1 #ifndef ETTERCAP_FILTER_H
2 #define ETTERCAP_FILTER_H
3 
4 #include <ec_packet.h>
5 
6 #include <regex.h>
7 #ifdef HAVE_PCRE
8    #include <pcre.h>
9 #endif
10 
11 /*
12  * this is the struct used by the filtering engine
13  * it is the equivalent of a processor's instruction
14  *
15  * they are organized in an array and evaluated one
16  * at a time. the jump are absolute and the addressing
17  * is done by the array position.
18  *
19  */
20 
21 //#define MAX_FILTER_LEN  200
22 
23 struct filter_op {
24    char opcode;
25       #define FOP_EXIT     0
26       #define FOP_TEST     1
27       #define FOP_ASSIGN   2
28       #define FOP_INC      3
29       #define FOP_DEC      4
30       #define FOP_FUNC     5
31       #define FOP_JMP      6
32       #define FOP_JTRUE    7
33       #define FOP_JFALSE   8
34 
35    /*
36     * the first two field of the structs (op and level) must
37     * overlap the same memory region. it is abused in ef_encode.c
38     * encoding a function that uses an offset as an argument
39     */
40    union {
41       /* functions */
42       struct {
43          char op;
44             #define FFUNC_SEARCH    0
45             #define FFUNC_REGEX     1
46             #define FFUNC_PCRE      2
47             #define FFUNC_REPLACE   3
48             #define FFUNC_INJECT    4
49             #define FFUNC_LOG       5
50             #define FFUNC_DROP      6
51             #define FFUNC_KILL      7
52             #define FFUNC_MSG       8
53             #define FFUNC_EXEC      9
54             #define FFUNC_EXECINJECT 10
55             #define FFUNC_EXECREPLACE 11
56          u_int8 level;
57          u_int8 *string;
58          size_t slen;
59          u_int8 *replace;
60          size_t rlen;
61          struct regex_opt *ropt;
62       } func;
63 
64       /* tests */
65       struct {
66          u_int8   op;
67             #define FTEST_EQ   0
68             #define FTEST_NEQ  1
69             #define FTEST_LT   2
70             #define FTEST_GT   3
71             #define FTEST_LEQ  4
72             #define FTEST_GEQ  5
73          u_int8   level;
74          u_int8   size;
75          u_int16  offset;
76          u_int32  value;
77          u_int8   ipaddr[16];
78          u_int8   *string;
79          size_t   slen;
80       } test, assign;
81 
82       /* jumps */
83       u_int16 jmp;
84 
85    } op;
86 };
87 
88 /* the header for a binary filter file
89  *
90  * a file is structured as follow:
91  *    the header
92  *    the data segment (containing all the strings)
93  *    the code segment (containing all the instructions)
94  *
95  * when the file is loaded all the string must be referenced
96  * by the instructions
97  */
98 struct filter_header {
99    /* magic number */
100    u_int16 magic;
101       #define EC_FILTER_MAGIC 0xe77e
102    /* ettercap version */
103    char version[16];
104    /* pointers to the segments */
105    u_int16 data;
106    u_int16 code;
107 };
108 
109 /* filters header for mmapped region */
110 struct filter_env {
111    void *map;
112    struct filter_op *chain;
113    size_t len;
114 };
115 
116 /* filter list entry */
117 struct filter_list {
118 	u_int8 enabled;
119 	char *name;
120 	struct filter_env env;
121 	struct filter_list *next;
122 };
123 
124 /* uset to compile the regex while loading the file */
125 struct regex_opt {
126    regex_t *regex;
127 #ifdef HAVE_PCRE
128    pcre *pregex;
129    pcre_extra *preg_extra;
130 #endif
131 };
132 
133 #define PCRE_OVEC_SIZE 100
134 
135 void filter_init_mutex(void);
136 
137 /* exported functions */
138 
139 EC_API_EXTERN void filter_packet(struct packet_object *po);
140 EC_API_EXTERN int filter_load_file(const char *filename, struct filter_list **list, uint8_t enabled);
141 EC_API_EXTERN void filter_unload(struct filter_list **list);
142 EC_API_EXTERN void filter_clear(void);
143 EC_API_EXTERN void filter_walk_list( int(*cb)(struct filter_list*, void*), void *arg);
144 
145 #endif
146 
147 /* EOF */
148 
149 // vim:ts=3:expandtab
150 
151