stellar-stellar/decoders/glimpse_detector/app_l7_protocol.h

#pragma once

#include "libprotoident/libprotoident.h"
#include "uthash/uthash.h"

#define	MAX_APP_ID_NUM	8

typedef enum {
	LPI_PROTO_EXTEND_FRIST = LPI_PROTO_LAST,
	LPI_PROTO_IKE,	//unsupport
    	LPI_PROTO_DOH,	//unsupport
    	LPI_PROTO_MAIL, //unsupport
    	LPI_PROTO_ESNI, //unsupport
	LPI_PROTP_FTPS,
	LPI_PROTO_EXTEND_LAST
} extend_lpi_protocol_t;

struct l7_protocol_label
{
	int continue_scan_flag;  //0: stop; 1: continue
	int protocol_id_num;
	unsigned short protocol_id[MAX_APP_ID_NUM];
};

struct l7_protocol_hash
{
    int protocol_id;
	int lpi_protocol;
    char name[64];
    UT_hash_handle hh;
};


struct ovpn_ctx
{
	uint64_t local_session_id;
	int contain_local_session_id_pkt_num;
	int valid_opcode_cnt;
};

struct traffic_context
{
	unsigned char is_identify;
	unsigned char is_first_payload;
	unsigned short pkt_cnt;
	unsigned short s2c_pkt;
	unsigned short c2s_pkt;
	lpi_data_t lpi_data; // lpi API
	union{
		uint64_t ctx[2];
		struct ovpn_ctx ovpn;
	};
};

//https://github.com/quicwg/base-drafts/wiki/QUIC-Versions
enum _QUIC_VERSION
{
	QUIC_VERSION_UNKNOWN=0,
	//NetApp
	QUANT_VERSION_00=0x45474700,
	QUANT_VERSION_FF=0x454747FF,

	//Private Octopus
	PICOQUIC_VERSION_30=0x50435130,
	
	//google
	GQUIC_VERSION_Q001=0x51303031,
	GQUIC_VERSION_Q002=0x51303032,
	GQUIC_VERSION_Q003=0x51303033,
	GQUIC_VERSION_Q004=0x51303034,
	GQUIC_VERSION_Q005=0x51303035,
	GQUIC_VERSION_Q006=0x51303036,
	GQUIC_VERSION_Q007=0x51303037,
	GQUIC_VERSION_Q008=0x51303038,
	GQUIC_VERSION_Q009=0x51303039,
	
	GQUIC_VERSION_Q010=0x51303130,
	GQUIC_VERSION_Q011=0x51303131,
	GQUIC_VERSION_Q012=0x51303132,
	GQUIC_VERSION_Q013=0x51303133,
	GQUIC_VERSION_Q014=0x51303134,
	GQUIC_VERSION_Q015=0x51303135,
	GQUIC_VERSION_Q016=0x51303136,
	GQUIC_VERSION_Q017=0x51303137,
	GQUIC_VERSION_Q018=0x51303138,
	GQUIC_VERSION_Q019=0x51303139,
	
	GQUIC_VERSION_Q020=0x51303230,
	GQUIC_VERSION_Q021=0x51303231,
	GQUIC_VERSION_Q022=0x51303232,
	GQUIC_VERSION_Q023=0x51303233,
	GQUIC_VERSION_Q024=0x51303234,
	GQUIC_VERSION_Q025=0x51303235,
	GQUIC_VERSION_Q026=0x51303236,
	GQUIC_VERSION_Q027=0x51303237,
	GQUIC_VERSION_Q028=0x51303238,
	GQUIC_VERSION_Q029=0x51303239,
	
	GQUIC_VERSION_Q030=0x51303330,
	GQUIC_VERSION_Q031=0x51303331,
	GQUIC_VERSION_Q032=0x51303332,
	GQUIC_VERSION_Q033=0x51303333,
	GQUIC_VERSION_Q034=0x51303334,
	GQUIC_VERSION_Q035=0x51303335,
	GQUIC_VERSION_Q036=0x51303336,
	GQUIC_VERSION_Q037=0x51303337,
	GQUIC_VERSION_Q038=0x51303338,
	GQUIC_VERSION_Q039=0x51303339,

	GQUIC_VERSION_Q040=0x51303430,
	GQUIC_VERSION_Q041=0x51303431,
	GQUIC_VERSION_Q042=0x51303432,
	GQUIC_VERSION_Q043=0x51303433,
	GQUIC_VERSION_Q044=0x51303434,
	GQUIC_VERSION_Q045=0x51303435,
	GQUIC_VERSION_Q046=0x51303436,
	GQUIC_VERSION_Q047=0x51303437,
	GQUIC_VERSION_Q048=0x51303438, 
	GQUIC_VERSION_Q049=0x51303439,

    GQUIC_VERSION_Q050=0x51303530,
    GQUIC_VERSION_Q051=0x51303531,
    GQUIC_VERSION_Q052=0x51303532,
    GQUIC_VERSION_Q053=0x51303533,
    GQUIC_VERSION_Q054=0x51303534,
    GQUIC_VERSION_Q055=0x51303535,
    GQUIC_VERSION_Q056=0x51303536,
    GQUIC_VERSION_Q057=0x51303537,
    GQUIC_VERSION_Q058=0x51303538,
    GQUIC_VERSION_Q059=0x51303539,
    
