/*
* Add a pattern to the list of patterns for this state machine
*/
int
acsmAddPattern (ACSM_STRUCT * p, unsigned char *pat, int n, int nocase,
int offset, int depth, int negative, void * id, int iid)
{
ACSM_PATTERN * plist;
plist = (ACSM_PATTERN *) AC_MALLOC (sizeof (ACSM_PATTERN));
MEMASSERT (plist, "acsmAddPattern");
plist->patrn = (unsigned char *) AC_MALLOC (n);
ConvertCaseEx (plist->patrn, pat, n);
plist->casepatrn = (unsigned char *) AC_MALLOC (n);
memcpy (plist->casepatrn, pat, n);
plist->udata = (ACSM_USERDATA *)AC_MALLOC(sizeof(ACSM_USERDATA));
MEMASSERT (plist->udata, "acsmAddPattern");
plist->udata->ref_count = 1;
plist->udata->id = id;
plist->n = n;
plist->nocase = nocase;
plist->negative = negative;
plist->offset = offset;
plist->depth = depth;
plist->iid = iid;
plist->next = p->acsmPatterns;
p->acsmPatterns = plist;
p->numPatterns++;
return 0;
}
/*
* Search Text or Binary Data for Pattern matches
*/
int
acsmSearch (ACSM_STRUCT * acsm, unsigned char *Tx, int n,
int (*Match) (void * id, int index, void *data), void *data)
{
int state;
ACSM_PATTERN * mlist;
unsigned char *Tend;
ACSM_STATETABLE * StateTable = acsm->acsmStateTable;
int nfound = 0;
unsigned char *T;
int index;
/* Case conversion */
ConvertCaseEx (Tc, Tx, n);
T = Tc;
Tend = T + n;
for (state = 0; T < Tend; T++)
{
state = StateTable[state].NextState[*T];
if( StateTable[state].MatchList != NULL )
{
for( mlist=StateTable[state].MatchList; mlist!=NULL;
mlist=mlist->next )
{
index = T - mlist->n + 1 - Tc;
if( mlist->nocase )
{
nfound++;
if (Match (mlist->id, index, data))
return nfound;
}
else
{
if( memcmp (mlist->casepatrn, Tx + index, mlist->n) == 0 )
{
nfound++;
if (Match (mlist->id, index, data))
return nfound;
}
}
}
}
}
return nfound;
}
static KTRIEPATTERN * KTrieNewPattern(unsigned char * P, int n)
{
KTRIEPATTERN *p;
int ret;
if (n < 1)
return NULL;
p = (KTRIEPATTERN*) KTRIE_MALLOC( sizeof(KTRIEPATTERN) );
if (p == NULL)
return NULL;
/* Save as a nocase string */
p->P = (unsigned char*) KTRIE_MALLOC( n );
if( !p->P )
{
KTRIE_FREE(p);
return NULL;
}
ConvertCaseEx( p->P, P, n );
/* Save Case specific version */
p->Pcase = (unsigned char*) KTRIE_MALLOC( n );
if( !p->Pcase )
{
KTRIE_FREE(p->P);
KTRIE_FREE(p);
return NULL;
}
ret = SafeMemcpy(p->Pcase, P, n, p->Pcase, p->Pcase + n);
if (ret != SAFEMEM_SUCCESS)
{
KTRIE_FREE(p->Pcase);
KTRIE_FREE(p->P);
KTRIE_FREE(p);
return NULL;
}
p->n = n;
p->next = NULL;
return p;
}
/*
* Search Text or Binary Data for Pattern matches
*/
int
acsmSearch (ACSM_STRUCT * acsm, unsigned char *Tx, int n,
int (*Match)(void * id, void *tree, int index, void *data, void *neg_list),
void *data, int* current_state )
{
int state = 0;
ACSM_PATTERN * mlist;
unsigned char *Tend;
ACSM_STATETABLE * StateTable = acsm->acsmStateTable;
int nfound = 0;
unsigned char *T;
int index;
/* Case conversion */
