aho-corasick for the cpu. We have 2 versions of ac. The first MPM_AC uses the delta table and the secone one MPM_AC_GFBS uses the goto-failure table

src/Makefile.am

@@ -142,6 +142,8 @@ util-mpm-b2g-cuda.c util-mpm-b2g-cuda.h \
 util-mpm-b3g.c util-mpm-b3g.h \
 util-mpm-b2gc.c util-mpm-b2gc.h \
 util-mpm-b2gm.c util-mpm-b2gm.h \
+util-mpm-ac.c util-mpm-ac.h \
+util-mpm-ac-gfbs.c util-mpm-ac-gfbs.h \
 util-cidr.c util-cidr.h \
 util-unittest.c util-unittest.h \
 util-unittest-helper.c util-unittest-helper.h \

src/detect-engine-mpm.c

@@ -72,6 +72,8 @@ SCEnumCharMap sc_mpm_algo_map[] = {
     { "b2g",      MPM_B2G },
     { "b3g",      MPM_B3G },
     { "wumanber", MPM_WUMANBER },
+    { "ac",       MPM_AC },
+    { "ac-gfbs",  MPM_AC_GFBS },
 #ifdef __SC_CUDA_SUPPORT__
     { "b2g_cuda", MPM_B2G_CUDA },
 #endif

src/util-error.c

@@ -190,6 +190,7 @@ const char * SCErrorToString(SCError err)
         CASE_CODE (SC_WARN_ERF_DAG_REC_LEN_CHANGED);
         CASE_CODE (SC_WARN_COMPATIBILITY);
         CASE_CODE (SC_ERR_DCERPC);
+        CASE_CODE (SC_ERR_AHO_CORASICK);
 
         default:
             return "UNKNOWN_ERROR";

src/util-error.h

@@ -201,6 +201,7 @@ typedef enum {
     SC_ERR_FATAL,
     SC_ERR_DCERPC,
     SC_ERR_DETECT_PREPARE,          /**< preparing the detection engine failed */
+    SC_ERR_AHO_CORASICK,
 } SCError;
 
 const char *SCErrorToString(SCError);

src/util-mpm-ac-gfbs.h

@@ -0,0 +1,93 @@
+/* Copyright (C) 2007-2010 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+/**
+ * \file
+ *
+ * \author Anoop Saldanha <poonaatsoc@gmail.com>
+ *
+ */
+
+#define SC_AC_GFBS_STATE_TYPE_U16 uint16_t
+#define SC_AC_GFBS_STATE_TYPE_U32 uint32_t
+
+typedef struct SCACGfbsPattern_ {
+    /* length of the pattern */
+    uint16_t len;
+    /* flags decribing the pattern */
+    uint8_t flags;
+    /* case sensitive */
+    uint8_t *cs;
+    /* case INsensitive */
+    uint8_t *ci;
+    /* pattern id */
+    uint32_t id;
+
+    struct SCACGfbsPattern_ *next;
+} SCACGfbsPattern;
+
+typedef struct SCACGfbsOutputTable_ {
+    /* list of pattern sids */
+    uint32_t *pids;
+    /* no of entries we have in pids */
+    uint32_t no_of_entries;
+} SCACGfbsOutputTable;
+
+typedef struct SCACGfbsGotoTableMod_ {
+    /* each of these below declarations will be of type uint32_t, if the state
+     * count exceeds 65535, the maximum value a 16 bit unsigned var can hold */
+
+    /* no of entries stored below */
+    uint16_t no_of_entries;
+
+    /* the ascii codes over which we have state transitions */
+    uint16_t *ascii_codes;
+    /* the states that correspond to the ascii_codes above */
+    uint16_t *states;
+} SCACGfbsGotoTableMod_;
+
+typedef struct SCACGfbsCtx_ {
+    /* hash used during ctx initialization */
+    SCACGfbsPattern **init_hash;
+
+    /* pattern arrays.  We need this only during the goto table creation phase */
+    SCACGfbsPattern **parray;
+
+    /* no of states used by ac */
+    int32_t state_count;
+    /* the modified goto_table */
+    uint8_t *goto_table_mod;
+    uint8_t **goto_table_mod_pointers;
+
+    /* goto_table, failure table and output table.  Needed to create state_table.
+     * Will be freed, once we have created the goto_table_mod */
+    int32_t (*goto_table)[256];
+    int32_t *failure_table;
+    SCACGfbsOutputTable *output_table;
+
+    /* the size of each state */
+    uint16_t single_state_size;
+} SCACGfbsCtx;
+
+typedef struct SCACGfbsThreadCtx_ {
+    /* the total calls we make to the search function */
+    uint32_t total_calls;
+    /* the total patterns that we ended up matching against */
+    uint64_t total_matches;
+} SCACGfbsThreadCtx;
+
+void MpmACGfbsRegister(void);

