fgex-lib/firegex/nfproxy/internals/__init__.py

from inspect import signature
from firegex.nfproxy.internals.models import Action, FullStreamAction
from firegex.nfproxy.internals.models import FilterHandler, PacketHandlerResult
import functools
from firegex.nfproxy.internals.data import DataStreamCtx
from firegex.nfproxy.internals.exceptions import NotReadyToRun, StreamFullReject, DropPacket, RejectConnection, StreamFullDrop
from firegex.nfproxy.internals.data import RawPacket

def context_call(glob, func, *args, **kargs):
    glob["__firegex_tmp_args"] = args
    glob["__firegex_tmp_kargs"] = kargs
    glob["__firege_tmp_call"] = func
    res = eval("__firege_tmp_call(*__firegex_tmp_args, **__firegex_tmp_kargs)", glob, glob)
    if "__firegex_tmp_args" in glob.keys():
        del glob["__firegex_tmp_args"]
    if "__firegex_tmp_kargs" in glob.keys():
        del glob["__firegex_tmp_kargs"]
    if "__firege_tmp_call" in glob.keys():
        del glob["__firege_tmp_call"]
    return res

def generate_filter_structure(filters: list[str], proto:str, glob:dict) -> list[FilterHandler]:
    from firegex.nfproxy.models import type_annotations_associations
    if proto not in type_annotations_associations.keys():
        raise Exception("Invalid protocol")
    res = []
    valid_annotation_type = type_annotations_associations[proto]
    def add_func_to_list(func):
        if not callable(func):
            raise Exception(f"{func} is not a function")
        sig = signature(func)
        params_function = {}
        
        for k, v in sig.parameters.items():
            if v.annotation in valid_annotation_type.keys():
                params_function[v.annotation] = valid_annotation_type[v.annotation]
            else:
                raise Exception(f"Invalid type annotation {v.annotation} for function {func.__name__}")
        
        res.append(
            FilterHandler(
                func=func,
                name=func.__name__,
                params=params_function,
                proto=proto
            )
        )
    
    for filter in filters:
        if not isinstance(filter, str):
            raise Exception("Invalid filter list: must be a list of strings")
        if filter in glob.keys():
            add_func_to_list(glob[filter])
        else:
            raise Exception(f"Filter {filter} not found")
    return res

def get_filters_info(code:str, proto:str) -> list[FilterHandler]:
    glob = {}
    exec("import firegex.nfproxy", glob, glob)
    exec("firegex.nfproxy.clear_pyfilter_registry()", glob, glob)
    exec(code, glob, glob)
    filters = eval("firegex.nfproxy.get_pyfilters()", glob, glob)
    try:
        return generate_filter_structure(filters, proto, glob)
    finally:
        exec("firegex.nfproxy.clear_pyfilter_registry()", glob, glob)
        

def get_filter_names(code:str, proto:str) -> list[str]:
    return [ele.name for ele in get_filters_info(code, proto)]    

def handle_packet(glob: dict) -> None:
    internal_data = DataStreamCtx(glob)
    
    cache_call = {} # Cache of the data handler calls
    cache_call[RawPacket] = internal_data.current_pkt

    result = PacketHandlerResult(glob)
    
    for filter in internal_data.filter_call_info:
        final_params = []
        skip_call = False
        for data_type, data_func in filter.params.items():
            if data_type not in cache_call.keys():
                try:
                    cache_call[data_type] = data_func(internal_data)
                except NotReadyToRun:
                    cache_call[data_type] = None
                    skip_call = True
                    break
                except StreamFullDrop:
                    result.action = Action.DROP
                    result.matched_by = "@MAX_STREAM_SIZE_REACHED"
                    return result.set_result()
                except StreamFullReject:
                    result.action = Action.REJECT
                    result.matched_by = "@MAX_STREAM_SIZE_REACHED"
                    return result.set_result()
                except DropPacket:
                    result.action = Action.DROP
                    result.matched_by = filter.name
                    return result.set_result()
                except RejectConnection:
                    result.action = Action.REJECT
                    result.matched_by = filter.name
                    return result.set_result()
            if cache_call[data_type] is None:
                skip_call = True
                break
            final_params.append(cache_call[data_type])
            
        if skip_call:
            continue
        
        # Create an iterator with all the calls to be done
        def try_to_call(params:list):
            is_base_call = True
            for i in range(len(params)):
                if isinstance(params[i], list):
                    new_params = params.copy()
                    for ele in params[i]:
                        new_params[i] = ele
                        yield from try_to_call(new_params)
                    is_base_call = False
                    break
            if is_base_call:
                yield context_call(glob, filter.func, *params)
                    
