Example #1
0
int  mpseAddPattern ( void * pvoid, void * P, int m,
                      unsigned noCase, unsigned offset, unsigned depth,
                      unsigned negative, void* ID, int IID )
{
  MPSE * p = (MPSE*)pvoid;

  switch( p->method )
   {
     case MPSE_AC_BNFA:
     case MPSE_AC_BNFA_Q:
       return bnfaAddPattern( (bnfa_struct_t*)p->obj, (unsigned char *)P, m,
              noCase, negative, ID );

     case MPSE_AC:
       return acsmAddPattern( (ACSM_STRUCT*)p->obj, (unsigned char *)P, m,
              noCase, offset, depth, negative, ID, IID );

     case MPSE_ACF:
     case MPSE_ACF_Q:
     case MPSE_ACS:
     case MPSE_ACB:
     case MPSE_ACSB:
       return acsmAddPattern2( (ACSM_STRUCT2*)p->obj, (unsigned char *)P, m,
              noCase, offset, depth, negative, ID, IID );

     case MPSE_LOWMEM:
     case MPSE_LOWMEM_Q:
       return KTrieAddPattern( (KTRIE_STRUCT *)p->obj, (unsigned char *)P, m,
                                noCase, negative, ID );
     default:
       return -1;
   }
}
Example #2
0
int  mpseAddPattern ( void * pv, unsigned char * P, int m, 
             unsigned noCase,unsigned offset, unsigned depth,  unsigned ID, int IID )
{
  MPSE * p = (MPSE*)pv;

  switch( p->method )
   {
     case MPSE_AC:
       return acsmAddPattern( (ACSM_STRUCT*)p->obj, P, m,
              noCase, offset, depth, ID, IID );
     break;
     case MPSE_MWM:
       return mwmAddPatternEx( p->obj, P, m, 
              noCase, offset, depth, ID, IID );
     break;
     case MPSE_KTBM:
     case MPSE_LOWMEM:
       return KTrieAddPattern( (KTRIE_STRUCT *)p->obj, P, m, 
              noCase, ID );
     break; 
     default:
       return -1;
     break; 
   }
}
Example #3
0
int main( int argc, char ** argv )
{
    int i;
    KTRIE_STRUCT * ts;
    int nocase=1;  // don't care about case

    gargv = argv;

    ts = KTrieNew();

    if( argc < 3 )
    {
        printf("%s text pat1 pat2 ... patn [-c(ase-sensitive)\n",argv[0]);
        printf("search for keywords-default, or match keywords\n");
        exit(0);
    }

    for(i=1;i<argc;i++)
    {
       if( strcmp(argv[i],"-c")==0 ) nocase=0; /* ignore case */
    }

    printf("New TRIE created\n");

    for(i=2;i<argc;i++)
    {
       if( argv[i][0]=='-' )
           continue;

       KTrieAddPattern( ts, (unsigned char *)argv[i], strlen(argv[i]), nocase, i );
    }

    printf("Patterns added \n");

    KTrieCompile( ts );

    printf("Patterns compiled \n");
    printf("--> %d characters, %d patterns, %d bytes allocated\n",ts->nchars,ts->npats,ts->memory);

    printf("Searching...\n");

    KTrieSearch( ts, (unsigned char*)argv[1], strlen(argv[1]), match, 0 );

    printf("%d matches found\n",trie_nmatches);

    printf("normal pgm finish.\n");

    return 0;
}
Example #4
0
int  mpseAddPatternWithSnortConfig ( SnortConfig *sc, void * pvoid, void * P, int m,
                      unsigned noCase, unsigned offset, unsigned depth,
                      unsigned negative, void* ID, int IID )
{
  MPSE * p = (MPSE*)pvoid;

  switch( p->method )
   {
     case MPSE_AC_BNFA:
     case MPSE_AC_BNFA_Q:
       return bnfaAddPattern( (bnfa_struct_t*)p->obj, (unsigned char *)P, m,
              noCase, negative, ID );

     case MPSE_AC:
       return acsmAddPattern( (ACSM_STRUCT*)p->obj, (unsigned char *)P, m,
              noCase, offset, depth, negative, ID, IID );

     case MPSE_ACF:
     case MPSE_ACF_Q:
     case MPSE_ACS:
     case MPSE_ACB:
     case MPSE_ACSB:
       return acsmAddPattern2( (ACSM_STRUCT2*)p->obj, (unsigned char *)P, m,
              noCase, offset, depth, negative, ID, IID );

     case MPSE_LOWMEM:
     case MPSE_LOWMEM_Q:
       return KTrieAddPattern( (KTRIE_STRUCT *)p->obj, (unsigned char *)P, m,
                                noCase, negative, ID );
#ifdef INTEL_SOFT_CPM
     case MPSE_INTEL_CPM:
       return IntelPmAddPattern(sc, (IntelPm *)p->obj, (unsigned char *)P, m,
               noCase, negative, ID, IID);
#endif
     default:
       return -1;
   }
}