diff --git a/src/detect-engine-mpm.c b/src/detect-engine-mpm.c index fe5b243b09..a012721ea5 100644 --- a/src/detect-engine-mpm.c +++ b/src/detect-engine-mpm.c @@ -479,7 +479,7 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh) goto error; memset(sh->mpm_ctx, 0x00, sizeof(MpmCtx)); - MpmInitCtx(sh->mpm_ctx, PM); + MpmInitCtx(sh->mpm_ctx, de_ctx->mpm_matcher); } if (sh->flags & SIG_GROUP_HAVEURICONTENT && !(sh->flags & SIG_GROUP_HEAD_MPM_URI_COPY)) { sh->mpm_uri_ctx = malloc(sizeof(MpmCtx)); @@ -487,7 +487,7 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh) goto error; memset(sh->mpm_uri_ctx, 0x00, sizeof(MpmCtx)); - MpmInitCtx(sh->mpm_uri_ctx, PM); + MpmInitCtx(sh->mpm_uri_ctx, de_ctx->mpm_matcher); } uint32_t mpm_content_cnt = 0, mpm_uricontent_cnt = 0; diff --git a/src/detect.c b/src/detect.c index b5fe12c694..ed4c4252c6 100644 --- a/src/detect.c +++ b/src/detect.c @@ -366,17 +366,17 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh /* if we didn't get a sig group head, we * have nothing to do.... */ if (det_ctx->sgh == NULL) { - //printf("SigMatchSignatures: no sgh\n"); + SCLogDebug("no sgh"); return 0; } if (p->payload_len > 0 && det_ctx->sgh->mpm_ctx != NULL && !(p->flags & PKT_NOPAYLOAD_INSPECTION)) { /* run the pattern matcher against the packet */ if (det_ctx->sgh->mpm_content_maxlen > p->payload_len) { - //printf("Not scanning as pkt payload is smaller than the largest content length we need to match"); + SCLogDebug("not scanning as pkt payload is smaller than the largest content length we need to match"); } else { uint32_t cnt = 0; - //printf("scan: (%p, maxlen %" PRIu32 ", cnt %" PRIu32 ")\n", det_ctx->sgh, det_ctx->sgh->mpm_content_maxlen, det_ctx->sgh->sig_cnt); + SCLogDebug("scan: (%p, maxlen %" PRIu32 ", sgh->sig_cnt %" PRIu32 ")", det_ctx->sgh, det_ctx->sgh->mpm_content_maxlen, det_ctx->sgh->sig_cnt); /* scan, but only if the noscan flag isn't set */ if (det_ctx->sgh->mpm_content_maxlen == 1) det_ctx->pkts_scanned1++; @@ -388,7 +388,7 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh cnt += PacketPatternScan(th_v, det_ctx, p); //if (cnt != det_ctx->pmq.searchable) - //printf("post scan: cnt %" PRIu32 ", searchable %" PRIu32 "\n", cnt, det_ctx->pmq.searchable); + SCLogDebug("post scan: cnt %" PRIu32 ", searchable %" PRIu32 "", cnt, det_ctx->pmq.searchable); if (det_ctx->pmq.searchable > 0) { //printf("now search\n"); if (det_ctx->sgh->mpm_content_maxlen == 1) det_ctx->pkts_searched1++; @@ -7192,6 +7192,244 @@ static int SigTestSgh04 (void) { end: return result; } + +/** \test setting of mpm type */ +static int SigTestSgh05 (void) { + ThreadVars th_v; + int result = 0; + Packet p; + DetectEngineThreadCtx *det_ctx; + + memset(&th_v, 0, sizeof(th_v)); + memset(&p, 0, sizeof(p)); + p.src.family = AF_INET; + p.dst.family = AF_INET; + p.payload_len = 1; + p.proto = IPPROTO_TCP; + p.dp = 80; + p.dst.addr_data32[0] = 0x04030201; + + DetectEngineCtx *de_ctx = DetectEngineCtxInit(); + if (de_ctx == NULL) { + goto end; + } + de_ctx->flags |= DE_QUIET; + de_ctx->mpm_matcher = MPM_WUMANBER; + + de_ctx->sig_list = SigInit(de_ctx,"alert ip any any -> 1.2.3.4-1.2.3.6 any (msg:\"1\"; content:\"one\"; content:\"1\"; sid:1;)"); + if (de_ctx->sig_list == NULL) { + result = 0; + goto end; + } + + SigGroupBuild(de_ctx); + DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); + + SigGroupHead *sgh = SigMatchSignaturesGetSgh(&th_v, de_ctx, det_ctx, &p); + if (sgh == NULL) { + printf("no sgh: "); + goto end; + } + + if (sgh->mpm_ctx == NULL) { + printf("sgh->mpm_type == NULL: "); + goto end; + } + + if (sgh->mpm_ctx->mpm_type != MPM_WUMANBER) { + printf("sgh->mpm_type != MPM_WUMANBER, expected %d, got %d: ", MPM_WUMANBER, sgh->mpm_ctx->mpm_type); + goto end; + } + + DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); + SigGroupCleanup(de_ctx); + DetectEngineCtxFree(de_ctx); + + result = 1; +end: + return result; +} +static int SigTestContent01Real (int mpm_type) { + uint8_t *buf = (uint8_t *)"01234567890123456789012345678901"; + uint16_t buflen = strlen((char *)buf); + Packet p; + ThreadVars th_v; + DetectEngineThreadCtx *det_ctx; + int result = 0; + + memset(&th_v, 0, sizeof(th_v)); + memset(&p, 0, sizeof(p)); + p.src.family = AF_INET; + p.dst.family = AF_INET; + p.payload = buf; + p.payload_len = buflen; + p.proto = IPPROTO_TCP; + + DetectEngineCtx *de_ctx = DetectEngineCtxInit(); + if (de_ctx == NULL) { + goto end; + } + + de_ctx->mpm_matcher = mpm_type; + de_ctx->flags |= DE_QUIET; + + de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Test 32\"; content:\"01234567890123456789012345678901\"; sid:1;)"); + if (de_ctx->sig_list == NULL) { + result = 0; + goto end; + } + + SigGroupBuild(de_ctx); + DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); + + SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); + if (PacketAlertCheck(&p, 1)) + result = 1; + else + printf("sig 1 didn't match: "); + + SigGroupCleanup(de_ctx); + SigCleanSignatures(de_ctx); + + DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); + DetectEngineCtxFree(de_ctx); +end: + return result; +} +static int SigTestContent01B2g (void) { + return SigTestContent01Real(MPM_B2G); +} +static int SigTestContent01B3g (void) { + return SigTestContent01Real(MPM_B3G); +} +static int SigTestContent01Wm (void) { + return SigTestContent01Real(MPM_WUMANBER); +} + +static int SigTestContent02Real (int mpm_type) { + uint8_t *buf = (uint8_t *)"01234567890123456789012345678901"; + uint16_t buflen = strlen((char *)buf); + Packet p; + ThreadVars th_v; + DetectEngineThreadCtx *det_ctx; + int result = 0; + + memset(&th_v, 0, sizeof(th_v)); + memset(&p, 0, sizeof(p)); + p.src.family = AF_INET; + p.dst.family = AF_INET; + p.payload = buf; + p.payload_len = buflen; + p.proto = IPPROTO_TCP; + + DetectEngineCtx *de_ctx = DetectEngineCtxInit(); + if (de_ctx == NULL) { + goto end; + } + + de_ctx->mpm_matcher = mpm_type; + de_ctx->flags |= DE_QUIET; + + de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Test 32\"; content:\"01234567890123456789012345678901\"; sid:1;)"); + if (de_ctx->sig_list == NULL) { + result = 0; + goto end; + } + + de_ctx->sig_list->next = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Test 31\"; content:\"0123456789012345678901234567890\"; sid:2;)"); + if (de_ctx->sig_list->next == NULL) { + result = 0; + goto end; + } + + SigGroupBuild(de_ctx); + DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); + + SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); + if (PacketAlertCheck(&p, 1)) { + if (PacketAlertCheck(&p, 2)) { + result = 1; + } else + printf("sig 2 didn't match: "); + } + else + printf("sig 1 didn't match: "); + + SigGroupCleanup(de_ctx); + SigCleanSignatures(de_ctx); + + DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); + DetectEngineCtxFree(de_ctx); +end: + return result; +} +static int SigTestContent02B2g (void) { + return SigTestContent02Real(MPM_B2G); +} +static int SigTestContent02B3g (void) { + return SigTestContent02Real(MPM_B3G); +} +static int SigTestContent02Wm (void) { + return SigTestContent02Real(MPM_WUMANBER); +} + +static int SigTestContent03Real (int mpm_type) { + uint8_t *buf = (uint8_t *)"01234567890123456789012345678901abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; + uint16_t buflen = strlen((char *)buf); + Packet p; + ThreadVars th_v; + DetectEngineThreadCtx *det_ctx; + int result = 0; + + memset(&th_v, 0, sizeof(th_v)); + memset(&p, 0, sizeof(p)); + p.src.family = AF_INET; + p.dst.family = AF_INET; + p.payload = buf; + p.payload_len = buflen; + p.proto = IPPROTO_TCP; + + DetectEngineCtx *de_ctx = DetectEngineCtxInit(); + if (de_ctx == NULL) { + goto end; + } + + de_ctx->mpm_matcher = mpm_type; + de_ctx->flags |= DE_QUIET; + + de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"Test 32\"; content:\"01234567890123456789012345678901\"; content:\"abcdefghijklmnopqrstuvwxyzABCDEF\"; distance:0; sid:1;)"); + if (de_ctx->sig_list == NULL) { + result = 0; + goto end; + } + + SigGroupBuild(de_ctx); + DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); + + SigMatchSignatures(&th_v, de_ctx, det_ctx, &p); + if (PacketAlertCheck(&p, 1)) + result = 1; + else + printf("sig 1 didn't match: "); + + SigGroupCleanup(de_ctx); + SigCleanSignatures(de_ctx); + + DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); + DetectEngineCtxFree(de_ctx); +end: + return result; +} +static int SigTestContent03B2g (void) { + return SigTestContent03Real(MPM_B2G); +} +static int SigTestContent03B3g (void) { + return SigTestContent03Real(MPM_B3G); +} +static int SigTestContent03Wm (void) { + return SigTestContent03Real(MPM_WUMANBER); +} + #endif /* UNITTESTS */ void SigRegisterTests(void) { @@ -7358,6 +7596,19 @@ void SigRegisterTests(void) { UtRegisterTest("SigTestSgh02", SigTestSgh02, 1); UtRegisterTest("SigTestSgh03", SigTestSgh03, 1); UtRegisterTest("SigTestSgh04", SigTestSgh04, 1); + UtRegisterTest("SigTestSgh05", SigTestSgh05, 1); + + UtRegisterTest("SigTestContent01B2g -- 32 byte pattern", SigTestContent01B2g, 1); + UtRegisterTest("SigTestContent01B3g -- 32 byte pattern", SigTestContent01B3g, 1); + UtRegisterTest("SigTestContent01Wm -- 32 byte pattern", SigTestContent01Wm, 1); + + UtRegisterTest("SigTestContent02B2g -- 32+31 byte pattern", SigTestContent02B2g, 1); + UtRegisterTest("SigTestContent02B3g -- 32+31 byte pattern", SigTestContent02B3g, 1); + UtRegisterTest("SigTestContent02Wm -- 32+31 byte pattern", SigTestContent02Wm, 1); + + UtRegisterTest("SigTestContent03B2g -- 32 byte pattern, x2 + distance", SigTestContent03B2g, 1); + UtRegisterTest("SigTestContent03B3g -- 32 byte pattern, x2 + distance", SigTestContent03B3g, 1); + UtRegisterTest("SigTestContent03Wm -- 32 byte pattern, x2 + distance", SigTestContent03Wm, 1); #endif /* UNITTESTS */ } diff --git a/src/util-mpm-b2g.c b/src/util-mpm-b2g.c index 3b5408909b..c5cfb748b6 100644 --- a/src/util-mpm-b2g.c +++ b/src/util-mpm-b2g.c @@ -304,8 +304,7 @@ void B2gFreePattern(MpmCtx *mpm_ctx, B2gPattern *p) { static inline int B2gAddPattern(MpmCtx *mpm_ctx, uint8_t *pat, uint16_t patlen, uint16_t offset, uint16_t depth, char