int mpseAddPattern ( void * pvoid, void * P, int m,
unsigned noCase, unsigned offset, unsigned depth,
unsigned negative, void* ID, int IID )
{
MPSE * p = (MPSE*)pvoid;
switch( p->method )
{
case MPSE_AC_BNFA:
case MPSE_AC_BNFA_Q:
return bnfaAddPattern( (bnfa_struct_t*)p->obj, (unsigned char *)P, m,
noCase, negative, ID );
case MPSE_AC:
return acsmAddPattern( (ACSM_STRUCT*)p->obj, (unsigned char *)P, m,
noCase, offset, depth, negative, ID, IID );
case MPSE_ACF:
case MPSE_ACF_Q:
case MPSE_ACS:
case MPSE_ACB:
case MPSE_ACSB:
return acsmAddPattern2( (ACSM_STRUCT2*)p->obj, (unsigned char *)P, m,
noCase, offset, depth, negative, ID, IID );
case MPSE_LOWMEM:
case MPSE_LOWMEM_Q:
return KTrieAddPattern( (KTRIE_STRUCT *)p->obj, (unsigned char *)P, m,
noCase, negative, ID );
default:
return -1;
}
}
int mpseAddPatternWithSnortConfig ( SnortConfig *sc, void * pvoid, void * P, int m,
unsigned noCase, unsigned offset, unsigned depth,
unsigned negative, void* ID, int IID )
{
MPSE * p = (MPSE*)pvoid;
switch( p->method )
{
case MPSE_AC_BNFA:
case MPSE_AC_BNFA_Q:
return bnfaAddPattern( (bnfa_struct_t*)p->obj, (unsigned char *)P, m,
noCase, negative, ID );
case MPSE_AC:
return acsmAddPattern( (ACSM_STRUCT*)p->obj, (unsigned char *)P, m,
noCase, offset, depth, negative, ID, IID );
case MPSE_ACF:
case MPSE_ACF_Q:
case MPSE_ACS:
case MPSE_ACB:
case MPSE_ACSB:
return acsmAddPattern2( (ACSM_STRUCT2*)p->obj, (unsigned char *)P, m,
noCase, offset, depth, negative, ID, IID );
case MPSE_LOWMEM:
case MPSE_LOWMEM_Q:
return KTrieAddPattern( (KTRIE_STRUCT *)p->obj, (unsigned char *)P, m,
noCase, negative, ID );
#ifdef INTEL_SOFT_CPM
case MPSE_INTEL_CPM:
return IntelPmAddPattern(sc, (IntelPm *)p->obj, (unsigned char *)P, m,
noCase, negative, ID, IID);
#endif
default:
return -1;
}
}
int32_t nvmStringMatchCoproInjectData (nvmCoprocessorState *c, uint8_t *data) {
uint32_t /*byte_order,*/ pattern_data;
uint16_t g, i, patterns_no, pattern_length, pattern_nocase;
nvmStringMatchCoproInternalData *smcdata = c -> data;
nvmStringMatchCoproPattern *p, *q;
int32_t out;
smdebug ("String-matching coprocessor initialising\n");
/* Get first byte, which contains info on the data */
// byte_order = *(uint32_t *) data;
// data += SIZE_DD; // So that it points to pattern data
smcdata -> patterns = NULL;
smcdata -> graphs_no = *(uint16_t *) data;
data += SIZE_DW;
smdebug ("* %hd pattern groups\n", smcdata -> graphs_no);
smcdata -> acsm = (ACSM_STRUCT2 **) malloc (sizeof (ACSM_STRUCT2 *) * smcdata -> graphs_no);
/* Read data for all graphs */
for (g = 0; g < smcdata -> graphs_no; g++) {
/* Init Aho-Corasick state machine */
smcdata -> acsm[g] = acsmNew2 ();
smcdata -> acsm[g] -> acsmFormat = ACF_FULL; // For the moment...
patterns_no = *(uint16_t *) data;
data += SIZE_DW;
smdebug ("* %hd patterns\n", patterns_no);
for (i = 0; i < patterns_no; i++) {
pattern_length = *(uint16_t *) data;
data += SIZE_DW;
smdebug ("* Pattern:\n - Length: %hd\n", pattern_length);
pattern_nocase = *(uint16_t *) data;
data += SIZE_DW;
smdebug (" - Nocase: %hd\n", pattern_nocase);
pattern_data = *(uint32_t *) data;
data += SIZE_DD;
smdebug (" - Data: %u\n", pattern_data);
smdebug (" - Text: \"");
print_pattern ((char *)data, pattern_length);
smdebug ("\"\n");
/* Add pattern to list */
if (!(p = (nvmStringMatchCoproPattern *) malloc (sizeof (nvmStringMatchCoproPattern)))) {
fprintf (stderr, "Cannot allocate memory for pattern\n");
exit (9);
}
p -> pattern = (char *) malloc (pattern_length * SIZE_DB);
memcpy (p -> pattern, data, pattern_length);
p -> len = pattern_length;
p -> data = pattern_data;
p -> next = NULL;
/* Append new pattern to list */
if (smcdata -> patterns != NULL) {
for (q = smcdata -> patterns; q -> next; q = q -> next)
;
q -> next = p;
} else {
smcdata -> patterns = p;
}
/* Add pattern to Aho-Corasick SM */
acsmAddPattern2 (smcdata -> acsm[g], data, pattern_length, pattern_nocase, 0, 0, p, i);
smcdata -> patterns_no++;
/* On with next pattern */
data += pattern_length * SIZE_DB;
}
/* All patterns added: compile graph */
// Print_DFA (smcdata -> acsm);
acsmCompile2 (smcdata -> acsm[g]);
#ifdef COPRO_STRINGMATCH_DEBUG
acsmPrintInfo2 (smcdata -> acsm[g]);
#endif
}
/* Prepare stuff for results */
smcdata -> matches_no = 0;
smcdata -> next_match_id = 0;
out = nvmSUCCESS;
return (out);
}