        for res in try_to_call(final_params):
            if res is None:
                continue #ACCEPTED
            if not isinstance(res, Action):
                raise Exception(f"Invalid return type {type(res)} for function {filter.name}")
            if res == Action.MANGLE:
                result.matched_by = filter.name
                result.mangled_packet = internal_data.current_pkt.raw_packet
                result.action = Action.MANGLE
            elif res != Action.ACCEPT:
                result.matched_by = filter.name
                result.action = res
                result.mangled_packet = None
                return result.set_result()
    
    return result.set_result() # Will be MANGLE or ACCEPT


def compile(glob:dict) -> None:
    internal_data = DataStreamCtx(glob, init_pkt=False)

    glob["print"] = functools.partial(print, flush = True)
    
    filters = glob["__firegex_pyfilter_enabled"]
    proto = glob["__firegex_proto"]
    
    internal_data.filter_call_info = generate_filter_structure(filters, proto, glob)

    if "FGEX_STREAM_MAX_SIZE" in glob and int(glob["FGEX_STREAM_MAX_SIZE"]) > 0:
        internal_data.stream_max_size = int(glob["FGEX_STREAM_MAX_SIZE"])
    
    if "FGEX_FULL_STREAM_ACTION" in glob and isinstance(glob["FGEX_FULL_STREAM_ACTION"], FullStreamAction):
        internal_data.full_stream_action = glob["FGEX_FULL_STREAM_ACTION"]
    
    if "FGEX_INVALID_ENCODING_ACTION" in glob and isinstance(glob["FGEX_INVALID_ENCODING_ACTION"], Action):
        internal_data.invalid_encoding_action = glob["FGEX_INVALID_ENCODING_ACTION"]
    
    PacketHandlerResult(glob).reset_result()
    
    def fake_exit(*_a, **_k):
        print("WARNING: This function should not be called", flush=True)
    
    glob["exit"] = fake_exit
nfproxy module writing: written part of the firegex lib, frontend refactored and improved, c++ improves 2025-02-20 19:51:28 +01:00			`from inspect import signature`
code push 2025-03-03 20:25:36 +01:00			`from firegex.nfproxy.internals.models import Action, FullStreamAction`
			`from firegex.nfproxy.internals.models import FilterHandler, PacketHandlerResult`
			`import functools`
			`from firegex.nfproxy.internals.data import DataStreamCtx`
changed datahandler max size managment 2025-03-03 21:15:49 +01:00			`from firegex.nfproxy.internals.exceptions import NotReadyToRun, StreamFullReject, DropPacket, RejectConnection, StreamFullDrop`
code push 2025-03-03 20:25:36 +01:00			`from firegex.nfproxy.internals.data import RawPacket`
nfproxy module writing: written part of the firegex lib, frontend refactored and improved, c++ improves 2025-02-20 19:51:28 +01:00
code push 2025-03-03 20:25:36 +01:00			`def context_call(glob, func, args, *kargs):`
			`glob["__firegex_tmp_args"] = args`
			`glob["__firegex_tmp_kargs"] = kargs`
			`glob["__firege_tmp_call"] = func`
			`res = eval("__firege_tmp_call(__firegex_tmp_args, *__firegex_tmp_kargs)", glob, glob)`
cli command with proxy simulation 2025-03-04 15:51:46 +01:00			`if "__firegex_tmp_args" in glob.keys():`
			`del glob["__firegex_tmp_args"]`
			`if "__firegex_tmp_kargs" in glob.keys():`
			`del glob["__firegex_tmp_kargs"]`
			`if "__firege_tmp_call" in glob.keys():`
			`del glob["__firege_tmp_call"]`
push: code changes 2025-02-25 23:53:04 +01:00			`return res`

