-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathfilter.h
108 lines (80 loc) · 2.5 KB
/
filter.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
#ifndef JAIL_FILTER_H
#define JAIL_FILTER_H
#include <list>
#include <sys/types.h>
#include "range_tree.h"
#include "sjail.h"
class filter;
class process_state;
filter_action filter_system_call(pid_data& pdata);
std::list<filter*> create_root_filters();
std::list<filter*> clone_filters(const std::list<filter*>& filters);
std::list<filter*> fork_filters(const std::list<filter*>& filters);
class filter {
public:
filter();
virtual ~filter();
filter* ref();
bool unref();
virtual void on_exit(pid_data& pdata, exit_data& data);
virtual filter* on_clone();
virtual filter* on_fork();
virtual filter_action filter_syscall_enter(pid_data& pdata, process_state& st);
virtual filter_action filter_syscall_exit(pid_data& pdata, process_state& st);
private:
int refs;
};
class base_filter : public filter {
public:
base_filter();
virtual ~base_filter();
virtual void on_exit(pid_data& pdata, exit_data& data);
virtual filter* on_clone();
virtual filter* on_fork();
virtual filter_action filter_syscall_enter(pid_data& pdata,
process_state& st);
private:
unsigned long long start_wall_time;
};
class memory_filter : public filter {
public:
memory_filter();
virtual ~memory_filter();
virtual void on_exit(pid_data& pdata, exit_data& data);
virtual filter* on_fork();
virtual filter_action filter_syscall_enter(pid_data& pdata,
process_state& st);
virtual filter_action filter_syscall_exit(pid_data& pdata, process_state& st);
private:
unsigned long heap_base;
unsigned long heap_end;
unsigned long max_memory;
range_tree<unsigned long> mappings;
static unsigned long page_size;
};
class file_filter : public filter {
public:
file_filter();
virtual ~file_filter();
virtual filter_action filter_syscall_enter(pid_data& pdata,
process_state& st);
};
class exec_filter : public filter {
public:
exec_filter();
virtual ~exec_filter();
virtual filter_action filter_syscall_enter(pid_data& pdata,
process_state& st);
virtual filter_action filter_syscall_exit(pid_data& pdata, process_state& st);
private:
size_t fork_count;
size_t clone_count;
};
class net_filter : public filter {
public:
net_filter();
virtual ~net_filter();
virtual filter_action filter_syscall_enter(pid_data& pdata,
process_state& st);
};
#endif // JAIL_FILTER_H