nocase, char scan, uint32_t pid, uint32_t sid, uint8_t nosearch) { B2gCtx *ctx = (B2gCtx *)mpm_ctx->ctx; -// printf("B2gAddPattern: ctx %p \"", mpm_ctx); prt(pat, patlen); -// printf("\" id %" PRIu32 ", nocase %s\n", id, nocase ? "true" : "false"); + SCLogDebug("ctx %p len %"PRIu16" pid %" PRIu32 ", nocase %s", ctx, patlen, pid, nocase ? "true" : "false"); if (patlen == 0) return 0; @@ -313,7 +312,8 @@ static inline int B2gAddPattern(MpmCtx *mpm_ctx, uint8_t *pat, uint16_t patlen, /* get a memory piece */ B2gPattern *p = B2gInitHashLookup(ctx, pat, patlen, nocase); if (p == NULL) { -// printf("B2gAddPattern: allocing new pattern\n"); + SCLogDebug("allocing new pattern"); + p = B2gAllocPattern(mpm_ctx); if (p == NULL) goto error; @@ -348,7 +348,7 @@ static inline int B2gAddPattern(MpmCtx *mpm_ctx, uint8_t *pat, uint16_t patlen, //printf("B2gAddPattern: ci \""); prt(p->ci,p->len); //printf("\" cs \""); prt(p->cs,p->len); - //printf("\" prefix_ci %" PRIu32 ", prefix_cs %" PRIu32 "\n", p->prefix_ci, p->prefix_cs); + //printf("\"\n"); /* put in the pattern hash */ B2gInitHashAdd(ctx, p); @@ -497,7 +497,7 @@ static void B2gPrepareScanHash(MpmCtx *mpm_ctx) { #endif } else { idx = B2G_HASH16(ctx->parray[i]->ci[ctx->scan_m - 2], ctx->parray[i]->ci[ctx->scan_m - 1]); - //printf("idx %" PRIu32 ", %c.%c\n", idx, ctx->parray[i]->ci[ctx->m - 2], ctx->parray[i]->ci[ctx->m - 1]); + SCLogDebug("idx %" PRIu32 ", %c.%c", idx, ctx->parray[i]->ci[ctx->scan_m - 2], ctx->parray[i]->ci[ctx->scan_m - 1]); if (ctx->scan_hash[idx] == NULL) { B2gHashItem *hi = B2gAllocHashItem(mpm_ctx); @@ -549,6 +549,7 @@ static void B2gPrepareScanHash(MpmCtx *mpm_ctx) { B2gHashItem *thi = hi; do { + SCLogDebug("adding \"%c%c\" to the bloom", ctx->parray[thi->idx]->ci[0], ctx->parray[thi->idx]->ci[1]); BloomFilterAdd(ctx->scan_bloom[h], ctx->parray[thi->idx]->ci, ctx->scan_pminlen[h]); thi = thi->nxt; } while (thi != NULL); @@ -689,6 +690,8 @@ int B2gBuildScanMatchArray(MpmCtx *mpm_ctx) { uint16_t h = B2G_HASH16(u8_tolower(ctx->parray[a]->ci[j]),u8_tolower(ctx->parray[a]->ci[j+1])); ctx->scan_B2G[h] = ctx->scan_B2G[h] | (1 << (ctx->scan_m - j)); + + SCLogDebug("h %"PRIu16", ctx->scan_B2G[h] %"PRIu32"", h, ctx->scan_B2G[h]); } } @@ -800,16 +803,15 @@ int B2gPreparePatterns(MpmCtx *mpm_ctx) { ctx->Search = B2gSearch1; ctx->MBSearch = B2G_SEARCHFUNC; } - /* make sure 'm' stays in bounds */ - if (ctx->scan_m > B2G_WORD_SIZE) { - printf("Warning: 'm' bigger than word size: %" PRIu32 " > %" PRIu32 " (scan).", ctx->scan_m, B2G_WORD_SIZE); - ctx->scan_m = B2G_WORD_SIZE; + /* make sure 'm' stays in bounds + m can be max WORD_SIZE - 1 */ + if (ctx->scan_m >= B2G_WORD_SIZE) { + ctx->scan_m = B2G_WORD_SIZE - 1; } if (ctx->scan_m < 2) ctx->scan_m = 2; - if (ctx->search_m > B2G_WORD_SIZE) { - printf("Warning: 'm' bigger than word size: %" PRIu32 " > %" PRIu32 " (search).", ctx->search_m, B2G_WORD_SIZE); - ctx->search_m = B2G_WORD_SIZE; + if (ctx->search_m >= B2G_WORD_SIZE) { + ctx->search_m = B2G_WORD_SIZE - 1; } if (ctx->search_m < 2) ctx->search_m = 2; @@ -1107,6 +1109,8 @@ uint32_t B2gScanBNDMq(MpmCtx *mpm_ctx, MpmThreadCtx *mpm_thread_ctx, PatternMatc //printf("\n"); //PrintRawDataFp(stdout, buf, buflen); + SCLogDebug("buflen %"PRIu32", ctx->scan_m %"PRIu32", pos %"PRIu32"", buflen, ctx->scan_m, pos); + COUNT(tctx->scan_stat_calls++); COUNT(tctx->scan_stat_m_total+=ctx->scan_m); @@ -1124,6 +1128,7 @@ uint32_t B2gScanBNDMq(MpmCtx *mpm_ctx, MpmThreadCtx *mpm_thread_ctx, PatternMatc do { j = j - 1; + if (d >= (1 << (ctx->scan_m - 1))) { if (j > first) pos = j; else { @@ -1142,7 +1147,8 @@ uint32_t B2gScanBNDMq(MpmCtx *mpm_ctx, MpmThreadCtx *mpm_thread_ctx, PatternMatc if (BloomFilterTest(ctx->scan_bloom[h], buf+j, ctx->scan_pminlen[h]) == 0) { COUNT(tctx->scan_stat_bloom_hits++); - //printf("Bloom: %p, buflen %" PRIu32 ", pos %" PRIu32 ", p_min_len %" PRIu32 "\n", ctx->scan_bloom[h], buflen, pos, ctx->scan_pminlen[h]); + SCLogDebug("Bloom: %p, buflen %" PRIu32 ", pos %" PRIu32 ", p_min_len %" PRIu32 "", + ctx->scan_bloom[h], buflen, pos, ctx->scan_pminlen[h]); goto skip_loop; } } @@ -1154,8 +1160,9 @@ uint32_t B2gScanBNDMq(MpmCtx *mpm_ctx, MpmThreadCtx *mpm_thread_ctx, PatternMatc B2gPattern *p = ctx->parray[thi->idx]; if (p->flags & B2G_NOCASE) { - if (buflen - j < p->len) + if ((buflen - j) < p->len) { continue; + } if (memcmp_lowercase(p->ci, buf+j, p->len) == 0) { #ifdef PRINTMATCH @@ -1194,13 +1201,15 @@ uint32_t B2gScanBNDMq(MpmCtx *mpm_ctx, MpmThreadCtx *mpm_thread_ctx, PatternMatc } } skip_loop: - //printf("output at pos %" PRIu32 ": ", j); prt(buf + (j), ctx->scan_m); printf("\n"); + //SCLogDebug("skipped"); + //SCLogDebug("output at pos %" PRIu32 ": ", j); prt(buf + (j), ctx->scan_m); printf("\n"); ; } } - if (j == 0) + if (j == 0) { break; + } h = B2G_HASH16(u8_tolower(buf[j - 1]),u8_tolower(buf[j])); d = (d << 1) & ctx->scan_B2G[h]; @@ -1209,7 +1218,11 @@ skip_loop: COUNT(tctx->scan_stat_num_shift++); COUNT(tctx->scan_stat_total_shift += (ctx->scan_m - B2G_Q + 1)); pos = pos + ctx->scan_m - B2G_Q + 1; + + //SCLogDebug("pos %"PRIu32"", pos); } + + //SCLogDebug("matches %"PRIu32"", matches); return matches; } @@ -2148,7 +2161,12 @@ static int B2gTestScan10 (void) { B2gPreparePatterns(&mpm_ctx); B2gThreadInitCtx(&mpm_ctx, &mpm_thread_ctx, 1 /* 1 pattern */); - uint32_t cnt = ctx->Scan(&mpm_ctx, &mpm_thread_ctx, NULL, (uint8_t *)"012345679012345679012345679012345679012345679012345679012345679012345679012345679012345679abcdefgh012345679012345679012345679012345679012345679012345679012345679012345679012345679012345679", 208); + char *buf = "01234567890123456789012345678901234567890123456789" + "01234567890123456789012345678901234567890123456789" + "abcdefgh" + "01234567890123456789012345678901234567890123456789" + "01234567890123456789012345678901234567890123456789"; + uint32_t cnt = ctx->Scan(&mpm_ctx, &mpm_thread_ctx, NULL, (uint8_t *)buf, strlen(buf)); MpmMatchCleanup(&mpm_thread_ctx); @@ -2176,7 +2194,7 @@ static int B2gTestScan11 (void) { B2gPreparePatterns(&mpm_ctx); B2gThreadInitCtx(&mpm_ctx, &mpm_thread_ctx, 2 /* 2 patterns */); - uint32_t cnt = ctx->Scan(&mpm_ctx, &mpm_thread_ctx, NULL, (uint8_t *)"abcdefghjiklmnopqrstuvwxyz", 26); + uint32_t cnt = ctx->Scan(&mpm_ctx, &mpm_thread_ctx, NULL, (uint8_t *)"abcdefghijklmnopqrstuvwxyz", 26); MpmMatchCleanup(&mpm_thread_ctx); @@ -2204,7 +2222,7 @@ static int B2gTestScan12 (void) { B2gPreparePatterns(&mpm_ctx); B2gThreadInitCtx(&mpm_ctx, &mpm_thread_ctx, 2 /* 2 patterns */); - uint32_t cnt = ctx->Scan(&mpm_ctx, &mpm_thread_ctx, NULL, (uint8_t *)"abcdefghjiklmnopqrstuvwxyz", 26); + uint32_t cnt = ctx->Scan(&mpm_ctx, &mpm_thread_ctx, NULL, (uint8_t *)"abcdefghijklmnopqrstuvwxyz", 26); MpmMatchCleanup(&mpm_thread_ctx); @@ -2218,6 +2236,251 @@ static int B2gTestScan12 (void) { return result; } +static int B2gTestScan13 (void) { + int result = 0; + MpmCtx mpm_ctx; + memset(&mpm_ctx, 0x00, sizeof(MpmCtx)); + MpmThreadCtx mpm_thread_ctx; + MpmInitCtx(&mpm_ctx, MPM_B2G); + B2gCtx *ctx = (B2gCtx *)mpm_ctx.ctx; + + B2gAddScanPatternCS(&mpm_ctx, (uint8_t *)"abcdefghijklmnopqrstuvwxyzABCD", 30, 0, 0, 0, 0, 0); /* 1 match */ + + B2gPreparePatterns(&mpm_ctx); + B2gThreadInitCtx(&mpm_ctx, &mpm_thread_ctx, 1 /* 1 pattern */); + + uint32_t cnt = ctx->Scan(&mpm_ctx, &mpm_thread_ctx, NULL, (uint8_t *)"abcdefghijklmnopqrstuvwxyzABCD", 30); + + MpmMatchCleanup(&mpm_thread_ctx); + + if (cnt == 1) + result = 1; + else + printf("1 != %" PRIu32 " ",cnt); + + B2gThreadDestroyCtx(&mpm_ctx, &mpm_thread_ctx); + B2gDestroyCtx(&mpm_ctx); + return result; +} + +static int B2gTestScan14 (void) { + int result = 0; + MpmCtx mpm_ctx; + memset(&mpm_ctx, 0x00, sizeof(MpmCtx)); + MpmThreadCtx mpm_thread_ctx; + MpmInitCtx(&mpm_ctx, MPM_B2G); + B2gCtx *ctx = (B2gCtx *)mpm_ctx.ctx; + + B2gAddScanPatternCS(&mpm_ctx, (uint8_t *)"abcdefghijklmnopqrstuvwxyzABCDE", 31, 0, 0, 0, 0, 0); /* 1 match */ + + B2gPreparePatterns(&mpm_ctx); + B2gThreadInitCtx(&mpm_ctx, &mpm_thread_ctx, 1 /* 1 pattern */); + + uint32_t cnt = ctx->Scan(&mpm_ctx, &mpm_thread_ctx, NULL, (uint8_t *)"abcdefghijklmnopqrstuvwxyzABCDE", 31); + + MpmMatchCleanup(&mpm_thread_ctx); + + if (cnt == 1) + result = 1; + else + printf("1 != %" PRIu32 " ",cnt); + + B2gThreadDestroyCtx(&mpm_ctx, &mpm_thread_ctx); + B2gDestroyCtx(&mpm_ctx); + return result; +} + +static int B2gTestScan15 (void) { + int result = 0; + MpmCtx mpm_ctx; + memset(&mpm_ctx, 0x00, sizeof(MpmCtx)); + MpmThreadCtx mpm_thread_ctx; + MpmInitCtx(&mpm_ctx, MPM_B2G); + B2gCtx *ctx = (B2gCtx *)mpm_ctx.ctx; + + B2gAddScanPatternCS(&mpm_ctx, (uint8_t *)"abcdefghijklmnopqrstuvwxyzABCDEF", 32, 0, 0, 0, 0, 0); /* 1 match */ + + B2gPreparePatterns(&mpm_ctx); + B2gThreadInitCtx(&mpm_ctx, &mpm_thread_ctx, 1 /* 1 pattern */); + + uint32_t cnt = ctx->Scan(&mpm_ctx, &mpm_thread_ctx, NULL, (uint8_t *)"abcdefghijklmnopqrstuvwxyzABCDEF", 32); + + MpmMatchCleanup(&mpm_thread_ctx); + + if (cnt == 1) + result = 1; + else + printf("1 != %" PRIu32 " ",cnt); + + B2gThreadDestroyCtx(&mpm_ctx, &mpm_thread_ctx); + B2gDestroyCtx(&mpm_ctx); + return result; +} + +static int B2gTestScan16 (void) { + int result = 0; + MpmCtx mpm_ctx; + memset(&mpm_ctx, 0x00, sizeof(MpmCtx)); + MpmThreadCtx mpm_thread_ctx; + MpmInitCtx(&mpm_ctx, MPM_B2G); + B2gCtx *ctx = (B2gCtx *)mpm_ctx.ctx; + + B2gAddScanPatternCS(&mpm_ctx, (uint8_t *)"abcdefghijklmnopqrstuvwxyzABC", 29, 0, 0, 0, 0, 0); /* 1 match */ + + B2gPreparePatterns(&mpm_ctx); + B2gThreadInitCtx(&mpm_ctx, &mpm_thread_ctx, 1 /* 1 pattern */); + + uint32_t cnt = ctx->Scan(&mpm_ctx, &mpm_thread_ctx, NULL, (uint8_t *)"abcdefghijklmnopqrstuvwxyzABC", 29); + + MpmMatchCleanup(&mpm_thread_ctx); + + if (cnt == 1) + result = 1; + else + printf("1 != %" PRIu32 " ",cnt); + + B2gThreadDestroyCtx(&mpm_ctx, &mpm_thread_ctx); + B2gDestroyCtx(&mpm_ctx); + return result; +} + +static int B2gTestScan17 (void) { + int result = 0; + MpmCtx mpm_ctx; + memset(&mpm_ctx, 0x00, sizeof(MpmCtx)); + MpmThreadCtx mpm_thread_ctx; + MpmInitCtx(&mpm_ctx, MPM_B2G); + B2gCtx *ctx = (B2gCtx *)mpm_ctx.ctx; + + B2gAddScanPatternCS(&mpm_ctx, (uint8_t *)"abcdefghijklmnopqrstuvwxyzAB", 28, 0, 0, 0, 0, 0); /* 1 match */ + + B2gPreparePatterns(&mpm_ctx); + B2gThreadInitCtx(&mpm_ctx, &mpm_thread_ctx, 1 /* 1 pattern */); + + uint32_t cnt = ctx->Scan(&mpm_ctx, &mpm_thread_ctx, NULL, (uint8_t *)"abcdefghijklmnopqrstuvwxyzAB", 28); + + MpmMatchCleanup(&mpm_thread_ctx); + + if (cnt == 1) + result = 1; + else + printf("1 != %" PRIu32 " ",cnt); + + B2gThreadDestroyCtx(&mpm_ctx, &mpm_thread_ctx); + B2gDestroyCtx(&mpm_ctx); + return result; +} + +static int B2gTestScan18 (void) { + int result = 0; + MpmCtx mpm_ctx; + memset(&mpm_ctx, 0x00, sizeof(MpmCtx)); + MpmThreadCtx mpm_thread_ctx; + MpmInitCtx(&mpm_ctx, MPM_B2G); + B2gCtx *ctx = (B2gCtx *)mpm_ctx.ctx; + + B2gAddScanPatternCS(&mpm_ctx, (uint8_t *)"abcde""fghij""klmno""pqrst""uvwxy""z", 26, 0, 0, 0, 0, 0); /* 1 match */ + + B2gPreparePatterns(&mpm_ctx); + B2gThreadInitCtx(&mpm_ctx, &mpm_thread_ctx, 1 /* 1 pattern */); + + uint32_t cnt = ctx->Scan(&mpm_ctx, &mpm_thread_ctx, NULL, (uint8_t *)"abcde""fghij""klmno""pqrst""uvwxy""z", 26); + + MpmMatchCleanup(&mpm_thread_ctx); + + if (cnt == 1) + result = 1; + else + printf("1 != %" PRIu32 " ",cnt); + + B2gThreadDestroyCtx(&mpm_ctx, &mpm_thread_ctx); + B2gDestroyCtx(&mpm_ctx); + return result; +} + +static int B2gTestScan19 (void) { + int result = 0; + MpmCtx mpm_ctx; + memset(&mpm_ctx, 0x00, sizeof(MpmCtx)); + MpmThreadCtx mpm_thread_ctx; + MpmInitCtx(&mpm_ctx, MPM_B2G); + B2gCtx *ctx = (B2gCtx *)mpm_ctx.ctx; + + B2gAddScanPatternCS(&mpm_ctx, (uint8_t *)"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", 30, 0, 0, 0, 0, 0); /* 1 */ + + B2gPreparePatterns(&mpm_ctx); + B2gThreadInitCtx(&mpm_ctx, &mpm_thread_ctx, 1 /* 1 patterns */); + + uint32_t cnt = ctx->Scan(&mpm_ctx, &mpm_thread_ctx, NULL, (uint8_t *)"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", 30); + + MpmMatchCleanup(&mpm_thread_ctx); + + if (cnt == 1) + result = 1; + else + printf("1 != %" PRIu32 " ",cnt); + + B2gThreadDestroyCtx(&mpm_ctx, &mpm_thread_ctx); + B2gDestroyCtx(&mpm_ctx); + return result; +} + +static int B2gTestScan20 (void) { + int result = 0; + MpmCtx mpm_ctx; + memset(&mpm_ctx, 0x00, sizeof(MpmCtx)); + MpmThreadCtx mpm_thread_ctx; + MpmInitCtx(&mpm_ctx, MPM_B2G); + B2gCtx *ctx = (B2gCtx *)mpm_ctx.ctx; + + B2gAddScanPatternCS(&mpm_ctx, (uint8_t *)"AAAAA""AAAAA""AAAAA""AAAAA""AAAAA""AAAAA""AA", 32, 0, 0, 0, 0, 0); /* 1 */ + //B2gAddScanPatternCS(&mpm_ctx, (uint8_t *)"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", 32, 0, 0, 0, 0, 0); /* 1 */ + + B2gPreparePatterns(&mpm_ctx); + B2gThreadInitCtx(&mpm_ctx, &mpm_thread_ctx, 1 /* 1 patterns */); + + //uint32_t cnt = ctx->Scan(&mpm_ctx, &mpm_thread_ctx, NULL, (uint8_t *)"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", 32); + uint32_t cnt = ctx->Scan(&mpm_ctx, &mpm_thread_ctx, NULL, (uint8_t *)"AAAAA""AAAAA""AAAAA""AAAAA""AAAAA""AAAAA""AA", 32); + + MpmMatchCleanup(&mpm_thread_ctx); + + if (cnt == 1) + result = 1; + else + printf("1 != %" PRIu32 " ",cnt); + + B2gThreadDestroyCtx(&mpm_ctx, &mpm_thread_ctx); + B2gDestroyCtx(&mpm_ctx); + return result; +} + +static int B2gTestScan21 (void) { + int result = 0; + MpmCtx mpm_ctx; + memset(&mpm_ctx, 0x00, sizeof(MpmCtx)); + MpmThreadCtx mpm_thread_ctx; + MpmInitCtx(&mpm_ctx, MPM_B2G); + B2gCtx *ctx = (B2gCtx *)mpm_ctx.ctx; + + B2gAddScanPatternCS(&mpm_ctx, (uint8_t *)"AA", 2, 0, 0, 0, 0, 