int main (int argc, char **argv)
{
int i, nocase = 0;
FILE *fd;
char filename[20];
ACSM_STRUCT * acsm;
if (argc < 3)
{
fprintf (stderr,"Usage: acsmx filename pattern1 pattern2 ... -nocase\n");
exit (0);
}
acsm = acsmNew ();
strcpy (filename, argv[1]);
fd = fopen(filename,"r");
if(fd == NULL)
{
fprintf(stderr,"Open file error!\n");
exit(1);
}
for (i = 1; i < argc; i++)
if (strcmp (argv[i], "-nocase") == 0)
nocase = 1;
for (i = 2; i < argc; i++)
{
if (argv[i][0] == '-')
continue;
printf("%s,%d\n",argv[i],strlen (argv[i]));
acsmAddPattern (acsm, argv[i], strlen (argv[i]), nocase,1);
}
fgets(text,MAXLEN,fd);
/* Generate GtoTo Table and Fail Table */
acsmCompile (acsm);
printf("--------------------------------\n");
NS_TIME(time);
NS_TIME_START(time);
/*Search Pattern*/
//while ( fgets(text,MAXLEN,fd) )
//{
acsmSearch (acsm, text, strlen (text), PrintMatch);
// nline++;
//}
NS_TIME_END(time);
PrintSummary(acsm->acsmPatterns);
int a[10]={45,45,45,4,1};
#ifdef __HAVE__LOAD__
printf("-------%d\n", getSummary (acsm->acsmPatterns,a));
#endif
acsmFree (acsm);
printf ("\n### AC Match Finished ###\n");
// system("pause");
return (0);
}
int
main (int argc, char **argv)
{
int i, nocase = 0;
ACSM_STRUCT * acsm;
if (argc < 3)
{
fprintf (stderr,
"Usage: acsmx pattern word-1 word-2 ... word-n -nocase\n");
exit (0);
}
acsm = acsmNew ();
strcpy (text, argv[1]);
for (i = 1; i < argc; i++)
if (strcmp (argv[i], "-nocase") == 0)
nocase = 1;
for (i = 2; i < argc; i++)
{
if (argv[i][0] == '-')
continue;
acsmAddPattern (acsm, argv[i], strlen (argv[i]), nocase, 0, 0,
argv[i], i - 2);
}
acsmCompile (acsm);
acsmSearch (acsm, text, strlen (text), MatchFound, (void *) 0);
acsmFree (acsm);
printf ("normal pgm end\n");
return (0);
}
void mpseFree( void * pv )
{
MPSE * p = (MPSE*)pv;
switch( p->method )
{
case MPSE_AC:
if(p->obj)acsmFree(p->obj);
free(p);
return ;
break;
case MPSE_AUTO:
case MPSE_MWM:
if(p->obj)mwmFree( p->obj );
free( p );
break;
case MPSE_KTBM:
case MPSE_LOWMEM:
return ;
break;
default:
return ;
break;
}
}
void mpseFree( void * pvoid )
{
MPSE * p = (MPSE*)pvoid;
if (p == NULL)
return;
switch( p->method )
{
case MPSE_AC_BNFA:
case MPSE_AC_BNFA_Q:
if (p->obj)
bnfaFree((bnfa_struct_t*)p->obj);
free(p);
return;
case MPSE_AC:
if (p->obj)
acsmFree((ACSM_STRUCT *)p->obj);
free(p);
return;
case MPSE_ACF:
case MPSE_ACF_Q:
case MPSE_ACS:
case MPSE_ACB:
case MPSE_ACSB:
if (p->obj)
acsmFree2((ACSM_STRUCT2 *)p->obj);
free(p);
return;
case MPSE_LOWMEM:
case MPSE_LOWMEM_Q:
if (p->obj)
KTrieDelete((KTRIE_STRUCT *)p->obj);
free(p);
return;
#ifdef INTEL_SOFT_CPM
case MPSE_INTEL_CPM:
if (p->obj)
IntelPmDelete((IntelPm *)p->obj);
free(p);
break;
#endif
default:
return;
}
}
int main(int argc, char **argv)
{
int i, nocase = 0;
FILE *fd;
char filename[20];
ACSM_STRUCT * acsm;
// if (argc < 3)
// {
// fprintf(stderr, "Usage: acsmx filename pattern1 pattern2 ... -nocase\n");
// exit(0);
// }
acsm = acsmNew();
strcpy_s(filename, "test.txt");
fd = fopen(filename, "r");
if (fd == NULL)
{
fprintf(stderr, "Open file error!\n");
exit(1);
}
for (i = 1; i < argc; i++)
if (strcmp(argv[i], "-nocase") == 0)
nocase = 1;
char a[] = { "test" };
acsmAddPattern(acsm, (unsigned char *)a, strlen(a), nocase);
/* Generate GtoTo Table and Fail Table */
