1 #ifndef ETTERCAP_FILTER_H 2 #define ETTERCAP_FILTER_H 3 4 #include <ec_packet.h> 5 6 #include <regex.h> 7 #ifdef HAVE_PCRE 8 #include <pcre.h> 9 #endif 10 11 /* 12 * this is the struct used by the filtering engine 13 * it is the equivalent of a processor's instruction 14 * 15 * they are organized in an array and evaluated one 16 * at a time. the jump are absolute and the addressing 17 * is done by the array position. 18 * 19 */ 20 21 //#define MAX_FILTER_LEN 200 22 23 struct filter_op { 24 char opcode; 25 #define FOP_EXIT 0 26 #define FOP_TEST 1 27 #define FOP_ASSIGN 2 28 #define FOP_INC 3 29 #define FOP_DEC 4 30 #define FOP_FUNC 5 31 #define FOP_JMP 6 32 #define FOP_JTRUE 7 33 #define FOP_JFALSE 8 34 35 /* 36 * the first two field of the structs (op and level) must 37 * overlap the same memory region. it is abused in ef_encode.c 38 * encoding a function that uses an offset as an argument 39 */ 40 union { 41 /* functions */ 42 struct { 43 char op; 44 #define FFUNC_SEARCH 0 45 #define FFUNC_REGEX 1 46 #define FFUNC_PCRE 2 47 #define FFUNC_REPLACE 3 48 #define FFUNC_INJECT 4 49 #define FFUNC_LOG 5 50 #define FFUNC_DROP 6 51 #define FFUNC_KILL 7 52 #define FFUNC_MSG 8 53 #define FFUNC_EXEC 9 54 #define FFUNC_EXECINJECT 10 55 #define FFUNC_EXECREPLACE 11 56 u_int8 level; 57 u_int8 *string; 58 size_t slen; 59 u_int8 *replace; 60 size_t rlen; 61 struct regex_opt *ropt; 62 } func; 63 64 /* tests */ 65 struct { 66 u_int8 op; 67 #define FTEST_EQ 0 68 #define FTEST_NEQ 1 69 #define FTEST_LT 2 70 #define FTEST_GT 3 71 #define FTEST_LEQ 4 72 #define FTEST_GEQ 5 73 u_int8 level; 74 u_int8 size; 75 u_int16 offset; 76 u_int32 value; 77 u_int8 ipaddr[16]; 78 u_int8 *string; 79 size_t slen; 80 } test, assign; 81 82 /* jumps */ 83 u_int16 jmp; 84 85 } op; 86 }; 87 88 /* the header for a binary filter file 89 * 90 * a file is structured as follow: 91 * the header 92 * the data segment (containing all the strings) 93 * the code segment (containing all the instructions) 94 * 95 * when the file is loaded all the string must be referenced 96 * by the instructions 97 */ 98 struct filter_header { 99 /* magic number */ 100 u_int16 magic; 101 #define EC_FILTER_MAGIC 0xe77e 102 /* ettercap version */ 103 char version[16]; 104 /* pointers to the segments */ 105 u_int16 data; 106 u_int16 code; 107 }; 108 109 /* filters header for mmapped region */ 110 struct filter_env { 111 void *map; 112 struct filter_op *chain; 113 size_t len; 114 }; 115 116 /* filter list entry */ 117 struct filter_list { 118 u_int8 enabled; 119 char *name; 120 struct filter_env env; 121 struct filter_list *next; 122 }; 123 124 /* uset to compile the regex while loading the file */ 125 struct regex_opt { 126 regex_t *regex; 127 #ifdef HAVE_PCRE 128 pcre *pregex; 129 pcre_extra *preg_extra; 130 #endif 131 }; 132 133 #define PCRE_OVEC_SIZE 100 134 135 void filter_init_mutex(void); 136 137 /* exported functions */ 138 139 EC_API_EXTERN void filter_packet(struct packet_object *po); 140 EC_API_EXTERN int filter_load_file(const char *filename, struct filter_list **list, uint8_t enabled); 141 EC_API_EXTERN void filter_unload(struct filter_list **list); 142 EC_API_EXTERN void filter_clear(void); 143 EC_API_EXTERN void filter_walk_list( int(*cb)(struct filter_list*, void*), void *arg); 144 145 #endif 146 147 /* EOF */ 148 149 // vim:ts=3:expandtab 150 151