diff --git a/src/detect-engine-mpm.c b/src/detect-engine-mpm.c index bcd998ae84..13f694ea8a 100644 --- a/src/detect-engine-mpm.c +++ b/src/detect-engine-mpm.c @@ -484,7 +484,7 @@ static int PatternMatchPreprarePopulateMpm(DetectEngineCtx *de_ctx, SigGroupHead SCLogDebug("scan_ch == NULL, so selecting lookup_ch->ptr->id %"PRIu32"", lookup_ch->ptr->id); scan_ch = lookup_ch; } else { - ///if (lookup_ch->use == 0) { + //if (lookup_ch->use == 0) { uint32_t ls = PatternStrength(lookup_ch->ptr->content,lookup_ch->ptr->content_len,sgh->mpm_content_maxlen); uint32_t ss = PatternStrength(scan_ch->ptr->content,scan_ch->ptr->content_len,sgh->mpm_content_maxlen); if (ls > ss) { @@ -533,11 +533,12 @@ static int PatternMatchPreprarePopulateMpm(DetectEngineCtx *de_ctx, SigGroupHead uint16_t depth = s->flags & SIG_FLAG_RECURSIVE ? 0 : co->depth; offset = scan_ch->cnt ? 0 : offset; depth = scan_ch->cnt ? 0 : depth; + uint8_t flags = 0; if (co->flags & DETECT_CONTENT_NOCASE) { - mpm_table[sgh->mpm_ctx->mpm_type].AddPatternNocase(sgh->mpm_ctx, co->content, co->content_len, offset, depth, co->id, s->num, scan_ch->nosearch); + mpm_table[sgh->mpm_ctx->mpm_type].AddPatternNocase(sgh->mpm_ctx, co->content, co->content_len, offset, depth, co->id, s->num, flags); } else { - mpm_table[sgh->mpm_ctx->mpm_type].AddPattern(sgh->mpm_ctx, co->content, co->content_len, offset, depth, co->id, s->num, scan_ch->nosearch); + mpm_table[sgh->mpm_ctx->mpm_type].AddPattern(sgh->mpm_ctx, co->content, co->content_len, offset, depth, co->id, s->num, flags); } SCLogDebug("%"PRIu32" adding co->id %"PRIu32" to the scan phase (s->num %"PRIu32")", s->id, co->id, s->num); @@ -867,10 +868,12 @@ int PatternMatchPrepareGroup(DetectEngineCtx *de_ctx, SigGroupHead *sh) /* only add the pattern if: we didn't add a pattern already, * length is the same as maxlen (ie we only add the longest pattern) */ if (!uricontent_scanadded && uricontent_maxlen == ud->uricontent_len) { + uint8_t flags = 0; + if (ud->flags & DETECT_URICONTENT_NOCASE) { - mpm_table[sh->mpm_uri_ctx->mpm_type].AddPatternNocase(sh->mpm_uri_ctx, ud->uricontent, ud->uricontent_len, 0, 0, ud->id, s->num, 0); + mpm_table[sh->mpm_uri_ctx->mpm_type].AddPatternNocase(sh->mpm_uri_ctx, ud->uricontent, ud->uricontent_len, 0, 0, ud->id, s->num, flags); } else { - mpm_table[sh->mpm_uri_ctx->mpm_type].AddPattern(sh->mpm_uri_ctx, ud->uricontent, ud->uricontent_len, 0, 0, ud->id, s->num, 0); + mpm_table[sh->mpm_uri_ctx->mpm_type].AddPattern(sh->mpm_uri_ctx, ud->uricontent, ud->uricontent_len, 0, 0, ud->id, s->num, flags); } uricontent_scanadded = 1; diff --git a/src/util-mpm-b2g.c b/src/util-mpm-b2g.c index c23ec47ad7..0b6d8f4789 100644 --- a/src/util-mpm-b2g.c +++ b/src/util-mpm-b2g.c @@ -59,6 +59,7 @@ void B2gRegisterTests(void); void MpmB2gRegister (void) { mpm_table[MPM_B2G].name = "b2g"; mpm_table[MPM_B2G].max_pattern_length = B2G_WORD_SIZE; + mpm_table[MPM_B2G].InitCtx = B2gInitCtx; mpm_table[MPM_B2G].InitThreadCtx = B2gThreadInitCtx; mpm_table[MPM_B2G].DestroyCtx = B2gDestroyCtx; @@ -73,12 +74,12 @@ void MpmB2gRegister (void) { mpm_table[MPM_B2G].RegisterUnittests = B2gRegisterTests; } -/* append an endmatch to a pattern +/** \brief append an endmatch to a pattern * - * Only used in the initialization phase */ + * \note Only used in the initialization phase + */ static inline void B2gEndMatchAppend(MpmCtx *mpm_ctx, B2gPattern *p, - uint16_t offset, uint16_t depth, uint32_t pid, uint32_t sid, - uint8_t nosearch) + uint16_t offset, uint16_t depth, uint32_t pid, uint32_t sid) { SCLogDebug("pid %"PRIu32", sid %"PRIu32"", pid, sid); @@ -95,9 +96,6 @@ static inline void B2gEndMatchAppend(MpmCtx *mpm_ctx, B2gPattern *p, em->depth = depth; em->offset = offset; - if (nosearch) - em->flags |= MPM_ENDMATCH_NOSEARCH; - if (p->em == NULL) { p->em = em; SCLogDebug("m %p m->sig_id %"PRIu32"", em, em->sig_id); @@ -109,14 +107,6 @@ static inline void B2gEndMatchAppend(MpmCtx *mpm_ctx, B2gPattern *p, m = m->next; } m->next = em; - - m = p->em; - SCLogDebug("m %p m->sig_id %"PRIu32"", m, m->sig_id); - while (m->next) { - m = m->next; - SCLogDebug("m %p m->sig_id %"PRIu32"", m, m->sig_id); - } - p->em_len++; } #ifdef PRINTMATCH @@ -242,9 +232,9 @@ static inline int B2gInitHashAdd(B2gCtx *ctx, B2gPattern *p) { return 0; } -static inline int B2gCmpPattern(B2gPattern *p, uint8_t *pat, uint16_t patlen, char nocase); +static inline int B2gCmpPattern(B2gPattern *p, uint8_t *pat, uint16_t patlen, char flags); -static inline B2gPattern *B2gInitHashLookup(B2gCtx *ctx, uint8_t *pat, uint16_t patlen, char nocase) { +static inline B2gPattern *B2gInitHashLookup(B2gCtx *ctx, uint8_t *pat, uint16_t patlen, char flags) { uint32_t hash = B2gInitHashRaw(pat,patlen); //printf("B2gInitHashLookup: %" PRIu32 ", head %p\n", hash, ctx->init_hash[hash]); @@ -255,18 +245,18 @@ static inline B2gPattern *B2gInitHashLookup(B2gCtx *ctx, uint8_t *pat, uint16_t B2gPattern *t = ctx->init_hash[hash]; for ( ; t != NULL; t = t->next) { - if (B2gCmpPattern(t,pat,patlen,nocase) == 1) + if (B2gCmpPattern(t,pat,patlen,flags) == 1) return t; } return NULL; } -static inline int B2gCmpPattern(B2gPattern *p, uint8_t *pat, uint16_t patlen, char nocase) { +static inline int B2gCmpPattern(B2gPattern *p, uint8_t *pat, uint16_t patlen, char flags) { if (p->len != patlen) return 0; - if (!