SNIPHER: HOW TO DO REGEX on APP LAYER DATA 11_01

Thursday, November 01, 2007

HOW TO DO REGEX on APP LAYER DATA 11_01_2007

SHARED HEADER FILE

struct ipt_sample {
---
---
char *proto;
char *pattern;
};

USER SPACE MODULE

--> iptables .... -m sample .... --proto [http|ftp] ...

--> switch(proto)
{
case http :
info->proto = http;
info->pattern = REGEX Pattern for http
break;
case ftp :
info->proto = ftp;
info->pattern = REGEX Pattern for ftp
break;
default :
info->proto = null;
info->pattern = null;
break;
}

KERNEL SPACE MODULE

--> COLLECT DATA
--> REGULAR EXPRESSION (proto and pattern)
--> if matches --> Print/Write the data to the file
else skip the packet

Thursday, November 01, 2007

HOW TO DO REGEX on APP LAYER DATA 11_01_2007

No comments: