuids[], int appid[], size_t n_rule_uuids, void *args);
-int scanner_module_subscribe_security_rule_on_packet(struct scanner_module *scanner, security_rule_on_packet_callback *cb, void *args);
-
-typedef void security_rule_on_session_callback(struct session *sess, uuid_t rule_uuids[], int appid[], size_t n_rule_uuids, void *args);
-int scanner_module_subscribe_security_rule_on_session(struct scanner_module *scanner, security_rule_on_session_callback *cb, void *args);
-
-typedef void monitor_rule_on_packet_callback(struct packet *pkt, uuid_t rule_uuids[], size_t n_rule_uuids, void *args);
-int scanner_module_subscribe_monitor_rule_on_packet(struct scanner_module *scanner, monitor_rule_on_packet_callback *cb, void *args);
-
-typedef void monitor_rule_on_session_callback(struct session *sess, uuid_t rule_uuids[], size_t n_rule_uuids, void *args);
-int scanner_module_subscribe_monitor_rule_on_session(struct scanner_module *scanner, monitor_rule_on_session_callback *cb, void *args);
-
-typedef void dos_protection_rule_on_packet_callback(struct packet *pkt, uuid_t rule_uuids[], size_t n_rule_uuids, void *args);
-int scanner_module_subscribe_dos_protection_rule_on_packet(struct scanner_module *scanner, dos_protection_rule_on_packet_callback *cb, void *args);
-
-typedef void dos_protection_rule_on_session_callback(struct session *sess, uuid_t rule_uuids[], size_t n_rule_uuids, void *args);
-int scanner_module_subscribe_dos_protection_rule_on_session(struct scanner_module *scanner, dos_protection_rule_on_session_callback *cb, void *args);
enum RULE_TYPE
{
@@ -53,15 +36,26 @@ enum RULE_TYPE
RULE_TYPE_MAX
};
-struct policy_exdata;
-struct policy_exdata *scanner_module_get0_policy_exdata_on_session(struct scanner_module *scanner, struct session *sess);
-struct policy_exdata *scanner_module_get0_policy_exdata_on_packet(struct scanner_module *scanner, struct packet *pkt);
+typedef void packet_match_callback(struct packet *pkt, uuid_t rule[], size_t n_rule, void *args);
+
+int scanner_subscribe_packet_match(struct scanner * scanner, enum RULE_TYPE type, packet_match_callback *cb, void *args);
+
+typedef void session_match_callback(struct session *sess, struct packet *pkt, uuid_t rule[], size_t n_rule, void *args);
-size_t policy_exdata_get0_cumulative_rule_count(struct policy_exdata *exdata, enum RULE_TYPE rule_type);
-size_t policy_exdata_get0_cumulative_rules(struct policy_exdata *exdata, enum RULE_TYPE rule_type, uuid_t rule_uuids[], char *rule_action[], size_t n_rule_uuids);
+int scanner_subscribe_session_match(struct scanner * scanner, enum RULE_TYPE type, session_match_callback *cb, void *args);
+
+struct scanner_state;
+
+int scanner_state_get_security_policy_matched_appid(struct scanner_state *state, uuid_t rule);
+
+const struct scanner_state *scanner_get_state_on_session(struct scanner *scanner, struct session *sess);
+const struct scanner_state *scanner_get_state_on_packet(struct scanner *scanner, struct packet *pkt);
+
+size_t scanner_state_get_history_rule_count(struct scanner_state *exdata, enum RULE_TYPE rule_type);
+size_t scanner_state_get_history_rules(struct scanner_state *exdata, enum RULE_TYPE rule_type, uuid_t rule_uuids[], char *rule_action[], size_t n_rule_uuids);
-size_t policy_exdata_get0_delta_rule_count(struct policy_exdata *exdata, enum RULE_TYPE rule_type);
-size_t policy_exdata_get0_delta_rules(struct policy_exdata *exdata, enum RULE_TYPE rule_type, uuid_t rule_uuids[], char *rule_action[], size_t n_rule_uuids);
+size_t scanner_state_get_current_packet_rule_count(struct scanner_state *exdata, enum RULE_TYPE rule_type);
+size_t scanner_state_get_current_packet_rules(struct scanner_state *exdata, enum RULE_TYPE rule_type, uuid_t rule_uuids[], char *rule_action[], size_t n_rule_uuids);
enum ATTRIBUTE_TYPE
{
@@ -72,19 +66,17 @@ enum ATTRIBUTE_TYPE
ATTRIBUTE_TYPE_MAX
};
-const char *plugin_exdata_get0_available_object_type(struct maat *cm_maat, const char *attribute_name);
+const char *scanner_attribute_name_to_object_type(struct scanner *scanner, const char *attribute_name);
/* object option is brief or elaborate */
-size_t policy_exdata_get0_cumulative_object_count(struct policy_exdata *exdata, enum ATTRIBUTE_TYPE attr_type);