((nocase && p->flags & B2G_NOCASE) || (!nocase && !(p->flags & B2G_NOCASE)))) + if (p->flags != flags) return 0; if (memcmp(p->cs, pat, patlen) != 0) @@ -303,15 +293,16 @@ void B2gFreePattern(MpmCtx *mpm_ctx, B2gPattern *p) { } } -/* B2gAddPattern +/** \internal + * \brief add a pattern to the mpm/b2g context * - * pat: ptr to the pattern - * patlen: length of the pattern - * nocase: nocase flag: 1 enabled, 0 disable - * pid: pattern id - * sid: signature id (internal id) + * \param pat ptr to the pattern + * \param patlen length of the pattern + * \param pid pattern id + * \param sid signature id (internal id) + * \param flags pattern MPM_PATTERN_* flags */ -static inline int B2gAddPattern(MpmCtx *mpm_ctx, uint8_t *pat, uint16_t patlen, uint16_t offset, uint16_t depth, char nocase, char scan, uint32_t pid, uint32_t sid, uint8_t nosearch) { +static inline int B2gAddPattern(MpmCtx *mpm_ctx, uint8_t *pat, uint16_t patlen, uint16_t offset, uint16_t depth, uint32_t pid, uint32_t sid, uint8_t flags) { B2gCtx *ctx = (B2gCtx *)mpm_ctx->ctx; SCLogDebug("ctx %p len %"PRIu16" pid %" PRIu32 ", nocase %s", ctx, patlen, pid, nocase ? "true" : "false"); @@ -320,7 +311,7 @@ static inline int B2gAddPattern(MpmCtx *mpm_ctx, uint8_t *pat, uint16_t patlen, return 0; /* get a memory piece */ - B2gPattern *p = B2gInitHashLookup(ctx, pat, patlen, nocase); + B2gPattern *p = B2gInitHashLookup(ctx, pat, patlen, flags); if (p == NULL) { SCLogDebug("allocing new pattern"); @@ -329,18 +320,19 @@ static inline int B2gAddPattern(MpmCtx *mpm_ctx, uint8_t *pat, uint16_t patlen, goto error; p->len = patlen; - - if (nocase) p->flags |= B2G_NOCASE; + p->flags = flags; /* setup the case insensitive part of the pattern */ p->ci = SCMalloc(patlen); - if (p->ci == NULL) goto error; + if (p->ci == NULL) + goto error; + mpm_ctx->memory_cnt++; mpm_ctx->memory_size += patlen; memcpy_tolower(p->ci, pat, patlen); /* setup the case sensitive part of the pattern */ - if (p->flags & B2G_NOCASE) { + if (p->flags & MPM_PATTERN_FLAG_NOCASE) { /* nocase means no difference between cs and ci */ p->cs = p->ci; } else { @@ -349,7 +341,9 @@ static inline int B2gAddPattern(MpmCtx *mpm_ctx, uint8_t *pat, uint16_t patlen, p->cs = p->ci; } else { p->cs = SCMalloc(patlen); - if (p->cs == NULL) goto error; + if (p->cs == NULL) + goto error; + mpm_ctx->memory_cnt++; mpm_ctx->memory_size += patlen; memcpy(p->cs, pat, patlen); @@ -375,7 +369,7 @@ static inline int B2gAddPattern(MpmCtx *mpm_ctx, uint8_t *pat, uint16_t patlen, } /* we need a match */ - B2gEndMatchAppend(mpm_ctx, p, offset, depth, pid, sid, nosearch); + B2gEndMatchAppend(mpm_ctx, p, offset, depth, pid, sid); mpm_ctx->total_pattern_cnt++; return 0; @@ -386,15 +380,16 @@ error: } int B2gAddPatternCI(MpmCtx *mpm_ctx, uint8_t *pat, uint16_t patlen, - uint16_t offset, uint16_t depth, uint32_t pid, uint32_t sid, uint8_t nosearch) + uint16_t offset, uint16_t depth, uint32_t pid, uint32_t sid, uint8_t flags) { - return B2gAddPattern(mpm_ctx, pat, patlen, offset, depth, /* nocase */1, /* scan */1, pid, sid, nosearch); + flags |= MPM_PATTERN_FLAG_NOCASE; + return B2gAddPattern(mpm_ctx, pat, patlen, offset, depth, pid, sid, flags); } int B2gAddPatternCS(MpmCtx *mpm_ctx, uint8_t *pat, uint16_t patlen, - uint16_t offset, uint16_t depth, uint32_t pid, uint32_t sid, uint8_t nosearch) + uint16_t offset, uint16_t depth, uint32_t pid, uint32_t sid, uint8_t flags) { - return B2gAddPattern(mpm_ctx, pat, patlen, offset, depth, /* nocase */0, /* scan */1, pid, sid, nosearch); + return B2gAddPattern(mpm_ctx, pat, patlen, offset, depth, pid, sid, flags); } static inline uint32_t B2gBloomHash(void *data, uint16_t datalen, uint8_t iter, uint32_t hash_size) { @@ -931,7 +926,7 @@ uint32_t B2gSearchBNDMq(MpmCtx *mpm_ctx, MpmThreadCtx *mpm_thread_ctx, PatternMa COUNT(tctx->stat_d0_hashloop++); B2gPattern *p = ctx->parray[thi->idx]; - if (p->flags & B2G_NOCASE) { + if (p->flags & MPM_PATTERN_FLAG_NOCASE) { if ((buflen - j) < p->len) { continue; } @@ -1045,7 +1040,7 @@ uint32_t B2gSearch(MpmCtx *mpm_ctx, MpmThreadCtx *mpm_thread_ctx, PatternMatcher COUNT(tctx->stat_d0_hashloop++); B2gPattern *p = ctx->parray[thi->idx]; - if (p->flags & B2G_NOCASE) { + if (p->flags & MPM_PATTERN_FLAG_NOCASE) { if (buflen - pos < p->len) continue; @@ -1107,7 +1102,7 @@ uint32_t B2gSearch2(MpmCtx *mpm_ctx, MpmThreadCtx *mpm_thread_ctx, PatternMatche for (thi = hi; thi != NULL; thi = thi->nxt) { p = ctx->parray[thi->idx]; - if (p->flags & B2G_NOCASE) { + if (p->flags & MPM_PATTERN_FLAG_NOCASE) { if (h8 == p->ci[0]) { cnt += MpmVerifyMatch(mpm_thread_ctx, pmq, p->em, (buf+1 - bufmin), p->len); } @@ -1126,7 +1121,7 @@ uint32_t B2gSearch2(MpmCtx *mpm_ctx, MpmThreadCtx *mpm_thread_ctx, PatternMatche for (thi = hi; thi != NULL; thi = thi->nxt) { p = ctx->parray[thi->idx]; - if (p->flags & B2G_NOCASE) { + if (p->flags & MPM_PATTERN_FLAG_NOCASE) { if (h8 == p->ci[0] && u8_tolower(*(buf+1)) == p->ci[1]) { //printf("CI Exact match: "); prt(p->ci, p->len); printf(" in