			`def generate_filter_structure(filters: list[str], proto:str, glob:dict) -> list[FilterHandler]:`
code push 2025-03-03 20:25:36 +01:00			`from firegex.nfproxy.models import type_annotations_associations`
nfproxy module writing: written part of the firegex lib, frontend refactored and improved, c++ improves 2025-02-20 19:51:28 +01:00			`if proto not in type_annotations_associations.keys():`
			`raise Exception("Invalid protocol")`
			`res = []`
			`valid_annotation_type = type_annotations_associations[proto]`
			`def add_func_to_list(func):`
			`if not callable(func):`
			`raise Exception(f"{func} is not a function")`
			`sig = signature(func)`
push: code changes 2025-02-25 23:53:04 +01:00			`params_function = {}`
nfproxy module writing: written part of the firegex lib, frontend refactored and improved, c++ improves 2025-02-20 19:51:28 +01:00
			`for k, v in sig.parameters.items():`
			`if v.annotation in valid_annotation_type.keys():`
push: code changes 2025-02-25 23:53:04 +01:00			`params_function[v.annotation] = valid_annotation_type[v.annotation]`
nfproxy module writing: written part of the firegex lib, frontend refactored and improved, c++ improves 2025-02-20 19:51:28 +01:00			`else:`
			`raise Exception(f"Invalid type annotation {v.annotation} for function {func.__name__}")`
push: code changes 2025-02-25 23:53:04 +01:00
			`res.append(`
			`FilterHandler(`
			`func=func,`
			`name=func.__name__,`
			`params=params_function,`
			`proto=proto`
			`)`
			`)`
nfproxy module writing: written part of the firegex lib, frontend refactored and improved, c++ improves 2025-02-20 19:51:28 +01:00
			`for filter in filters:`
			`if not isinstance(filter, str):`
			`raise Exception("Invalid filter list: must be a list of strings")`
			`if filter in glob.keys():`
			`add_func_to_list(glob[filter])`
			`else:`
			`raise Exception(f"Filter {filter} not found")`
			`return res`

push: code changes 2025-02-25 23:53:04 +01:00			`def get_filters_info(code:str, proto:str) -> list[FilterHandler]:`
nfproxy module writing: written part of the firegex lib, frontend refactored and improved, c++ improves 2025-02-20 19:51:28 +01:00			`glob = {}`
push: code changes 2025-02-25 23:53:04 +01:00			`exec("import firegex.nfproxy", glob, glob)`
minor fixes 2025-03-04 16:57:15 +01:00			`exec("firegex.nfproxy.clear_pyfilter_registry()", glob, glob)`
			`exec(code, glob, glob)`
push: code changes 2025-02-25 23:53:04 +01:00			`filters = eval("firegex.nfproxy.get_pyfilters()", glob, glob)`
			`try:`
			`return generate_filter_structure(filters, proto, glob)`
			`finally:`
			`exec("firegex.nfproxy.clear_pyfilter_registry()", glob, glob)`

nfproxy module writing: written part of the firegex lib, frontend refactored and improved, c++ improves 2025-02-20 19:51:28 +01:00
push: code changes 2025-02-25 23:53:04 +01:00			`def get_filter_names(code:str, proto:str) -> list[str]:`
			`return [ele.name for ele in get_filters_info(code, proto)]`
nfproxy module writing: written part of the firegex lib, frontend refactored and improved, c++ improves 2025-02-20 19:51:28 +01:00
code push 2025-03-03 20:25:36 +01:00			`def handle_packet(glob: dict) -> None:`
			`internal_data = DataStreamCtx(glob)`
nfproxy module writing: written part of the firegex lib, frontend refactored and improved, c++ improves 2025-02-20 19:51:28 +01:00
crash and unexpected behaviours fix 2025-03-03 23:55:24 +01:00			`cache_call = {} # Cache of the data handler calls`
			`cache_call[RawPacket] = internal_data.current_pkt`
data handler improves, written test for nfproxy, new option on parsing fail 2025-03-09 22:14:34 +01:00
code push 2025-03-03 20:25:36 +01:00			`result = PacketHandlerResult(glob)`
push: code changes 2025-02-25 23:53:04 +01:00
			`for filter in internal_data.filter_call_info:`
nfproxy module writing: written part of the firegex lib, frontend refactored and improved, c++ improves 2025-02-20 19:51:28 +01:00			`final_params = []`
code push 2025-03-03 20:25:36 +01:00			`skip_call = False`
push: code changes 2025-02-25 23:53:04 +01:00			`for data_type, data_func in filter.params.items():`
			`if data_type not in cache_call.keys():`
nfproxy module writing: written part of the firegex lib, frontend refactored and improved, c++ improves 2025-02-20 19:51:28 +01:00			`try:`
code push 2025-03-03 20:25:36 +01:00			`cache_call[data_type] = data_func(internal_data)`
nfproxy module writing: written part of the firegex lib, frontend refactored and improved, c++ improves 2025-02-20 19:51:28 +01:00			`except NotReadyToRun:`
push: code changes 2025-02-25 23:53:04 +01:00			`cache_call[data_type] = None`
code push 2025-03-03 20:25:36 +01:00			`skip_call = True`
			`break`
changed datahandler max size managment 2025-03-03 21:15:49 +01:00			`except StreamFullDrop:`
			`result.action = Action.DROP`
			`result.matched_by = "@MAX_STREAM_SIZE_REACHED"`
			`return result.set_result()`
			`except StreamFullReject:`
			`result.action = Action.REJECT`
			`result.matched_by = "@MAX_STREAM_SIZE_REACHED"`
			`return result.set_result()`
			`except DropPacket:`
			`result.action = Action.DROP`
			`result.matched_by = filter.name`
			`return result.set_result()`
			`except RejectConnection:`
			`result.action = Action.REJECT`
			`result.matched_by = filter.name`
			`return result.set_result()`
skip already None datamodel, auto-ungzip body 2025-03-04 01:39:45 +01:00			`if cache_call[data_type] is None:`
			`skip_call = True`
			`break`
push: code changes 2025-02-25 23:53:04 +01:00			`final_params.append(cache_call[data_type])`
crash and unexpected behaviours fix 2025-03-03 23:55:24 +01:00
code push 2025-03-03 20:25:36 +01:00			`if skip_call:`
			`continue`
crash and unexpected behaviours fix 2025-03-03 23:55:24 +01:00
data handler improves, written test for nfproxy, new option on parsing fail 2025-03-09 22:14:34 +01:00			`# Create an iterator with all the calls to be done`
			`def try_to_call(params:list):`
			`is_base_call = True`
			`for i in range(len(params)):`
			`if isinstance(params[i], list):`
			`new_params = params.copy()`
			`for ele in params[i]:`
			`new_params[i] = ele`
fixes to encodings, implemeneted ws frame parsing with decompression support 2025-03-16 13:37:37 +01:00			`yield from try_to_call(new_params)`
data handler improves, written test for nfproxy, new option on parsing fail 2025-03-09 22:14:34 +01:00			`is_base_call = False`
			`break`
			`if is_base_call:`
			`yield context_call(glob, filter.func, *params)`