-size_t policy_exdata_get0_cumulative_hit_objects(struct policy_exdata *exdata, enum ATTRIBUTE_TYPE attr_type, struct maat_hit_object hit_objects[], size_t n_hit_objects);
+size_t scanner_state_get_history_object_count(struct scanner_state *exdata, enum ATTRIBUTE_TYPE attr_type);
+size_t scanner_state_get_current_packet_hit_objects(struct scanner_state *exdata, enum ATTRIBUTE_TYPE attr_type, struct maat_hit_object hit_objects[], size_t n_hit_objects);
-size_t policy_exdata_get0_delta_hit_object_count(struct policy_exdata *exdata, enum ATTRIBUTE_TYPE attr_type);
-size_t policy_exdata_get0_delta_hit_objects(struct policy_exdata *exdata, enum ATTRIBUTE_TYPE attr_type, struct maat_hit_object hit_objects[], size_t n_hit_objects);
+size_t scanner_state_get_current_packet_hit_object_count(struct scanner_state *exdata, enum ATTRIBUTE_TYPE attr_type);
+size_t scanner_state_get_current_packet_hit_objects(struct scanner_state *exdata, enum ATTRIBUTE_TYPE attr_type, struct maat_hit_object hit_objects[], size_t n_hit_objects);
-void scanner_module_mark_log_option_on_session(struct scanner_module *scanner, struct session *sess, enum LOG_OPTION log_option);
-void scanner_module_mark_packet_capture_on_session(struct scanner_module *scanner, struct session *sess, size_t depth);
-void scanner_module_mark_packet_mirroring_on_session(struct scanner_module *scanner, struct session *sess, int32_t *vlan_id, size_t n_vlan_id);
-void scanner_module_mark_packet_mirroring_on_packet(struct scanner_module *scanner, struct packet *pkt, int32_t *vlan_id, size_t n_vlan_id);
+void scanner_session_record_enable_brief(struct scanner *scanner, struct session *session);
+void scanner_session_record_enable_elaborate(struct scanner *scanner, struct session *session);
/*
Session JSON:
@@ -97,53 +89,35 @@ void scanner_module_mark_packet_mirroring_on_packet(struct scanner_module *scann
Decode Path / Decode AS
*/
-struct attribute_exdata *scanner_module_get0_attribute_exdata_on_session(struct scanner_module *scanner, struct session *sess);
-struct attribute_exdata *scanner_module_get0_attribute_exdata_on_packet(struct scanner_module *scanner, struct packet *pkt);
+#include "stellar/kv.h"
-struct attribute_exdata
+enum attribute_index
{
- char *application;
- size_t application_sz;
- char *application_category;
- size_t application_category_sz;
- char *application_transition;
- size_t application_transition_sz;
- char *application_content;
- size_t application_content_sz;
- char *server_fqdn;
- size_t server_fqdn_sz;
- char *server_domain;
- size_t server_domain_sz;
- char *imei;
- size_t imei_sz;
- char *imsi;
- size_t imsi_sz;
- char *phone_number;
- size_t phone_number_sz;
- char *apn;
- size_t apn_sz;
- char *client_subscriber_id;
- size_t client_subscriber_id_sz;
- char *client_asn;
- size_t client_asn_sz;
- char *server_asn;
- size_t server_asn_sz;
- char *client_country_code;
- size_t client_country_code_sz;
- char *server_country_code;
- size_t server_country_code_sz;
- char *decode_path;
- size_t decode_path_sz;
- char *decode_as;
- size_t decode_as_sz;
- uuid_t *client_ip_tag_rule_uuids;
- size_t n_client_ip_tag_rule_uuids;
- uuid_t *server_ip_tag_rule_uuids;
- size_t n_server_ip_tag_rule_uuids;
- uuid_t *server_fqdn_tag_rule_uuids;
- size_t n_server_fqdn_tag_rule_uuids;
+ ATTRIBUTE_APPLICATION=0,
+ ATTRIBUTE_APPLICATION_CATEGORY,
+ ATTRIBUTE_APPLICATION_TRANSITION,
+ ATTRIBUTE_APPLICATION_CONTENT,
+ ATTRIBUTE_SERVER_FQDN,
+ ATTRIBUTE_SERVER_DOMAIN,
+ ATTRIBUTE_IMEI,
+ ATTRIBUTE_IMSI,
+ ATTRIBUTE_PHONE_NUMBER,
+ ATTRIBUTE_APN,
+ ATTRIBUTE_CLIENT_SUBSCRIBER_ID,
+ ATTRIBUTE_CLIENT_ASN,
+ ATTRIBUTE_SERVER_ASN,
+ ATTRIBUTE_CLIENT_COUNTRY_CODE,
+ ATTRIBUTE_SERVER_COUNTRY_CODE,
+ ATTRIBUTE_DECODE_PATH,
+ ATTRIBUTE_DECODE_AS,
+ ATTRIBUTE_MAX
};
+const struct kv *scanner_get_attribute_on_session(struct scanner *scanner, struct session *sess, enum attribute_index index);
+const struct kv *scanner_get_attribute_on_packet(struct scanner *scanner, struct packet *pkt, enum attribute_index index);
+
+
+
#ifdef __cplusplus
}
#endif
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-30 15:23:14 +0000