buf "); prt(buf, p->len);printf(" (B2gSearch1)\n"); for (em = p->em; em; em = em->next) { @@ -1184,7 +1179,7 @@ uint32_t B2gSearch1(MpmCtx *mpm_ctx, MpmThreadCtx *mpm_thread_ctx, PatternMatche if (p->len != 1) continue; - if (p->flags & B2G_NOCASE) { + if (p->flags & MPM_PATTERN_FLAG_NOCASE) { if (u8_tolower(*buf) == p->ci[0]) { cnt += MpmVerifyMatch(mpm_thread_ctx, pmq, p->em, (buf+1 - bufmin), p->len); } diff --git a/src/util-mpm-b2g.h b/src/util-mpm-b2g.h index e7282c35b7..e5a0cabbe0 100644 --- a/src/util-mpm-b2g.h +++ b/src/util-mpm-b2g.h @@ -4,8 +4,6 @@ #include "util-mpm.h" #include "util-bloomfilter.h" -#define B2G_NOCASE 0x01 - //#define B2G_HASHSHIFT 8 //#define B2G_HASHSHIFT 7 //#define B2G_HASHSHIFT 6 @@ -32,13 +30,12 @@ //#define B2G_COUNTERS typedef struct B2gPattern_ { - uint8_t flags; - uint16_t len; /** \todo we're limited to 32/64 byte lengths, uint8_t would be fine here */ + uint8_t flags; /**< MPM_PATTERN_FLAG_* flags */ + uint16_t len; /**< \todo we're limited to 32/64 byte lengths, uint8_t would be fine here */ uint8_t *cs; /* case sensitive */ uint8_t *ci; /* case INsensitive */ struct B2gPattern_ *next; MpmEndMatch *em; - uint32_t em_len; } B2gPattern; typedef struct B2gHashItem_ { diff --git a/src/util-mpm-b3g.c b/src/util-mpm-b3g.c index 0954529b63..b0886b0e9c 100644 --- a/src/util-mpm-b3g.c +++ b/src/util-mpm-b3g.c @@ -71,8 +71,7 @@ void MpmB3gRegister (void) { * * Only used in the initialization phase */ static inline void B3gEndMatchAppend(MpmCtx *mpm_ctx, B3gPattern *p, - uint16_t offset, uint16_t depth, uint32_t pid, uint32_t sid, - uint8_t nosearch) + uint16_t offset, uint16_t depth, uint32_t pid, uint32_t sid) { MpmEndMatch *em = MpmAllocEndMatch(mpm_ctx); if (em == NULL) { @@ -85,9 +84,6 @@ static inline void B3gEndMatchAppend(MpmCtx *mpm_ctx, B3gPattern *p, em->depth = depth; em->offset = offset; - if (nosearch) - em->flags |= MPM_ENDMATCH_NOSEARCH; - if (p->em == NULL) { p->em = em; return; @@ -224,9 +220,9 @@ static inline int B3gInitHashAdd(B3gCtx *ctx, B3gPattern *p) { return 0; } -static inline int B3gCmpPattern(B3gPattern *p, uint8_t *pat, uint16_t patlen, char nocase); +static inline int B3gCmpPattern(B3gPattern *p, uint8_t *pat, uint16_t patlen, char flags); -static inline B3gPattern *B3gInitHashLookup(B3gCtx *ctx, uint8_t *pat, uint16_t patlen, char nocase) { +static inline B3gPattern *B3gInitHashLookup(B3gCtx *ctx, uint8_t *pat, uint16_t patlen, char flags) { uint32_t hash = B3gInitHashRaw(pat,patlen); //printf("B3gInitHashLookup: %" PRIu32 ", head %p\n", hash, ctx->init_hash[hash]); @@ -237,18 +233,18 @@ static inline B3gPattern *B3gInitHashLookup(B3gCtx *ctx, uint8_t *pat, uint16_t B3gPattern *t = ctx->init_hash[hash]; for ( ; t != NULL; t = t->next) { - if (B3gCmpPattern(t,pat,patlen,nocase) == 1) + if (B3gCmpPattern(t,pat,patlen,flags) == 1) return t; } return NULL; } -static inline int B3gCmpPattern(B3gPattern *p, uint8_t *pat, uint16_t patlen, char nocase) { +static inline int B3gCmpPattern(B3gPattern *p, uint8_t *pat, uint16_t patlen, char flags) { if (p->len != patlen) return 0; - if (!((nocase && p->flags & B3G_NOCASE) || (!nocase && !(p->flags & B3G_NOCASE)))) + if (p->flags != flags) return 0; if (memcmp(p->cs, pat, patlen) != 0) @@ -293,36 +289,34 @@ void B3gFreePattern(MpmCtx *mpm_ctx, B3gPattern *p) { * pid: pattern id * sid: signature id (internal id) */ -static inline int B3gAddPattern(MpmCtx *mpm_ctx, uint8_t *pat, uint16_t patlen, uint16_t offset, uint16_t depth, char nocase, char scan, uint32_t pid, uint32_t sid, uint8_t nosearch) { +static inline int B3gAddPattern(MpmCtx *mpm_ctx, uint8_t *pat, uint16_t patlen, uint16_t offset, uint16_t depth, uint32_t pid, uint32_t sid, uint8_t flags) { B3gCtx *ctx = (B3gCtx *)mpm_ctx->ctx; -// printf("B3gAddPattern: ctx %p \"", mpm_ctx); prt(pat, patlen); -// printf("\" id %" PRIu32 ", nocase %s\n", id, nocase ? "true" : "false"); - if (patlen == 0) return 0; /* get a memory piece */ - B3gPattern *p = B3gInitHashLookup(ctx, pat, patlen, nocase); + B3gPattern *p = B3gInitHashLookup(ctx, pat, patlen, flags); if (p == NULL) { -// printf("B3gAddPattern: allocing new pattern\n"); p = B3gAllocPattern(mpm_ctx); if (p == NULL) goto error; p->len = patlen; - if (nocase) p->flags |= B3G_NOCASE; + p->flags = flags; /* setup the case insensitive part of the pattern */ p->ci = SCMalloc(patlen); - if (p->ci == NULL) goto error; + if (p->ci == NULL) + goto error; + mpm_ctx->memory_cnt++; mpm_ctx->memory_size += patlen; memcpy_tolower(p->ci, pat, patlen); /* setup the case sensitive part of the pattern */ - if (p->flags & B3G_NOCASE) { + if (p->flags & MPM_PATTERN_FLAG_NOCASE) { /* nocase means no difference between cs and ci */ p->cs = p->ci; } else { @@ -331,7 +325,9 @@ static inline int B3gAddPattern(MpmCtx *mpm_ctx, uint8_t *pat, uint16_t patlen, p->cs = p->ci; } else { p->cs = SCMalloc(patlen); - if (p->cs == NULL) goto error; + if (p->cs == NULL) + goto error; + mpm_ctx->memory_cnt++; mpm_ctx->memory_size += patlen; memcpy(p->cs, pat, patlen); @@ -354,17 +350,10 @@ static inline int B3gAddPattern(MpmCtx *mpm_ctx, uint8_t *pat, uint16_t patlen, if (mpm_ctx->maxlen < patlen) mpm_ctx->maxlen = patlen; if (mpm_ctx->minlen == 0) mpm_ctx->minlen = patlen; else if (mpm_ctx->minlen > patlen) mpm_ctx->minlen = patlen; - } else { - /* if we're reusing a pattern, check we need to check that it is a - * scan pattern if that is what we're adding. If so we set the pattern - * to be a scan pattern. */ - if (mpm_ctx->maxlen < patlen) mpm_ctx->maxlen = patlen; - if (mpm_ctx->minlen == 0) mpm_ctx->minlen = patlen; - else if (mpm_ctx->minlen > patlen) mpm_ctx->minlen = patlen; } /* we need a match */ - B3gEndMatchAppend(mpm_ctx, p, offset, depth, pid, sid, nosearch); + B3gEndMatchAppend(mpm_ctx, p, offset, depth, pid, sid); mpm_ctx->total_pattern_cnt++; return 0; @@ -375,15 +364,16 @@ error: } int B3gAddPatternCI(MpmCtx *mpm_ctx, uint8_t *pat, uint16_t patlen, - uint16_t offset, uint16_t depth, uint32_t pid, uint32_t sid, uint8_t nosearch) + uint16_t offset, uint16_t depth, uint32_t pid, uint32_t sid, uint8_t flags) { - return B3gAddPattern(mpm_ctx, pat, patlen, offset, depth, /* nocase */1, /* scan */1, pid, sid, nosearch); + flags |= MPM_PATTERN_FLAG_NOCASE; + return B3gAddPattern(mpm_ctx, pat, patlen, offset, depth, pid, sid, flags); } int B3gAddPatternCS(MpmCtx *mpm_ctx, uint8_t *pat, uint16_t patlen, - uint16_t offset, uint16_t depth, uint32_t pid, uint32_t sid, uint8_t nosearch) + uint16_t offset, uint16_t depth, uint32_t pid, uint32_t sid, uint8_t flags) { - return B3gAddPattern(mpm_ctx, pat, patlen, offset, depth, /* nocase */0, /* scan */1, pid, sid, nosearch); + return B3gAddPattern(mpm_ctx, pat, patlen, offset, depth, pid, sid, flags); } static uint32_t B3gBloomHash(void *data, uint16_t datalen, uint8_t iter, uint32_t hash_size) { @@ -910,7 +900,7 @@ uint32_t B3gSearchBNDMq(MpmCtx *mpm_ctx, MpmThreadCtx *mpm_thread_ctx, PatternMa COUNT(tctx->stat_d0_hashloop++); B3gPattern *p = ctx->parray[thi->idx]; - if (p->flags & B3G_NOCASE) { + if (p->flags & MPM_PATTERN_FLAG_NOCASE) { if (buflen - j < p->len) continue; @@ -1012,7 +1002,7 @@ uint32_t B3gSearch(MpmCtx *mpm_ctx, MpmThreadCtx *mpm_thread_ctx, PatternMatcher COUNT(tctx->stat_d0_hashloop++); B3gPattern *p = ctx->parray[thi->idx]; - if (p->flags & B3G_NOCASE) { + if (p->flags & MPM_PATTERN_FLAG_NOCASE) { if (buflen - pos < p->len) continue; @@ -1069,7 +1059,7 @@ uint32_t B3gSearch12(MpmCtx *mpm_ctx, MpmThreadCtx *mpm_thread_ctx, PatternMatch for (thi = hi; thi != NULL; thi = thi->nxt) { p = ctx->parray[thi->idx]; - if (p->flags & B3G_NOCASE) { + if (p->flags & MPM_PATTERN_FLAG_NOCASE) { if (h8 == p->ci[0]) { cnt += MpmVerifyMatch(mpm_thread_ctx, pmq, p->em, (buf+1 - bufmin), p->len); } @@ -1089,7 +1079,7 @@ uint32_t B3gSearch12(MpmCtx *mpm_ctx, MpmThreadCtx *mpm_thread_ctx, PatternMatch for (thi = hi; thi != NULL; thi = thi->nxt) { p = ctx->parray[thi->idx]; - if (p->flags & B3G_NOCASE) { + if (p->flags & MPM_PATTERN_FLAG_NOCASE) { if (h8 == p->ci[0] && u8_tolower(*(buf+1)) == p->ci[1]) { cnt += MpmVerifyMatch(mpm_thread_ctx, pmq, p->em, (buf+1 - bufmin), p->len); } @@ -1138,7 +1128,7 @@ uint32_t B3gSearch2(MpmCtx *mpm_ctx, MpmThreadCtx *mpm_thread_ctx, PatternMatche if (p->len != 2) continue; - if (p->flags & B3G_NOCASE) { + if (p->flags & MPM_PATTERN_FLAG_NOCASE) { if (u8_tolower(*buf) == p->ci[0] && u8_tolower(*(buf+1)) == p->ci[1]) { //printf("CI Exact match: "); prt(p->ci, p->len); printf(" in buf "); prt(buf, p->len);printf(" (B3gSearch1)\n"); for (em = p->em; em; em = em->next) { @@ -1193,7 +1183,7 @@ uint32_t B3gSearch1(MpmCtx *mpm_ctx, MpmThreadCtx *mpm_thread_ctx, PatternMatche if (p->len != 1) continue; - if (p->flags & B3G_NOCASE) { + if (p->flags & MPM_PATTERN_FLAG_NOCASE) { if (u8_tolower(*buf) == p->ci[0]) { cnt += MpmVerifyMatch(mpm_thread_ctx, pmq, p->em, (buf+1 - bufmin), p->len); } diff --git a/src/util-mpm-b3g.h b/src/util-mpm-b3g.h index eb133b1a06..fc2e605964 100644 --- a/src/util-mpm-b3g.h +++ b/src/util-mpm-b3g.h @@ -4,8 +4,6 @@ #include "util-mpm.h" #include "util-bloomfilter.h" -#define B3G_NOCASE 0x01 - //#define B3G_HASHSHIFT 8 //#define B3G_HASHSHIFT 7 //#define B3G_HASHSHIFT 6 diff --git a/src/util-mpm-wumanber.c b/src/util-mpm-wumanber.c index f2d54a7ac3..8df194a140 100644 --- a/src/util-mpm-wumanber.c +++ b/src/util-mpm-wumanber.c @@ -101,8 +101,7 @@ void MpmWuManberRegister (void) { * * Only used in the initialization phase */ static inline void WmEndMatchAppend(MpmCtx *mpm_ctx, WmPattern *p, - uint16_t offset, uint16_t depth, uint32_t pid, uint32_t sid, - uint8_t nosearch) + uint16_t offset, uint16_t depth, uint32_t pid, uint32_t sid) { MpmEndMatch *em = MpmAllocEndMatch(mpm_ctx); if (em == NULL) { @@ -115,9 +114,6 @@ static inline void WmEndMatchAppend(MpmCtx *mpm_ctx, WmPattern *p, em->depth = depth; em->offset = offset; - if (nosearch) - em->flags |= MPM_ENDMATCH_NOSEARCH; - if (p->em == NULL) { p->em = em; return; @@ -268,9 +264,9 @@ static inline int WmInitHashAdd(WmCtx *ctx, WmPattern *p) { return 0; } -static inline int WmCmpPattern(WmPattern *p, uint8_t *pat, uint16_t patlen, char nocase); +static inline int WmCmpPattern(WmPattern *p, uint8_t *pat, uint16_t patlen, char flags); -static inline WmPattern *WmInitHashLookup(WmCtx *ctx, uint8_t *pat, uint16_t patlen, char nocase) { +static inline WmPattern *WmInitHashLookup(WmCtx *ctx, uint8_t *pat, uint16_t patlen, char flags) { uint32_t hash = WmInitHashRaw(pat,patlen); //printf("WmInitHashLookup: %" PRIu32 ", head %p\n", hash, ctx->init_hash[hash]); @@ -281,18 +277,18 @@ static inline WmPattern *WmInitHashLookup(WmCtx *ctx, uint8_t *pat, uint16_t pat WmPattern *t = ctx->init_hash[hash]; for ( ; t != NULL; t = t->next) { - if (WmCmpPattern(t,pat,patlen,nocase) == 1) + if (WmCmpPattern(t,pat,patlen,flags) == 1) return t; } return NULL; } -static inline int WmCmpPattern(WmPattern *p, uint8_t *pat, uint16_t patlen, char nocase) { +static inline int WmCmpPattern(WmPattern *p, uint8_t *pat, uint16_t patlen, char flags) { if (p->len != patlen) return 0; - if (!((nocase && p->flags & WUMANBER_NOCASE) || (!nocase && !(p->flags & WUMANBER_NOCASE)))) + if (p->flags != flags) return 0; if (memcmp(p->cs, pat, patlen) != 0) @@ -337,7 +333,7 @@ void WmFreePattern(MpmCtx *mpm_ctx, WmPattern *p) { * pid: pattern id * sid: signature id (internal id) */ -static inline int WmAddPattern(MpmCtx *mpm_ctx, uint8_t *pat, uint16_t patlen, uint16_t offset, uint16_t depth, char nocase, char scan, uint32_t pid, uint32_t sid, uint8_t nosearch) { +static inline int WmAddPattern(MpmCtx *mpm_ctx, uint8_t *pat, uint16_t patlen, uint16_t offset, uint16_t depth, uint32_t pid, uint32_t sid, uint8_t flags) { WmCtx *ctx = (WmCtx *)mpm_ctx->ctx; // printf("WmAddPattern: ctx %p \"", mpm_ctx); prt(pat, patlen); @@ -347,7 +343,7 @@ static inline int WmAddPattern(MpmCtx *mpm_ctx, uint8_t *pat, uint16_t patlen, u return 0; /* get a memory piece */ - WmPattern *p = WmInitHashLookup(ctx, pat, patlen, nocase); + WmPattern *p = WmInitHashLookup(ctx, pat, patlen, flags); if (p == NULL) { // printf("WmAddPattern: allocing new pattern\n"); p = WmAllocPattern(mpm_ctx); @@ -355,18 +351,19 @@ static inline int WmAddPattern(MpmCtx *mpm_ctx, uint8_t *pat, uint16_t patlen, u goto error; p->len = patlen; - - if (nocase) p->flags |= WUMANBER_NOCASE; + p->flags = flags; /* setup the case insensitive part of the pattern */ p->ci = SCMalloc(patlen); - if (p->ci == NULL) goto error; + if (p->ci == NULL) + goto error; + mpm_ctx->memory_cnt++; mpm_ctx->memory_size += patlen; memcpy_tolower(p->ci, pat, patlen); /* setup the case sensitive part of the pattern */ - if (p->flags & WUMANBER_NOCASE) { + if (p->flags & MPM_PATTERN_FLAG_NOCASE) { /* nocase means no difference between cs and ci */ p->cs = p->ci; } else { @@ -375,7 +372,9 @@ static inline int WmAddPattern(MpmCtx *mpm_ctx, uint8_t *pat, uint16_t patlen, u p->cs = p->ci; } else { p->cs = SCMalloc(patlen); - if (p->cs == NULL) goto error; + if (p->cs == NULL) + goto error; + mpm_ctx->memory_cnt++; mpm_ctx->memory_size += patlen; memcpy(p->cs, pat, patlen); @@ -406,7 +405,7 @@ static inline int WmAddPattern(MpmCtx *mpm_ctx, uint8_t *pat, uint16_t patlen, u } /* we need a match */ - WmEndMatchAppend(mpm_ctx, p, offset, depth, pid, sid, nosearch); + WmEndMatchAppend(mpm_ctx, p, offset, depth, pid, sid); mpm_ctx->total_pattern_cnt++; return 0; @@ -417,15 +416,16 @@ error: } int WmAddPatternCI(MpmCtx *mpm_ctx, uint8_t *pat, uint16_t patlen, - uint16_t offset, uint16_t depth, uint32_t pid, uint32_t sid, uint8_t nosearch) + uint16_t offset, uint16_t depth, uint32_t pid, uint32_t sid, uint8_t flags) { - return WmAddPattern(mpm_ctx, pat, patlen, offset, depth, /* nocase */1, /* scan */1, pid, sid, nosearch); + flags |= MPM_PATTERN_FLAG_NOCASE; + return WmAddPattern(mpm_ctx, pat, patlen, offset, depth, pid, sid, flags); } int WmAddPatternCS(MpmCtx *mpm_ctx, uint8_t *pat, uint16_t patlen, - uint16_t offset, uint16_t depth, uint32_t pid, uint32_t sid, uint8_t nosearch) + uint16_t offset, uint16_t depth, uint32_t pid, uint32_t sid, uint8_t flags) { - return WmAddPattern(mpm_ctx, pat, patlen, offset, depth, /* nocase */0, /* scan */1, pid, sid, nosearch); + return WmAddPattern(mpm_ctx, pat, patlen, offset, depth, pid, sid, flags); } static uint32_t WmBloomHash(void *data, uint16_t datalen, uint8_t iter, uint32_t hash_size) { @@ -821,7 +821,7 @@ uint32_t WmSearch2Hash9(MpmCtx *mpm_ctx, MpmThreadCtx *mpm_thread_ctx, PatternMa //printf("WmSearch2: p->prefix_ci %" PRIu32 ", p->prefix_cs %" PRIu32 "\n", // p->prefix_ci, p->prefix_cs); - if (p->flags & WUMANBER_NOCASE) { + if (p->flags & MPM_PATTERN_FLAG_NOCASE) { if (p->prefix_ci != prefixci_buf || p->len > (bufend-(buf-sl))) continue; @@ -924,7 +924,7 @@ uint32_t WmSearch2Hash12(MpmCtx *mpm_ctx, MpmThreadCtx *mpm_thread_ctx, PatternM //printf("WmSearch2: p->prefix_ci %" PRIu32 ", p->prefix_cs %" PRIu32 "\n", // p->prefix_ci, p->prefix_cs); - if (p->flags & WUMANBER_NOCASE) { + if (p->flags & MPM_PATTERN_FLAG_NOCASE) { if (p->prefix_ci != prefixci_buf || p->len > (bufend-(buf-sl))) continue; @@ -1026,7 +1026,7 @@ uint32_t WmSearch2Hash14(MpmCtx *mpm_ctx, MpmThreadCtx *mpm_thread_ctx, PatternM //printf("WmSearch2: p->prefix_ci %" PRIu32 ", p->prefix_cs %" PRIu32 "\n", // p->prefix_ci, p->prefix_cs); - if (p->flags & WUMANBER_NOCASE) { + if (p->flags & MPM_PATTERN_FLAG_NOCASE) { if (p->prefix_ci != prefixci_buf || p->len > (bufend-(buf-sl))) continue; @@ -1124,7 +1124,7 @@ uint32_t WmSearch2Hash15(MpmCtx *mpm_ctx, MpmThreadCtx *mpm_thread_ctx, PatternM //printf("WmSearch2: p->prefix_ci %" PRIu32 ", p->prefix_cs %" PRIu32 "\n", // p->prefix_ci, p->prefix_cs); - if (p->flags & WUMANBER_NOCASE) { + if (p->flags & MPM_PATTERN_FLAG_NOCASE) { if (p->prefix_ci != prefixci_buf || p->len > (bufend-(buf-sl))) continue; @@ -1224,7 +1224,7 @@ uint32_t WmSearch2Hash16(MpmCtx *mpm_ctx, MpmThreadCtx *mpm_thread_ctx, PatternM //printf("WmSearch2: p->prefix_ci %" PRIu32 ", p->prefix_cs %" PRIu32 "\n", // p->prefix_ci, p->prefix_cs); - if (p->flags & WUMANBER_NOCASE) { + if (p->flags & MPM_PATTERN_FLAG_NOCASE) { if (p->prefix_ci != prefixci_buf || p->len > (bufend-(buf-sl))) continue; @@ -1285,7 +1285,7 @@ uint32_t WmSearch1(MpmCtx *mpm_ctx, MpmThreadCtx *mpm_thread_ctx, PatternMatcher if (p->len != 1) continue; - if (p->flags & WUMANBER_NOCASE) { + if (p->flags & MPM_PATTERN_FLAG_NOCASE) { if (wm_tolower(*buf) == p->ci[0]) { cnt += MpmVerifyMatch(mpm_thread_ctx, pmq, p->em, (buf+1 - bufmin), p->len); } @@ -1572,7 +1572,7 @@ int WmTestInitAddPattern01 (void) { MpmInitCtx(&mpm_ctx, MPM_WUMANBER, -1); WmThreadInitCtx(&mpm_ctx, &mpm_thread_ctx, 1); - int ret = WmAddPattern(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 1, 0, 1234, 0, 0); + int ret = WmAddPattern(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 1234, 0, 0); if (ret == 0) result = 1; @@ -1591,7 +1591,7 @@ int WmTestInitAddPattern02 (void) { WmThreadInitCtx(&mpm_ctx, &mpm_thread_ctx, 1); WmCtx *ctx = (WmCtx *)mpm_ctx.ctx; - WmAddPattern(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 1, 0, 1234, 0, 0); + WmAddPattern(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 1234, 0, 0); if (ctx->init_hash != NULL) result = 1; @@ -1610,8 +1610,8 @@ int WmTestInitAddPattern03 (void) { WmThreadInitCtx(&mpm_ctx, &mpm_thread_ctx, 1); WmCtx *ctx = (WmCtx *)mpm_ctx.ctx; - WmAddPattern(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 1, 0, 1234, 0, 0); - WmPattern *pat = WmInitHashLookup(ctx, (uint8_t *)"abcd", 4, 1); + WmAddPattern(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 1234, 0, 0); + WmPattern *pat = WmInitHashLookup(ctx, (uint8_t *)"abcd", 4, 0); if (pat != NULL) { if (pat->len == 4) result = 1; @@ -1632,10 +1632,10 @@ int WmTestInitAddPattern04 (void) { WmThreadInitCtx(&mpm_ctx, &mpm_thread_ctx, 1); WmCtx *ctx = (WmCtx *)mpm_ctx.ctx; - WmAddPattern(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 1, 0, 1234, 0, 0); - WmPattern *pat = WmInitHashLookup(ctx, (uint8_t *)"abcd", 4, 1); + WmAddPattern(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 1234, 0, MPM_PATTERN_FLAG_NOCASE); + WmPattern *pat = WmInitHashLookup(ctx, (uint8_t *)"abcd", 4, MPM_PATTERN_FLAG_NOCASE); if (pat != NULL) { - if (pat->flags & WUMANBER_NOCASE) + if (pat->flags & MPM_PATTERN_FLAG_NOCASE) result = 1; } @@ -1654,10 +1654,10 @@ int WmTestInitAddPattern05 (void) { WmThreadInitCtx(&mpm_ctx, &mpm_thread_ctx, 1); WmCtx *ctx = (WmCtx *)mpm_ctx.ctx; - WmAddPattern(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 1234, 0, 0); + WmAddPattern(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 1234, 0, 0); WmPattern *pat = WmInitHashLookup(ctx, (uint8_t *)"abcd", 4, 0); if (pat != NULL) { - if (!(pat->flags & WUMANBER_NOCASE)) + if (!(pat->flags & MPM_PATTERN_FLAG_NOCASE)) result = 1; } @@ -1676,8 +1676,8 @@ int WmTestInitAddPattern06 (void) { WmThreadInitCtx(&mpm_ctx, &mpm_thread_ctx, 1); WmCtx *ctx = (WmCtx *)mpm_ctx.ctx; - WmAddPattern(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 1, 0, 1234, 0, 0); - WmPattern *pat = WmInitHashLookup(ctx, (uint8_t *)"abcd", 4, 1); + WmAddPattern(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 1234, 0, 0); + WmPattern *pat = WmInitHashLookup(ctx, (uint8_t *)"abcd", 4, 0); if (pat != NULL) { if (memcmp(pat->cs, "abcd", 4) == 0) result = 1; @@ -1695,7 +1695,7 @@ int WmTestPrepare01 (void) { MpmInitCtx(&mpm_ctx, MPM_WUMANBER, -1); WmCtx *ctx = (WmCtx *)mpm_ctx.ctx; - WmAddPattern(&mpm_ctx, (uint8_t *)"a", 1, 0, 0, 1, 1, 0, 0, 0); + WmAddPattern(&mpm_ctx, (uint8_t *)"a", 1, 0, 0, 0, 0, 0); WmPreparePatterns(&mpm_ctx); if (ctx->Search == WmSearch1) @@ -1711,7 +1711,7 @@ int WmTestPrepare02 (void) { memset(&mpm_ctx, 0x00, sizeof(MpmCtx)); MpmInitCtx(&mpm_ctx, MPM_WUMANBER, -1); - WmAddPattern(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 1, 1, 0, 0, 0); + WmAddPattern(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0); WmPreparePatterns(&mpm_ctx); WmCtx *ctx = (WmCtx *)mpm_ctx.ctx; @@ -1728,7 +1728,7 @@ int WmTestPrepare03 (void) { memset(&mpm_ctx, 0x00, sizeof(MpmCtx)); MpmInitCtx(&mpm_ctx, MPM_WUMANBER, -1); - WmAddPattern(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 1, 1, 0, 0, 0); + WmAddPattern(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0); WmPreparePatterns(&mpm_ctx); WmCtx *ctx = (WmCtx *)mpm_ctx.ctx; @@ -1748,7 +1748,7 @@ int WmTestPrepare04 (void) { MpmInitCtx(&mpm_ctx, MPM_WUMANBER, -1); WmCtx *ctx = (WmCtx *)mpm_ctx.ctx; - WmAddPattern(&mpm_ctx, (uint8_t *)"a", 1, 0, 0, 1, 1, 0, 0, 0); + WmAddPattern(&mpm_ctx, (uint8_t *)"a", 1, 0, 