src/osfp_score_db.h


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63

#ifndef __OSFP_SCORE_DB_H__
#define __OSFP_SCORE_DB_H__

#include "osfp.h"
#include "osfp_fingerprint.h"
#include "osfp_common.h"

struct osfp_os_class_score {
    unsigned int scores[OSFP_OS_CLASS_MAX];
};

struct osfp_field_value_count {
    unsigned int counts[OSFP_OS_CLASS_MAX];
};

struct osfp_field_score_db {
    unsigned int    enabled;
    unsigned int    type;
    unsigned int    entry_count;

    void            *data;

    void *(*create)(void);
    void (*destroy)(void *);
    int (*add)(void *data, struct osfp_field_value_count *, void *, unsigned int);
    struct osfp_field_value_count *(*match)(void *, void *, unsigned int);
};

struct osfp_prefilter_hash_element {
    unsigned int os_class;
    unsigned int repeated;

    struct osfp_fingerprint *fp;
    char                    *fp_json;

    UT_hash_handle hh;
};

struct osfp_score_db {
    struct osfp_prefilter_hash_element *prefilter_head;

    unsigned int entry_count;
    unsigned int os_entry_count[OSFP_OS_CLASS_MAX];

    unsigned int total_weight;
    unsigned int field_weight[OSFP_FIELD_MAX];

    struct osfp_field_score_db field_score_dbs[OSFP_FIELD_MAX];
};

void osfp_score_db_debug_print(struct osfp_score_db *score_db);

const char *osfp_score_db_prefilter(struct osfp_score_db *score_db, struct osfp_fingerprint *fp, struct osfp_os_class_score *result_score);

int osfp_score_db_load(struct osfp_score_db *score_db, char *fp_file);
int osfp_score_db_score(struct osfp_score_db *score_db, unsigned int flags, struct osfp_fingerprint *fp, struct osfp_os_class_score *result_score);

struct osfp_score_db *osfp_score_db_create(void);
void osfp_score_db_destroy(struct osfp_score_db *score_db);

int test_osfp_score_db(void);

#endif