			`for res in try_to_call(final_params):`
			`if res is None:`
			`continue #ACCEPTED`
			`if not isinstance(res, Action):`
			`raise Exception(f"Invalid return type {type(res)} for function {filter.name}")`
			`if res == Action.MANGLE:`
			`result.matched_by = filter.name`
			`result.mangled_packet = internal_data.current_pkt.raw_packet`
			`result.action = Action.MANGLE`
			`elif res != Action.ACCEPT:`
			`result.matched_by = filter.name`
			`result.action = res`
			`result.mangled_packet = None`
			`return result.set_result()`
push: code changes 2025-02-25 23:53:04 +01:00
data handler improves, written test for nfproxy, new option on parsing fail 2025-03-09 22:14:34 +01:00			`return result.set_result() # Will be MANGLE or ACCEPT`
push: code changes 2025-02-25 23:53:04 +01:00
nfproxy module writing: written part of the firegex lib, frontend refactored and improved, c++ improves 2025-02-20 19:51:28 +01:00
code push 2025-03-03 20:25:36 +01:00			`def compile(glob:dict) -> None:`
crash and unexpected behaviours fix 2025-03-03 23:55:24 +01:00			`internal_data = DataStreamCtx(glob, init_pkt=False)`
code push 2025-03-03 20:25:36 +01:00
			`glob["print"] = functools.partial(print, flush = True)`
push: code changes 2025-02-25 23:53:04 +01:00
			`filters = glob["__firegex_pyfilter_enabled"]`
			`proto = glob["__firegex_proto"]`

			`internal_data.filter_call_info = generate_filter_structure(filters, proto, glob)`

			`if "FGEX_STREAM_MAX_SIZE" in glob and int(glob["FGEX_STREAM_MAX_SIZE"]) > 0:`
			`internal_data.stream_max_size = int(glob["FGEX_STREAM_MAX_SIZE"])`

			`if "FGEX_FULL_STREAM_ACTION" in glob and isinstance(glob["FGEX_FULL_STREAM_ACTION"], FullStreamAction):`
			`internal_data.full_stream_action = glob["FGEX_FULL_STREAM_ACTION"]`
data handler improves, written test for nfproxy, new option on parsing fail 2025-03-09 22:14:34 +01:00
			`if "FGEX_INVALID_ENCODING_ACTION" in glob and isinstance(glob["FGEX_INVALID_ENCODING_ACTION"], Action):`
			`internal_data.invalid_encoding_action = glob["FGEX_INVALID_ENCODING_ACTION"]`
push: code changes 2025-02-25 23:53:04 +01:00
			`PacketHandlerResult(glob).reset_result()`
fixes to encodings, implemeneted ws frame parsing with decompression support 2025-03-16 13:37:37 +01:00
			`def fake_exit(_a, *_k):`
			`print("WARNING: This function should not be called", flush=True)`

			`glob["exit"] = fake_exit`
code push 2025-03-03 20:25:36 +01:00