acsmCompile(acsm);
/*Search Pattern*/
while (fgets(( char*)text, MAXLEN, fd))
{
acsmSearch(acsm, text, strlen((char*)text), PrintMatch);
nline++;
}
PrintSummary(acsm->acsmPatterns);
acsmFree(acsm);
printf("\n### AC Match Finished ###\n");
system("pause");
return (0);
}
void mpseFree( void * pvoid )
{
MPSE * p = (MPSE*)pvoid;
if (p == NULL)
return;
switch( p->method )
{
case MPSE_AC_BNFA:
if (p->obj)
bnfaFree((bnfa_struct_t*)p->obj);
free(p);
return;
case MPSE_AC:
if (p->obj)
acsmFree((ACSM_STRUCT *)p->obj);
free(p);
return;
case MPSE_ACF:
case MPSE_ACS:
case MPSE_ACB:
case MPSE_ACSB:
if (p->obj)
acsmFree2((ACSM_STRUCT2 *)p->obj);
free(p);
return;
case MPSE_LOWMEM:
if (p->obj)
KTrieDelete((KTRIE_STRUCT *)p->obj);
free(p);
return;
default:
return;
}
}
int main (int argc, char **argv)
{
int i, nocase = 0;
char filename[20];
ACSM_STRUCT * acsm;
acsm = acsmNew ();
memset(text,'a',200);
strcat(text,"http");
strcat(text,"ut");
strcat(text,"get");
//nocase = 0;
for(i=0;i<1;++i)
acsmAddPattern (acsm, pro_patern[i], strlen (pro_patern[i]), nocase,1);
/* Generate GtoTo Table and Fail Table */
acsmCompile (acsm);
printf("--------------------------------\n");
int textlen=strlen (text);
NS_TIME(time);
NS_TIME_START(time);
/*Search Pattern*/
//while ( fgets(text,MAXLEN,fd) )
//{
int n=10000;
while(n>0)
{
n--;
acsmSearch (acsm, text, textlen, PrintMatch);
}
// nline++;
//}
NS_TIME_END(time);
//PrintSummary(acsm->acsmPatterns);
ACSM_PATTERN * mlist = acsm->acsmPatterns;
printf("\n### Summary ###\n");
for (;mlist!=NULL;mlist=mlist->next)
{
if(mlist->nocase)
printf("%12s : %5d\n",mlist->patrn,mlist->nmatch);
else
printf("%12s : %5d\n",mlist->casepatrn,mlist->nmatch);
mlist->nmatch=0;
}
mlist = acsm->acsmPatterns;
for (;mlist!=NULL;mlist=mlist->next)
{
if(mlist->nocase)
printf("%12s : %5d\n",mlist->patrn,mlist->nmatch);
else
printf("%12s : %5d\n",mlist->casepatrn,mlist->nmatch);
mlist->nmatch=0;
}
acsmFree (acsm);
printf ("\n### AC Match Finished ###\n");
// system("pause");
return (0);
}
int main (int argc, char **argv)
{
int i;
unsigned int total_len = 0;
struct timeval begtime,endtime;
FILE *sfd,*pfd;
char sfilename[20] = "string";
char pfilename[20] = "pattern";
//===============================================
if (argc < 4)
{
fprintf (stderr,"Usage: acsmx stringfile patternfile ... -nocase\n");
exit (0);
}
strcpy (sfilename, argv[1]);
sfd = fopen(sfilename,"r");
if(sfd == NULL)
{
fprintf(stderr,"Open file error!\n");
exit(1);
}
strcpy(pfilename,argv[2]);
pfd = fopen(pfilename,"r");
if(sfd == NULL)
{
fprintf(stderr,"Open file error!\n");
exit(1);
}
thread_num = atoi(argv[3]);
acsm = acsmNew (thread_num);
//read patterns
i = 0;
while(fgets(pattern,MAXPATTERNLEN,pfd))
{
int len = strlen(pattern);
acsmAddPattern (acsm, pattern, len-1);
i++;
}
fclose(pfd);
printf("\n\nread %d patterns\n\n===============================",i);
/* Generate GtoTo Table and Fail Table */
acsmCompile (acsm);
//=========================================================
/*read string*/
for(i = 0;i < MAXLINE;i++)
{
if(!fgets(text[i],MAXLEN,sfd))
break;
total_len += strlen(text[i]) - 1; //ignore the last char '\n'
}
line = i;
fclose(sfd);
printf("\n\nreading finished...\n=============================\n\n");