    GQUIC_VERSION_Q099=0x51303939,

	//Google QUIC with TLS 48 - 49 (T048 - T049)
	GQUIC_VERSION_T048=0x54303438,
	GQUIC_VERSION_T049=0x54303439,
	
	//Google QUIC with TLS 50 - 59 (T050 - T059)
	GQUIC_VERSION_T050=0x54303530,
	GQUIC_VERSION_T051=0x54303531,
	GQUIC_VERSION_T052=0x54303532,
	GQUIC_VERSION_T053=0x54303533,
	GQUIC_VERSION_T054=0x54303534,
	GQUIC_VERSION_T055=0x54303535,
	GQUIC_VERSION_T056=0x54303536,
	GQUIC_VERSION_T057=0x54303537,
	GQUIC_VERSION_T058=0x54303538,
	GQUIC_VERSION_T059=0x54303539,

	//Google QUIC with TLS 99 (T099)
	GQUIC_VERSION_T099=0x54303939,
	
	//Google Proxied QUIC
	PQUIC_VERSION_PROX=0x50524f58,

	//quic-go
	QUIC_GO_VERSION_00=0x51474F00,
	QUIC_GO_VERSION_FF=0x51474FFF,

	//quicly
	QUICLY_VERSION_00=0x91c17000,
	QUICLY_VERSION_FF=0x91c170FF,
	
	//Microsoft
	MSQUIC_VERSION_00=0xabcd0000,
	MSQUIC_VERSION_0F=0xabcd000F,

	//Mozilla
	MOZQUIC_VERSION_00=0xf123f0c0,
	MOZQUIC_VERSION_0F=0xf123f0cF,

	//Facebook
	MVFST_VERSION_00=0xfaceb000,
	MVFST_VERSION_01=0xfaceb001,
	MVFST_VERSION_02=0xfaceb002,
	MVFST_VERSION_03=0xfaceb003,
	MVFST_VERSION_04=0xfaceb004,
	MVFST_VERSION_05=0xfaceb005,
	MVFST_VERSION_06=0xfaceb006,
	MVFST_VERSION_07=0xfaceb007,
	MVFST_VERSION_08=0xfaceb008,
	MVFST_VERSION_09=0xfaceb009,
	MVFST_VERSION_0A=0xfaceb00A,
	MVFST_VERSION_0B=0xfaceb00B,
	MVFST_VERSION_0C=0xfaceb00C,
	MVFST_VERSION_0D=0xfaceb00D,
	MVFST_VERSION_0E=0xfaceb00E,
	MVFST_VERSION_0F=0xfaceb00F,
	
	//IETF
	IQUIC_VERSION_RFC9000=0x00000001,
	IQUIC_VERSION_I001=0xFF000001,
	IQUIC_VERSION_I002=0xFF000002,
	IQUIC_VERSION_I003=0xFF000003,
	IQUIC_VERSION_I004=0xFF000004,
	IQUIC_VERSION_I005=0xFF000005,
	IQUIC_VERSION_I006=0xFF000006,
	IQUIC_VERSION_I007=0xFF000007,
	IQUIC_VERSION_I008=0xFF000008,
	IQUIC_VERSION_I009=0xFF000009,
	IQUIC_VERSION_I010=0xFF00000A,
	IQUIC_VERSION_I011=0xFF00000B,
	IQUIC_VERSION_I012=0xFF00000C,
	IQUIC_VERSION_I013=0xFF00000D,
	IQUIC_VERSION_I014=0xFF00000E,
	IQUIC_VERSION_I015=0xFF00000F,
	IQUIC_VERSION_I016=0xFF000010,
	IQUIC_VERSION_I017=0xFF000011,
	IQUIC_VERSION_I018=0xFF000012,
	IQUIC_VERSION_I019=0xFF000013,
	IQUIC_VERSION_I020=0xFF000014,
	IQUIC_VERSION_I021=0xFF000015,
	IQUIC_VERSION_I022=0xFF000016,
	IQUIC_VERSION_I023=0xFF000017,
	IQUIC_VERSION_I024=0xFF000018,
	IQUIC_VERSION_I025=0xFF000019,
	IQUIC_VERSION_I026=0xFF00001A,
	IQUIC_VERSION_I027=0xFF00001B,
	IQUIC_VERSION_I028=0xFF00001C,
	IQUIC_VERSION_I029=0xFF00001D,
	IQUIC_VERSION_I030=0xFF00001E,
	IQUIC_VERSION_I031=0xFF00001F,
	IQUIC_VERSION_I032=0xFF000020
};

enum _QUIC_VERSION app_identify_get_quic_protocol(int curdir_is_c2s, const unsigned char *payload, const int payload_len);
int app_identify_guess_openvpn(const unsigned char *payload, int payload_len, int c2s_pkt_cnt, int s2c_pkt_cnt, struct ovpn_ctx *ovpn, int l4_is_tcp, int curdir_is_c2s);