src/util-mpm-ac.h

@@ -0,0 +1,81 @@
+/* Copyright (C) 2007-2010 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+/**
+ * \file
+ *
+ * \author Anoop Saldanha <poonaatsoc@gmail.com>
+ *
+ */
+
+#define SC_AC_STATE_TYPE_U16 uint16_t
+#define SC_AC_STATE_TYPE_U32 uint32_t
+
+typedef struct SCACPattern_ {
+    /* length of the pattern */
+    uint16_t len;
+    /* flags decribing the pattern */
+    uint8_t flags;
+    /* case sensitive */
+    uint8_t *cs;
+    /* case INsensitive */
+    uint8_t *ci;
+    /* pattern id */
+    uint32_t id;
+
+    struct SCACPattern_ *next;
+} SCACPattern;
+
+typedef struct SCACOutputTable_ {
+    /* list of pattern sids */
+    uint32_t *pids;
+    /* no of entries we have in pids */
+    uint32_t no_of_entries;
+} SCACOutputTable;
+
+typedef struct SCACCtx_ {
+    /* hash used during ctx initialization */
+    SCACPattern **init_hash;
+
+    /* pattern arrays.  We need this only during the goto table creation phase */
+    SCACPattern **parray;
+
+    /* no of states used by ac */
+    int32_t state_count;
+    /* the all important memory hungry state_table */
+    SC_AC_STATE_TYPE_U16 (*state_table_u16)[256];
+    /* the all important memory hungry state_table */
+    SC_AC_STATE_TYPE_U32 (*state_table_u32)[256];
+
+    /* goto_table, failure table and output table.  Needed to create state_table.
+     * Will be freed, once we have created the state_table */
+    int32_t (*goto_table)[256];
+    int32_t *failure_table;
+    SCACOutputTable *output_table;
+
+    /* the size of each state */
+    uint16_t single_state_size;
+} SCACCtx;
+
+typedef struct SCACThreadCtx_ {
+    /* the total calls we make to the search function */
+    uint32_t total_calls;
+    /* the total patterns that we ended up matching against */
+    uint64_t total_matches;
+} SCACThreadCtx;
+
+void MpmACRegister(void);

src/util-mpm.c

@@ -34,6 +34,8 @@
 #include "util-mpm-b3g.h"
 #include "util-mpm-b2gc.h"
 #include "util-mpm-b2gm.h"
+#include "util-mpm-ac.h"
+#include "util-mpm-ac-gfbs.h"
 #include "util-hashlist.h"
 
 /**
@@ -220,6 +222,8 @@ void MpmTableSetup(void) {
     MpmB3gRegister();
     MpmB2gcRegister();
     MpmB2gmRegister();
+    MpmACRegister();
+    MpmACGfbsRegister();
 }
 
 /** \brief  Function to return the default hash size for the mpm algorithm,

src/util-mpm.h

@@ -53,15 +53,22 @@
 enum {
     MPM_NOTSET = 0,
 
+    /* wumanber as the name suggests */
     MPM_WUMANBER,
+    /* bndmq 2 gram */
     MPM_B2G,
 #ifdef __SC_CUDA_SUPPORT__
     MPM_B2G_CUDA,
 #endif
+    /* bndmq 3 gram */
     MPM_B3G,
     MPM_B2GC,
     MPM_B2GM,
 
+    /* aho-corasick */
+    MPM_AC,
+    /* aho-corasick-goto-failure state based */
+    MPM_AC_GFBS,
     /* table size */
     MPM_TABLE_SIZE,
 };