printf("%d lines\t%d bytes",line,total_len);
printf("\n\n=============================\n");
gettimeofday(&begtime,0);
//create multi_thread
thread_array = calloc(thread_num,sizeof(pthread_t));
valid_len_array = calloc(thread_num,sizeof(unsigned int));
pthread_barrier_init(&barrier_thread,NULL,thread_num);
pthread_barrier_init(&barrier_validation,NULL,thread_num);
for(i = 0;i < thread_num; i++)
{
pthread_create(&thread_array[i], NULL, SearchThread, (void*)i);
}
//===========================================================
int err;
for(i = 0;i < thread_num;i++)
{
err = pthread_join(thread_array[i],NULL);
if(err != 0)
{
printf("can not join with thread %d:%s\n", i,strerror(err));
}
}
gettimeofday(&endtime,0);
PrintSummary(acsm);
acsmFree (acsm);
printf ("\n### AC Match Finished ###\n");
printf("\nTime Cost: %lu us\n\n",(endtime.tv_sec - begtime.tv_sec)*1000000 + (endtime.tv_usec - begtime.tv_usec));
printf ("\n====================================\n\n");
printf ("Validation Stage Len:\n\n");
for(i = 0;i < thread_num;i++)
printf("rank%d\t%u\n",i,valid_len_array[i]);
printf ("\n====================================\n\n");
free(thread_array);
free(valid_len_array);
pthread_barrier_destroy(&barrier_thread);
pthread_barrier_destroy(&barrier_validation);
return 0;
}
void my_callback(u_char *useless,const struct pcap_pkthdr* pkthdr,const u_char*
packet)
{
packet_num++;
packet_len+=pkthdr->caplen;
static int count = 0;
//static int nn=0;
static int i;
static unsigned short eth_type;
static int vlan_flag=0;
//sem_getvalue(&shmp[i]->sem,&semnum);
//printf("sem:%d\n",semnum);
//usleep(1000);
static int semnum;
// sem_getvalue(&bin_sem,&semnum);
// printf("sem:%d\n",semnum);
//printf("mmmmmmmmmmmmmm\n");
if(exitflag)
{
/*for(i=0;i<snortnum;++i)
{
memcpy(shmp[i]->data[shmp[i]->tail],"########",strlen("########"));
shmp[i]->tail=(shmp[i]->tail+1)%shmp[i]->looplen;
my_lock_release(shmp[i]);
}
sleep(4);
for(i=0;i<snortnum;++i)
{
destroy_loop(shmp[i]);
DeleteShm(shmid[i]);
}*/
for(i=0;i<PRO_MAX+2;++i)
{
printf("%s:%lld\n",pro_map[i],pronum[i]);
}
printf("losepacket=%lld\n",losepacket);
//sem_post(&bin_sem);
NS_TIME_END(time);
speed1(NS_GET_TIMEP(time),packet_num,packet_len);
printf("count=%d,\nfind_pro=%lld\n",count,find_pro);
printf("exit\n");
del_HB(&hb);
acsmFree (acsm);
// exitflag=0;
exit(0);
}
//return;
mac=(struct ether_header*)packet;
eth_type=ntohs(mac->ether_type);
if((eth_type==0x8100))
{
vlan_flag=1;
//msg("W:****0X%04X\n",eth_type);
eth_type=(packet[16])*256+packet[17];
}
else
vlan_flag=0;
// msg("W:0X%04X\n",eth_type);
if((eth_type!=0x0800))//不是ip数据报
return;
if(vlan_flag)
ip=(struct ip*)(packet+size_mac+4);
else
ip=(struct ip*)(packet+size_mac);
/*char ipdotdecs[20]={0};
char ipdotdecc[20]={0};
inet_ntop(AF_INET,(void*)&(ip->ip_src),ipdotdecs,16);
inet_ntop(AF_INET,(void*)&(ip->ip_dst),ipdotdecc,16);*/
//printf("%s-->%s: len:%d\n",ipdotdecs,ipdotdecc,pkthdr->caplen);
if((ip->ip_p==6))//tcp
{
// msg("EIStcp\n");
//tcp=(struct fniff_tcp*)(packet+size_mac+size_ip);
tcp=(struct fniff_tcp*)((char*)ip+size_ip);
sd.b_ip=(ip->ip_src.s_addr);
sd.l_ip=(ip->ip_dst.s_addr);
if(sd.b_ip>sd.l_ip)
{
sd.b_port=ntohs(tcp->th_sport);
sd.l_port=ntohs(tcp->th_dport);
}
else
{
sd.b_ip^=sd.l_ip;