ConvertCaseEx (Tc, Tx, n);
T = Tc;
Tend = T + n;
if ( !current_state )
{
return 0;
}
state = *current_state;
for (; T < Tend; T++)
{
state = StateTable[state].NextState[*T];
if( StateTable[state].MatchList != NULL )
{
mlist = StateTable[state].MatchList;
index = T - mlist->n + 1 - Tc;
nfound++;
if (Match (mlist->udata->id, mlist->rule_option_tree, index, data, mlist->neg_list) > 0)
{
*current_state = state;
return nfound;
}
}
}
*current_state = state;
return nfound;
}
static
inline
int KTrieSearchNoBC( KTRIE_STRUCT * ks, unsigned char * Tx, int n,
int(*match)(void * id, void *tree, int index, void *data, void *neg_list),
void * data )
{
int nfound = 0;
unsigned char *T, *bT;
ConvertCaseEx( Tnocase, Tx, n );
T = Tnocase;
bT = T;
for( ; n>0 ; n--, T++, Tx++ )
{
nfound += KTriePrefixMatch( ks, T, Tx, bT, n, match, data );
}
return nfound;
}
static
inline
int KTrieSearchBC( KTRIE_STRUCT * ks, unsigned char * Tx, int n,
int(*match)(void * id, void *tree, int index, void *data, void *neg_list),
void * data )
{
int tshift;
unsigned char *Tend;
unsigned char *T, *bT;
int nfound = 0;
short *bcShift = (short*)ks->bcShift;
int bcSize = ks->bcSize;
ConvertCaseEx( Tnocase, Tx, n );
T = Tnocase;
bT = T;
Tend = T + n - bcSize;
bcSize--;
for( ;T <= Tend; n--, T++, Tx++ )
{
while( (tshift = bcShift[ *( T + bcSize ) ]) > 0 )
{
T += tshift;
Tx += tshift;
if( T > Tend ) return nfound;
}
nfound += KTriePrefixMatch( ks, T, Tx, bT, n, match, data );
}
return nfound;
}
/*
* Search Text or Binary Data for Pattern matches
*/
int
acsmSearch (ACSM_STRUCT * acsm, unsigned char *Tx, int n,
#ifdef DETECTION_OPTION_TREE
int (*Match)(void * id, void *tree, int index, void *data),
#else
int (*Match) (void * id, int index, void *data),
#endif
void *data, int* current_state )
{
unsigned char Tc[64*1024];
int state = 0;
ACSM_PATTERN * mlist;
unsigned char *Tend;
ACSM_STATETABLE * StateTable = acsm->acsmStateTable;
int nfound = 0;
unsigned char *T;
int index;
/* Case conversion */
ConvertCaseEx (Tc, Tx, n);
T = Tc;
Tend = T + n;
if ( !current_state )
{
return 0;
}
state = *current_state;
for (; T < Tend; T++)
{
state = StateTable[state].NextState[*T];
if( StateTable[state].MatchList != NULL )
{
#ifdef DETECTION_OPTION_TREE
mlist = StateTable[state].MatchList;
index = T - mlist->n + 1 - Tc;
nfound++;
if (Match (mlist->id, mlist->rule_option_tree, index, data) > 0)
{
*current_state = state;
return nfound;
}
#else
for( mlist=StateTable[state].MatchList; mlist!=NULL;
mlist=mlist->next )
{
index = T - mlist->n + 1 - Tc;
if( mlist->nocase )
{
nfound++;
if (Match (mlist->id, index, data) > 0)
{
*current_state = state;
return nfound;
}
}
else
{
if( memcmp (mlist->casepatrn, Tx + index, mlist->n) == 0 )
{
nfound++;
if (Match (mlist->id, index, data) > 0)
{
*current_state = state;
return nfound;
}
}
}
}
#endif
}
}
*current_state = state;
return nfound;
}