0, 0, 0, 0); WmPreparePatterns(&mpm_ctx); if (ctx->Search == WmSearch1) @@ -1764,7 +1764,7 @@ int WmTestPrepare05 (void) { memset(&mpm_ctx, 0x00, sizeof(MpmCtx)); MpmInitCtx(&mpm_ctx, MPM_WUMANBER, -1); - WmAddPattern(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 1, 1, 0, 0, 0); + WmAddPattern(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0); WmPreparePatterns(&mpm_ctx); WmCtx *ctx = (WmCtx *)mpm_ctx.ctx; @@ -1781,7 +1781,7 @@ int WmTestPrepare06 (void) { memset(&mpm_ctx, 0x00, sizeof(MpmCtx)); MpmInitCtx(&mpm_ctx, MPM_WUMANBER, -1); - WmAddPattern(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 1, 1, 0, 0, 0); + WmAddPattern(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0); WmPreparePatterns(&mpm_ctx); WmCtx *ctx = (WmCtx *)mpm_ctx.ctx; @@ -1803,7 +1803,7 @@ int WmTestSearch01 (void) { MpmInitCtx(&mpm_ctx, MPM_WUMANBER, -1); WmCtx *ctx = (WmCtx *)mpm_ctx.ctx; - WmAddPattern(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 1, 1, 0, 0, 0); + WmAddPattern(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0); WmPreparePatterns(&mpm_ctx); WmThreadInitCtx(&mpm_ctx, &mpm_thread_ctx, 1); //mpm_ctx.PrintCtx(&mpm_ctx); @@ -1829,7 +1829,7 @@ int WmTestSearch01Hash12 (void) { MpmInitCtx(&mpm_ctx, MPM_WUMANBER, -1); WmCtx *ctx = (WmCtx *)mpm_ctx.ctx; - WmAddPattern(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 1, 1, 0, 0, 0); + WmAddPattern(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0); ctx->hash_size = HASH12_SIZE; WmPreparePatterns(&mpm_ctx); @@ -1857,7 +1857,7 @@ int WmTestSearch01Hash14 (void) { MpmInitCtx(&mpm_ctx, MPM_WUMANBER, -1); WmCtx *ctx = (WmCtx *)mpm_ctx.ctx; - WmAddPattern(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 1, 1, 0, 0, 0); + WmAddPattern(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0); ctx->hash_size = HASH14_SIZE; WmPreparePatterns(&mpm_ctx); @@ -1885,7 +1885,7 @@ int WmTestSearch01Hash15 (void) { MpmInitCtx(&mpm_ctx, MPM_WUMANBER, -1); WmCtx *ctx = (WmCtx *)mpm_ctx.ctx; - WmAddPattern(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 1, 1, 0, 0, 0); + WmAddPattern(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0); ctx->hash_size = HASH15_SIZE; WmPreparePatterns(&mpm_ctx); @@ -1913,7 +1913,7 @@ int WmTestSearch01Hash16 (void) { MpmInitCtx(&mpm_ctx, MPM_WUMANBER, -1); WmCtx *ctx = (WmCtx *)mpm_ctx.ctx; - WmAddPattern(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 1, 1, 0, 0, 0); + WmAddPattern(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0); ctx->hash_size = HASH16_SIZE; WmPreparePatterns(&mpm_ctx); @@ -1940,7 +1940,7 @@ int WmTestSearch02 (void) { MpmInitCtx(&mpm_ctx, MPM_WUMANBER, -1); WmCtx *ctx = (WmCtx *)mpm_ctx.ctx; - WmAddPattern(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 1, 1, 0, 0, 0); + WmAddPattern(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0); WmPreparePatterns(&mpm_ctx); WmThreadInitCtx(&mpm_ctx, &mpm_thread_ctx, 1); @@ -1962,7 +1962,7 @@ int WmTestSearch03 (void) { MpmInitCtx(&mpm_ctx, MPM_WUMANBER, -1); WmCtx *ctx = (WmCtx *)mpm_ctx.ctx; - WmAddPattern(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 1, 1, 0, 0, 0); + WmAddPattern(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0); WmPreparePatterns(&mpm_ctx); WmThreadInitCtx(&mpm_ctx, &mpm_thread_ctx, 1); @@ -1985,7 +1985,7 @@ int WmTestSearch04 (void) { MpmInitCtx(&mpm_ctx, MPM_WUMANBER, -1); WmCtx *ctx = (WmCtx *)mpm_ctx.ctx; - WmAddPattern(&mpm_ctx, (uint8_t *)"bcde", 4, 0, 0, 1, 1, 0, 0, 0); + WmAddPattern(&mpm_ctx, (uint8_t *)"bcde", 4, 0, 0, 0, 0, 0); WmPreparePatterns(&mpm_ctx); WmThreadInitCtx(&mpm_ctx, &mpm_thread_ctx, 1); @@ -2007,7 +2007,7 @@ int WmTestSearch05 (void) { MpmInitCtx(&mpm_ctx, MPM_WUMANBER, -1); WmCtx *ctx = (WmCtx *)mpm_ctx.ctx; - WmAddPattern(&mpm_ctx, (uint8_t *)"efgh", 4, 0, 0, 1, 1, 0, 0, 0); + WmAddPattern(&mpm_ctx, (uint8_t *)"efgh", 4, 0, 0, 0, 0, 0); WmPreparePatterns(&mpm_ctx); WmThreadInitCtx(&mpm_ctx, &mpm_thread_ctx, 1); @@ -2029,7 +2029,7 @@ int WmTestSearch06 (void) { MpmInitCtx(&mpm_ctx, MPM_WUMANBER, -1); WmCtx *ctx = (WmCtx *)mpm_ctx.ctx; - WmAddPattern(&mpm_ctx, (uint8_t *)"eFgH", 4, 0, 0, 1, 1, 0, 0, 0); + WmAddPattern(&mpm_ctx, (uint8_t *)"eFgH", 4, 0, 0, 0, 0, MPM_PATTERN_FLAG_NOCASE); WmPreparePatterns(&mpm_ctx); WmThreadInitCtx(&mpm_ctx, &mpm_thread_ctx, 1); @@ -2051,8 +2051,8 @@ int WmTestSearch07 (void) { MpmInitCtx(&mpm_ctx, MPM_WUMANBER, -1); WmCtx *ctx = (WmCtx *)mpm_ctx.ctx; - WmAddPattern(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 1, 0, 0, 0); - WmAddPattern(&mpm_ctx, (uint8_t *)"eFgH", 4, 0, 0, 1, 1, 1, 0, 0); + WmAddPattern(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0); + WmAddPattern(&mpm_ctx, (uint8_t *)"eFgH", 4, 0, 0, 1, 0, MPM_PATTERN_FLAG_NOCASE); WmPreparePatterns(&mpm_ctx); WmThreadInitCtx(&mpm_ctx, &mpm_thread_ctx, 2); @@ -2074,8 +2074,8 @@ int WmTestSearch08 (void) { MpmInitCtx(&mpm_ctx, MPM_WUMANBER, -1); WmCtx *ctx = (WmCtx *)mpm_ctx.ctx; - WmAddPattern(&mpm_ctx, (uint8_t *)"abcde", 5, 0, 0, 1, 1, 0, 0, 0); - WmAddPattern(&mpm_ctx, (uint8_t *)"bcde", 4, 0, 0, 1, 1, 1, 0, 0); + WmAddPattern(&mpm_ctx, (uint8_t *)"abcde", 5, 0, 0, 0, 0, 0); + WmAddPattern(&mpm_ctx, (uint8_t *)"bcde", 4, 0, 0, 1, 0, 0); WmPreparePatterns(&mpm_ctx); WmThreadInitCtx(&mpm_ctx, &mpm_thread_ctx, 2); @@ -2097,7 +2097,7 @@ int WmTestSearch09 (void) { MpmInitCtx(&mpm_ctx, MPM_WUMANBER, -1); WmCtx *ctx = (WmCtx *)mpm_ctx.ctx; - WmAddPattern(&mpm_ctx, (uint8_t *)"ab", 2, 0, 0, 1, 1, 0, 0, 0); + WmAddPattern(&mpm_ctx, (uint8_t *)"ab", 2, 0, 0, 0, 0, 0); WmPreparePatterns(&mpm_ctx); WmThreadInitCtx(&mpm_ctx, &mpm_thread_ctx, 1); @@ -2118,8 +2118,8 @@ int WmTestSearch10 (void) { MpmThreadCtx mpm_thread_ctx; MpmInitCtx(&mpm_ctx, MPM_WUMANBER, -1); - WmAddPattern(&mpm_ctx, (uint8_t *)"bc", 2, 0, 0, 1, 1, 0, 0, 0); - WmAddPattern(&mpm_ctx, (uint8_t *)"gh", 2, 0, 0, 1, 1, 1, 0, 0); + WmAddPattern(&mpm_ctx, (uint8_t *)"bc", 2, 0, 0, 0, 0, 0); + WmAddPattern(&mpm_ctx, (uint8_t *)"gh", 2, 0, 0, 1, 0, 0); WmPreparePatterns(&mpm_ctx); WmThreadInitCtx(&mpm_ctx, &mpm_thread_ctx, 2); WmCtx *ctx = (WmCtx *)mpm_ctx.ctx; @@ -2141,9 +2141,9 @@ int WmTestSearch11 (void) { MpmThreadCtx mpm_thread_ctx; MpmInitCtx(&mpm_ctx, MPM_WUMANBER, -1); - WmAddPattern(&mpm_ctx, (uint8_t *)"a", 1, 0, 0, 1, 1, 0, 0, 0); - WmAddPattern(&mpm_ctx, (uint8_t *)"d", 1, 0, 0, 1, 1, 1, 0, 0); - WmAddPattern(&mpm_ctx, (uint8_t *)"h", 1, 0, 0, 1, 1, 2, 0, 0); + WmAddPattern(&mpm_ctx, (uint8_t *)"a", 1, 0, 0, 0, 0, 0); + WmAddPattern(&mpm_ctx, (uint8_t *)"d", 1, 0, 0, 1, 0, 0); + WmAddPattern(&mpm_ctx, (uint8_t *)"h", 1, 0, 0, 2, 0, 0); WmPreparePatterns(&mpm_ctx); WmThreadInitCtx(&mpm_ctx, &mpm_thread_ctx, 3); WmCtx *ctx = (WmCtx *)mpm_ctx.ctx; @@ -2166,9 +2166,9 @@ int WmTestSearch12 (void) { MpmInitCtx(&mpm_ctx, MPM_WUMANBER, -1); WmCtx *ctx = (WmCtx *)mpm_ctx.ctx; - WmAddPattern(&mpm_ctx, (uint8_t *)"A", 1, 0, 0, 1, 1, 0, 0, 0); - WmAddPattern(&mpm_ctx, (uint8_t *)"d", 1, 0, 0, 1, 1, 1, 0, 0); - WmAddPattern(&mpm_ctx, (uint8_t *)"Z", 1, 0, 0, 1, 1, 2, 0, 0); + WmAddPattern(&mpm_ctx, (uint8_t *)"A", 1, 0, 0, 0, 0, MPM_PATTERN_FLAG_NOCASE); + WmAddPattern(&mpm_ctx, (uint8_t *)"d", 1, 0, 0, 1, 0, MPM_PATTERN_FLAG_NOCASE); + WmAddPattern(&mpm_ctx, (uint8_t *)"Z", 1, 0, 0, 2, 0, MPM_PATTERN_FLAG_NOCASE); WmPreparePatterns(&mpm_ctx); WmThreadInitCtx(&mpm_ctx, &mpm_thread_ctx, 3); @@ -2192,9 +2192,9 @@ int WmTestSearch13 (void) { MpmInitCtx(&mpm_ctx, MPM_WUMANBER, -1); WmCtx *ctx = (WmCtx *)mpm_ctx.ctx; - WmAddPattern(&mpm_ctx, (uint8_t *)"a", 1, 0, 0, 1, 1, 0, 0, 0); - WmAddPattern(&mpm_ctx, (uint8_t *)"de",2, 0, 0, 1, 1, 1, 0, 0); - WmAddPattern(&mpm_ctx, (uint8_t *)"h", 1, 0, 0, 1, 1, 2, 0, 0); + WmAddPattern(&mpm_ctx, (uint8_t *)"a", 1, 0, 0, 0, 0, 0); + WmAddPattern(&mpm_ctx, (uint8_t *)"de",2, 0, 0, 1, 0, 0); + WmAddPattern(&mpm_ctx, (uint8_t *)"h", 1, 0, 0, 2, 0, 0); WmPreparePatterns(&mpm_ctx); WmThreadInitCtx(&mpm_ctx, &mpm_thread_ctx, 3); @@ -2218,9 +2218,9 @@ int WmTestSearch14 (void) { MpmInitCtx(&mpm_ctx, MPM_WUMANBER, -1); WmCtx *ctx = (WmCtx *)mpm_ctx.ctx; - WmAddPattern(&mpm_ctx, (uint8_t *)"A", 1, 0, 0, 1, 1, 0, 0, 0); - WmAddPattern(&mpm_ctx, (uint8_t *)"de",2, 0, 0, 1, 1, 1, 0, 0); - WmAddPattern(&mpm_ctx, (uint8_t *)"Z", 1, 0, 0, 1, 1, 2, 0, 0); + WmAddPattern(&mpm_ctx, (uint8_t *)"A", 1, 0, 0, 0, 0, MPM_PATTERN_FLAG_NOCASE); + WmAddPattern(&mpm_ctx, (uint8_t *)"de",2, 0, 0, 1, 0, MPM_PATTERN_FLAG_NOCASE); + WmAddPattern(&mpm_ctx, (uint8_t *)"Z", 1, 0, 0, 2, 0, MPM_PATTERN_FLAG_NOCASE); WmPreparePatterns(&mpm_ctx); WmThreadInitCtx(&mpm_ctx, &mpm_thread_ctx, 3); diff --git a/src/util-mpm-wumanber.h b/src/util-mpm-wumanber.h index e21c6a5c49..a9216f99e1 100644 --- a/src/util-mpm-wumanber.h +++ b/src/util-mpm-wumanber.h @@ -6,8 +6,6 @@ #include "util-mpm.h" #include "util-bloomfilter.h" -#define WUMANBER_NOCASE 0x01 - //#define WUMANBER_COUNTERS typedef struct WmPattern_ { diff --git a/src/util-mpm.h b/src/util-mpm.h index 85faf5a1f8..2e35011271 100644 --- a/src/util-mpm.h +++ b/src/util-mpm.h @@ -93,6 +93,15 @@ typedef struct MpmCtx_ { uint16_t maxlen; } MpmCtx; +/** pattern is case insensitive */ +#define MPM_PATTERN_FLAG_NOCASE 0x01 +/** pattern is negated */ +#define MPM_PATTERN_FLAG_NEGATED 0x02 +/** pattern has a depth setting */ +#define MPM_PATTERN_FLAG_DEPTH 0x04 +/** pattern has an offset setting */ +#define MPM_PATTERN_FLAG_OFFSET 0x08 + typedef struct MpmTableElmt_ { char *name; uint8_t max_pattern_length; @@ -100,6 +109,18 @@ typedef struct MpmTableElmt_ { void (*InitThreadCtx)(struct MpmCtx_ *, struct MpmThreadCtx_ *, uint32_t); void (*DestroyCtx)(struct MpmCtx_ *); void (*DestroyThreadCtx)(struct MpmCtx_ *, struct MpmThreadCtx_ *); + + /** function pointers for adding patterns to the mpm ctx. + * + * \param mpm_ctx Mpm context to add the pattern to + * \param pattern pointer to the pattern + * \param pattern_len length of the pattern in bytes + * \param offset pattern offset setting + * \param depth pattern depth setting + * \param pid pattern id + * \param sid signature _internal_ id + * \param flags pattern flags + */ int (*AddPattern)(struct MpmCtx_ *, uint8_t *, uint16_t, uint16_t, uint16_t, uint32_t, uint32_t, uint8_t); int (*AddPatternNocase)(struct MpmCtx_ *, uint8_t *, uint16_t, uint16_t, uint16_t, uint32_t, uint32_t, uint8_t); int (*Prepare)(struct MpmCtx_ *);