sd.l_ip^=sd.b_ip;
sd.b_ip^=sd.l_ip;
sd.b_port=ntohs(tcp->th_dport);
sd.l_port=ntohs(tcp->th_sport);
}
hash=hash_HB(sd.b_ip,sd.b_port,sd.l_ip,sd.l_port);
tcplen=ntohs(ip->ip_len)-(ip->ip_hl*4)-(tcp->th_off*4);
// msg("EIStcp11111111111\n");
// printf("ntohs(ip->ip_len)=%d\n",ntohs(ip->ip_len)+14);
// packet.tcp_URG=tcp->th_flags&TH_URG;
ack=tcp->th_flags&TH_ACK;
// packet.tcp_PSH=tcp->th_flags&TH_PUSH;
rst=tcp->th_flags&TH_RST;
syn=tcp->th_flags&TH_SYN;
fin=tcp->th_flags&TH_FIN;
datalen=pkthdr->caplen;
ptcp=(unsigned char*)tcp+(tcp->th_off*4);
temp=find_node(hb[hash].virtual_sn,&sd);
if(temp==NULL&&syn&&!ack&&tcplen==0)//not find
{
//msg("E no\n");
SN* q=get_node();
q->sdipport=sd;
q->state=1;
insert_node(&(hb[hash].virtual_sn),q);
hb[hash].virtual_sn_num++;
//msg("**********=%ld\n",hb[hash].virtual_sn_num);
#if 0
if(sd.b_port==21||sd.l_port==21)
{
q->state=10;
pronum[FTP]++;
}
else if(sd.b_port==80||sd.l_port==80)
{
q->state=10;
pronum[HTTP]++;
}
memcpy(fortest,packet,pkthdr->caplen);
#endif
}
else if(temp!=NULL)
{
// printf("state:%d\n",temp->state);
if((temp->state==1)&&syn&&ack&&(tcplen==0))
{
//msg("W:my ooooooooooooooooooo\n");
temp->state=2;
}
else if(temp->state==2&&ack&&!syn&&tcplen==0)
{
temp->state=3;
//msg("W:its ===============================static\n");
//msg("W:my hash:%u\n",hash);
}
else if(temp->state>=3&&temp->state<9)
{
//if(tcplen==0)
// return;
//msg("W:my hash:%u\n",hash);
//msg("+++++\n");
//msg("ttttttttttttt\n");
p=get_BC_node();
//msg("mmmmmmmmm\n");
if(p==NULL)
{msg("EISget bc node error\n");exit(0);}
p->datalen=pkthdr->caplen;
p->tcplen=tcplen;
//msg("tcplen=%d,pkthdr->caplen=%d\n",tcplen,pkthdr->caplen);
if(tcplen<0)
{
msg("EIS tcp<0\n");
exit(0);
}
p->next=NULL;
memcpy(p->buf,packet,pkthdr->caplen);
p->ptcp=(unsigned char*)(p->buf)+(tcp->th_off*4)+((unsigned char*)tcp-(unsigned char*)mac);//ptcp;
temp->tcp_content_len+=tcplen;
if(temp->bc_head==NULL)
{
temp->bc_head=temp->bc_tail=p;
}
else
{
temp->bc_tail->next=p;
temp->bc_tail=p;
}
temp->state++;
if((temp->state==9)||rst||fin||(temp->tcp_content_len>150))
{
//msg("EIS static\n");
#if 0
p=temp->bc_head;
while(p!=NULL)
{
if(p->tcplen!=0)
acsmSearch(acsm,p->ptcp,p->tcplen,PrintMatch);
p=p->next;
}
#else
acSearch(acsm,temp->bc_head);
acSearch(acsm,temp->bc_head);
#endif
i=getSummary(acsm->acsmPatterns,feature_num);
pronum[i]++;
temp->proto=i;
if(rst||fin)
{
temp->state=10;
resume_BC_node(temp->bc_head);
resume_node(temp);
hb[hash].virtual_sn_num--;
//msg("*********=%ld\n",hb[hash].virtual_sn_num);
if(hb[hash].virtual_sn_num==0)
hb[hash].virtual_sn=NULL;
return;
}
temp->state=10;
resume_BC_node(temp->bc_head);
temp->bc_head=NULL;
temp->bc_tail=NULL;
}
}
else if(temp->state>=10)
{
if(rst||fin)
{
//resume_node(temp);
move_node(&(hb[hash].virtual_sn),temp);
hb[hash].virtual_sn_num--;
//msg("**************=%ld\n",hb[hash].virtual_sn_num);
if(hb[hash].virtual_sn_num==0)
hb[hash].virtual_sn=NULL;
return;
}
}
else
{
msg("ggggggggggg\n");
}
}
}//tcp
else if(ip->ip_p==1)//icmp
{
//printf("2222\n");
//static char pro_map[PRO_MAX+2][20]={"HTTP","FTP","POP3","SMTP","UNKOWN","UDP","ICMP"};
pronum[PRO_MAX+1]++;
}
else if(ip->ip_p==17)//udp
{
//printf("1111111\n");
pronum[PRO_MAX]++;
}
else
{
printf("no\n");
}
}
