148 lines
4.8 KiB
C
148 lines
4.8 KiB
C
#pragma once
|
|
#include <stdint.h>
|
|
#include "onlinemean.h"
|
|
|
|
#include "stellar/session.h"
|
|
#include "stellar/session_flags.h"
|
|
#include "toml/toml.h"
|
|
|
|
#define SESSION_FLAGS_LOG_MODULE "SESSION_FLAGS"
|
|
|
|
enum random_looking_flags
|
|
{
|
|
session_flags_frequency_mask = 0,
|
|
session_flags_block_frequency_mask,
|
|
session_flags_cumulative_sums_mask,
|
|
session_flags_runs_mask,
|
|
session_flags_longest_run_mask,
|
|
session_flags_rank_mask,
|
|
session_flags_non_overlapping_template_matching_mask,
|
|
session_flags_overlapping_template_matching_mask,
|
|
session_flags_universal_mask,
|
|
session_flags_random_excursions_mask,
|
|
session_flags_random_excursions_variant_mask,
|
|
session_flags_poker_detect_mask,
|
|
session_flags_runs_distribution_mask,
|
|
session_flags_self_correlation_mask,
|
|
session_flags_binary_derivative_mask,
|
|
};
|
|
#define SESSION_FLAGS_FREQUENCY (0x0000000000000001)
|
|
#define SESSION_FLAGS_BLOCK_FREQUENCY (SESSION_FLAGS_FREQUENCY << session_flags_block_frequency_mask)
|
|
#define SESSION_FLAGS_CUMULATIVE_SUMS (SESSION_FLAGS_FREQUENCY << session_flags_cumulative_sums_mask)
|
|
#define SESSION_FLAGS_RUNS (SESSION_FLAGS_FREQUENCY << session_flags_runs_mask)
|
|
#define SESSION_FLAGS_LONGEST_RUN (SESSION_FLAGS_FREQUENCY << session_flags_longest_run_mask)
|
|
#define SESSION_FLAGS_RANK (SESSION_FLAGS_FREQUENCY << session_flags_rank_mask)
|
|
#define SESSION_FLAGS_NON_OVERLAPPING_TEMPLATE_MATCHING (SESSION_FLAGS_FREQUENCY << session_flags_non_overlapping_template_matching_mask)
|
|
#define SESSION_FLAGS_OVERLAPPING_TEMPLATE_MATCHING (SESSION_FLAGS_FREQUENCY << session_flags_overlapping_template_matching_mask)
|
|
#define SESSION_FLAGS_UNIVERSAL (SESSION_FLAGS_FREQUENCY << session_flags_universal_mask)
|
|
#define SESSION_FLAGS_RANDOM_EXCURSIONS (SESSION_FLAGS_FREQUENCY << session_flags_random_excursions_mask)
|
|
#define SESSION_FLAGS_RANDOM_EXCURSIONS_VARIANT (SESSION_FLAGS_FREQUENCY << session_flags_random_excursions_variant_mask)
|
|
#define SESSION_FLAGS_POKER_DETECT (SESSION_FLAGS_FREQUENCY << session_flags_poker_detect_mask)
|
|
#define SESSION_FLAGS_RUNS_DISTRIBUTION (SESSION_FLAGS_FREQUENCY << session_flags_runs_distribution_mask)
|
|
#define SESSION_FLAGS_SELF_CORRELATION (SESSION_FLAGS_FREQUENCY << session_flags_self_correlation_mask)
|
|
#define SESSION_FLAGS_BINARY_DERIVATIVE (SESSION_FLAGS_FREQUENCY << session_flags_binary_derivative_mask)
|
|
|
|
#define MAIN_DIR_UNKONWN -1
|
|
|
|
#define START_JUDGE_TIME_MS 5000
|
|
|
|
struct session_flags_result {
|
|
uint64_t flags;
|
|
uint64_t random_looking_flags;
|
|
uint32_t identify[session_flags_all_mask];
|
|
bool is_tls;
|
|
};
|
|
|
|
struct session_flags_init_conf{
|
|
uint32_t interactive_starttime_ms;
|
|
uint32_t interactive_pulse_num;
|
|
uint32_t main_dir_front_n_pkts;
|
|
uint64_t interactive_latency_ms;
|
|
uint32_t large_ptks_init_size;
|
|
uint32_t random_judge_flags_cnt;
|
|
uint32_t session_max_process_time_ms;
|
|
uint32_t fet_enabled;
|
|
uint32_t tunneling_enabled;
|
|
int32_t random_looking_udp_ignore_pkts;
|
|
uint32_t tunneling_tls_ignore_pkts;
|
|
uint32_t tunneling_max_scan_pkts;
|
|
char tunneling_pcre_list[2048];
|
|
char random_looking_judge_list[2048];
|
|
};
|
|
|
|
struct session_flags_plugin_info{
|
|
int plugin_id;
|
|
int sess_ctx_exdata_idx;
|
|
struct stellar *st;
|
|
struct logger *log_handle;
|
|
int session_flags_topic_id;
|
|
int tcp_topic_id;
|
|
int udp_topic_id;
|
|
};
|
|
|
|
struct session_flags_iter_values
|
|
{
|
|
float bulky;
|
|
float CBR;
|
|
float download;
|
|
float interactive;
|
|
float pseudo_unidirectional;
|
|
float streaming;
|
|
OnlineMean_t omean;
|
|
};
|
|
|
|
struct session_flags_iter
|
|
{
|
|
uint32_t iter_cnt;
|
|
float bidirectional;
|
|
struct session_flags_iter_values c2s;
|
|
struct session_flags_iter_values s2c;
|
|
};
|
|
|
|
struct flow_stat
|
|
{
|
|
uint64_t bytes;
|
|
uint64_t pkts;
|
|
uint64_t payload_pkts;
|
|
uint64_t large_pkts;
|
|
|
|
uint32_t delta_pkts;
|
|
uint32_t delta_large_pkts;
|
|
uint32_t delta_payload_pkts;
|
|
uint32_t delta_bytes;
|
|
|
|
float rate;
|
|
};
|
|
|
|
struct random_looking_stat_info
|
|
{
|
|
uint8_t has_judged_sts;
|
|
uint8_t has_judged_fet;
|
|
uint8_t payload_pkt_num;
|
|
};
|
|
|
|
struct session_flags_stat
|
|
{
|
|
struct flow_stat c2s, s2c;
|
|
uint64_t last_pkt_ts_ms;
|
|
uint64_t interactive_pulse_num;
|
|
uint64_t session_start_time_ms;
|
|
uint64_t stream_live_time_ms;
|
|
uint64_t last_iter_ts_ms;
|
|
int main_dir;
|
|
struct random_looking_stat_info random_looking_stat;
|
|
struct session_flags_iter iter;
|
|
struct session_flags_result result;
|
|
};
|
|
|
|
struct session_flags_ctx
|
|
{
|
|
struct session_flags_stat stat;
|
|
uint64_t history_flags;
|
|
};
|
|
|
|
void session_flags_stat_init(struct session_flags_stat *stat, enum session_direction session_dir);
|
|
struct session_flags_result *session_flags(struct session_flags_plugin_info *sf_plugin_info, struct session_flags_ctx *ctx, struct session *session, int etopic_id, uint32_t bytes, enum flow_type flow_type, uint64_t ms);
|
|
struct session_flags_result *session_flags_get_flags(struct session_flags_stat *session_flags);
|
|
struct session_flags_message *session_flags_generate_firewall_message(uint64_t flags, const uint32_t identify[session_flags_all_mask]);
|
|
float session_flags_calculate_CV(OnlineMean_t * omean); |