00001 //--------------------------------------------------------------------------
00002 // Copyright (C) 2014-2017 Cisco and/or its affiliates. All rights reserved.
00003 // Copyright (C) 2002-2013 Sourcefire, Inc.
00004 //
00005 // This program is free software; you can redistribute it and/or modify it
00006 // under the terms of the GNU General Public License Version 2 as published
00007 // by the Free Software Foundation. You may not use, modify or distribute
00008 // this program under any other version of the GNU General Public License.
00009 //
00010 // This program is distributed in the hope that it will be useful, but
00011 // WITHOUT ANY WARRANTY; without even the implied warranty of
00012 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
00013 // General Public License for more details.
00014 //
00015 // You should have received a copy of the GNU General Public License along
00016 // with this program; if not, write to the Free Software Foundation, Inc.,
00017 // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
00018 //--------------------------------------------------------------------------
00019 /*
00020 * An abstracted interface to the Multi-Pattern Matching routines,
00021 * thats why we're passing 'void *' objects around.
00022 *
00023 * Marc A Norton <mnorton@sourcefire.com>
00024 *
00025 * Updates:
00026 * 3/06 - Added AC_BNFA search
00027 */
00028
00029 #ifdef HAVE_CONFIG_H
00030 #include "config.h"
00031 #endif
00032
00033 #include "framework/mpse.h"
00034
00035 #include "bnfa_search.h"
00036
00037 //-------------------------------------------------------------------------
00038 // "ac_bnfa"
00039 //-------------------------------------------------------------------------
00040
00041 class AcBnfaMpse : public Mpse
00042 {
00043 private:
00044 bnfa_struct_t* obj;
00045
00046 public:
00047 AcBnfaMpse(SnortConfig*, const MpseAgent* agent)
00048 : Mpse("ac_bnfa")
00049 {
00050 obj=bnfaNew(agent);
00051 if ( obj ) obj->bnfaMethod = 1;
00052 }
00053
00054 ~AcBnfaMpse() override
00055 {
00056 if (obj)
00057 bnfaFree(obj);
00058 }
00059
00060 void set_opt(int flag) override
00061 {
00062 if (obj)
00063 bnfaSetOpt(obj, flag);
00064 }
00065
00066 int add_pattern(
00067 SnortConfig*, const uint8_t* P, unsigned m,
00068 const PatternDescriptor& desc, void* user) override
00069 {
00070 return bnfaAddPattern(obj, P, m, desc.no_case, desc.negated, user);
00071 }
00072
00073 int prep_patterns(SnortConfig* sc) override
00074 {
00075 return bnfaCompile(sc, obj);
00076 }
00077
00078 int _search(
00079 const uint8_t* T, int n, MpseMatch match,
00080 void* context, int* current_state) override
00081 {
00082 /* return is actually the state */
00083 return _bnfa_search_csparse_nfa(
00084 obj, T, n, match, context, 0 /* start-state */, current_state);
00085 }
00086
00087 // FIXIT-L Implement search_all method for AC_BNFA.
00088
00089 int print_info() override
00090 {
00091 bnfaPrintInfo(obj);
00092 return 0;
00093 }
00094
00095 int get_pattern_count() override
00096 {
00097 return bnfaPatternCount(obj);
00098 }
00099 };
00100
00101 //-------------------------------------------------------------------------
00102 // api
00103 //-------------------------------------------------------------------------
00104
00105 static Mpse* bnfa_ctor(
00106 SnortConfig* sc, class Module*, const MpseAgent* agent)
00107 {
00108 return new AcBnfaMpse(sc, agent);
00109 }
00110
00111 static void bnfa_dtor(Mpse* p)
00112 {
00113 delete p;
00114 }
00115
00116 static void bnfa_init()
00117 {
00118 bnfa_init_xlatcase();
00119 bnfaInitSummary();
00120 }
00121
00122 static void bnfa_print()
00123 {
00124 bnfaPrintSummary();
00125 }
00126
00127 static const MpseApi bnfa_api =
00128 {
00129 {
00130 PT_SEARCH_ENGINE,
00131 sizeof(MpseApi),
00132 SEAPI_VERSION,
00133 0,
00134 API_RESERVED,
00135 API_OPTIONS,
00136 "ac_bnfa",
00137 "Aho-Corasick Binary NFA (low memory, high performance) MPSE",
00138 nullptr,
00139 nullptr
00140 },
00141 MPSE_BASE,
00142 nullptr,
00143 nullptr,
00144 nullptr,
00145 nullptr,
00146 bnfa_ctor,
00147 bnfa_dtor,
00148 bnfa_init,
00149 bnfa_print,
00150 };
00151
00152 const BaseApi* se_ac_bnfa[] =
00153 {
00154 &bnfa_api.base,
00155 nullptr
00156 };
00157
END OF CODE