0); /* 1 */ + + B2gPreparePatterns(&mpm_ctx); + B2gThreadInitCtx(&mpm_ctx, &mpm_thread_ctx, 1 /* 1 patterns */); + + uint32_t cnt = ctx->Scan(&mpm_ctx, &mpm_thread_ctx, NULL, (uint8_t *)"AA", 2); + + MpmMatchCleanup(&mpm_thread_ctx); + + if (cnt == 1) + result = 1; + else + printf("1 != %" PRIu32 " ",cnt); + + B2gThreadDestroyCtx(&mpm_ctx, &mpm_thread_ctx); + B2gDestroyCtx(&mpm_ctx); + return result; +} + static int B2gTestSearch01 (void) { int result = 0; MpmCtx mpm_ctx; @@ -2488,7 +2751,12 @@ static int B2gTestSearch10 (void) { B2gPreparePatterns(&mpm_ctx); B2gThreadInitCtx(&mpm_ctx, &mpm_thread_ctx, 1 /* 1 pattern */); - uint32_t cnt = ctx->Search(&mpm_ctx, &mpm_thread_ctx, NULL, (uint8_t *)"012345679012345679012345679012345679012345679012345679012345679012345679012345679012345679abcdefgh012345679012345679012345679012345679012345679012345679012345679012345679012345679012345679", 208); + char *buf = "01234567890123456789012345678901234567890123456789" + "01234567890123456789012345678901234567890123456789" + "abcdefgh" + "01234567890123456789012345678901234567890123456789" + "01234567890123456789012345678901234567890123456789"; + uint32_t cnt = ctx->Search(&mpm_ctx, &mpm_thread_ctx, NULL, (uint8_t *)buf, strlen(buf)); MpmMatchCleanup(&mpm_thread_ctx); @@ -2581,6 +2849,15 @@ void B2gRegisterTests(void) { UtRegisterTest("B2gTestScan10", B2gTestScan10, 1); UtRegisterTest("B2gTestScan11", B2gTestScan11, 1); UtRegisterTest("B2gTestScan12", B2gTestScan12, 1); + UtRegisterTest("B2gTestScan13", B2gTestScan13, 1); + UtRegisterTest("B2gTestScan14", B2gTestScan14, 1); + UtRegisterTest("B2gTestScan15", B2gTestScan15, 1); + UtRegisterTest("B2gTestScan16", B2gTestScan16, 1); + UtRegisterTest("B2gTestScan17", B2gTestScan17, 1); + UtRegisterTest("B2gTestScan18", B2gTestScan18, 1); + UtRegisterTest("B2gTestScan19", B2gTestScan19, 1); + UtRegisterTest("B2gTestScan20", B2gTestScan20, 1); + UtRegisterTest("B2gTestScan21", B2gTestScan21, 1); UtRegisterTest("B2gTestSearch01", B2gTestSearch01, 1); UtRegisterTest("B2gTestSearch02", B2gTestSearch02, 1); diff --git a/src/util-mpm-b3g.c b/src/util-mpm-b3g.c index 6627394a58..da5382da78 100644 --- a/src/util-mpm-b3g.c +++ b/src/util-mpm-b3g.c @@ -820,16 +820,15 @@ int B3gPreparePatterns(MpmCtx *mpm_ctx) { ctx->scan_m = mpm_ctx->scan_minlen; ctx->search_m = mpm_ctx->search_minlen; - /* make sure 'm' stays in bounds */ - if (ctx->scan_m > B3G_WORD_SIZE) { - printf("Warning: 'm' bigger than word size: %" PRIu32 " > %" PRIu32 " (scan).", ctx->scan_m, B3G_WORD_SIZE); - ctx->scan_m = B3G_WORD_SIZE; + /* make sure 'm' stays in bounds + m can be max WORD_SIZE - 1 */ + if (ctx->scan_m >= B3G_WORD_SIZE) { + ctx->scan_m = B3G_WORD_SIZE - 1; } if (ctx->scan_m < 3) ctx->scan_m = 3; - if (ctx->search_m > B3G_WORD_SIZE) { - printf("Warning: 'm' bigger than word size: %" PRIu32 " > %" PRIu32 " (search).", ctx->search_m, B3G_WORD_SIZE); - ctx->search_m = B3G_WORD_SIZE; + if (ctx->search_m >= B3G_WORD_SIZE) { + ctx->search_m = B3G_WORD_SIZE - 1; } if (ctx->search_m < 3) ctx->search_m = 3; diff --git a/src/util-mpm.h b/src/util-mpm.h index 00d2fc3073..bc4a870615 100644 --- a/src/util-mpm.h +++ b/src/util-mpm.h @@ -9,7 +9,9 @@ #define MPM_ENDMATCH_NOSEARCH 0x08 /* if this matches, no search is required (for this pattern) */ enum { - MPM_WUMANBER = 0, + MPM_NOTSET = 0, + + MPM_WUMANBER, MPM_B2G, MPM_B3G,