void* SearchThread(void* args) { unsigned int rank = (unsigned int)args; int iline = 0,state; unsigned int index,index_end,len,vlen; unsigned char active; // used by validation stage while(iline < line - 1) { state = 0; active = 1; vlen = 0; len = strlen(text[iline]) - 1; index = len/thread_num * rank; if(rank != thread_num - 1) index_end = index + len/thread_num; else index_end = len; for( ;index < index_end; index++) { acsmSearch(acsm,&text[iline][index],&state,rank,PrintMatch); history[index] = state; vlen++; } pthread_barrier_wait(&barrier_validation); if(rank != thread_num-1 ) { vlen = 0; while(active) { acsmSearch(acsm,&text[iline][index],&state,rank,PrintMatch); if(history[index] == state || index == len - 1) active = 0; else { history[index] = state; index++; vlen++; } } } valid_len_array[rank] += vlen; pthread_barrier_wait(&barrier_thread); iline++; } }
int main (int argc, char **argv) { int i, nocase = 0; ACSM_STRUCT * acsm; if (argc < 3) { fprintf (stderr, "Usage: acsmx pattern word-1 word-2 ... word-n -nocase\n"); exit (0); } acsm = acsmNew (); strcpy (text, argv[1]); for (i = 1; i < argc; i++) if (strcmp (argv[i], "-nocase") == 0) nocase = 1; for (i = 2; i < argc; i++) { if (argv[i][0] == '-') continue; acsmAddPattern (acsm, argv[i], strlen (argv[i]), nocase, 0, 0, argv[i], i - 2); } acsmCompile (acsm); acsmSearch (acsm, text, strlen (text), MatchFound, (void *) 0); acsmFree (acsm); printf ("normal pgm end\n"); return (0); }
int mpseSearch( void *pvoid, const unsigned char * T, int n, int ( *action )(void* id, void * tree, int index, void *data, void *neg_list), void * data, int* current_state ) { MPSE * p = (MPSE*)pvoid; int ret; PROFILE_VARS; PREPROC_PROFILE_START(mpsePerfStats); p->bcnt += n; if(p->inc_global_counter) s_bcnt += n; switch( p->method ) { case MPSE_AC_BNFA: case MPSE_AC_BNFA_Q: /* return is actually the state */ ret = bnfaSearch((bnfa_struct_t*) p->obj, (unsigned char *)T, n, action, data, 0 /* start-state */, current_state ); PREPROC_PROFILE_END(mpsePerfStats); return ret; case MPSE_AC: ret = acsmSearch( (ACSM_STRUCT*) p->obj, (unsigned char *)T, n, action, data, current_state ); PREPROC_PROFILE_END(mpsePerfStats); return ret; case MPSE_ACF: case MPSE_ACF_Q: case MPSE_ACS: case MPSE_ACB: case MPSE_ACSB: ret = acsmSearch2( (ACSM_STRUCT2*) p->obj, (unsigned char *)T, n, action, data, current_state ); PREPROC_PROFILE_END(mpsePerfStats); return ret; case MPSE_LOWMEM: case MPSE_LOWMEM_Q: ret = KTrieSearch( (KTRIE_STRUCT *)p->obj, (unsigned char *)T, n, action, data); *current_state = 0; PREPROC_PROFILE_END(mpsePerfStats); return ret; #ifdef INTEL_SOFT_CPM case MPSE_INTEL_CPM: ret = IntelPmSearch((IntelPm *)p->obj, (unsigned char *)T, n, action, data); *current_state = 0; PREPROC_PROFILE_END(mpsePerfStats); return ret; #endif default: PREPROC_PROFILE_END(mpsePerfStats); return 1; } }
int main (int argc, char **argv) { int i, nocase = 0; FILE *fd; char filename[20]; ACSM_STRUCT * acsm; if (argc < 3) { fprintf (stderr,"Usage: acsmx filename pattern1 pattern2 ... -nocase\n"); exit (0); } acsm = acsmNew (); strcpy (filename, argv[1]); fd = fopen(filename,"r"); if(fd == NULL) { fprintf(stderr,"Open file error!\n"); exit(1); } for (i = 1; i < argc; i++) if (strcmp (argv[i], "-nocase") == 0) nocase = 1; for (i = 2; i < argc; i++) { if (argv[i][0] == '-') continue; printf("%s,%d\n",argv[i],strlen (argv[i])); acsmAddPattern (acsm, argv[i], strlen (argv[i]), nocase,1); } fgets(text,MAXLEN,fd); /* Generate GtoTo Table and Fail Table */ acsmCompile (acsm); printf("--------------------------------\n"); NS_TIME(time); NS_TIME_START(time); /*Search Pattern*/ //while ( fgets(text,MAXLEN,fd) ) //{ acsmSearch (acsm, text, strlen (text), PrintMatch); // nline++; //} NS_TIME_END(time); PrintSummary(acsm->acsmPatterns); int a[10]={45,45,45,4,1}; #ifdef __HAVE__LOAD__ printf("-------%d\n", getSummary (acsm->acsmPatterns,a)); #endif acsmFree (acsm); printf ("\n### AC Match Finished ###\n"); // system("pause"); return (0); }
int mpseSearch( void *pv, unsigned char * T, int n, int ( *action )(unsigned id, int index, void *data), void * data ) { MPSE * p = (MPSE*)pv; s_bcnt += n; switch( p->method ) { case MPSE_AC: return acsmSearch( (ACSM_STRUCT*) p->obj, T, n, action, data ); break; case MPSE_AUTO: case MPSE_MWM: return mwmSearch( p->obj, T, n, action, data ); break; case MPSE_KTBM: case MPSE_LOWMEM: return KTrieSearch( (KTRIE_STRUCT *)p->obj, T, n, action, data ); break; default: return 1; break; } }
int main(int argc, char **argv) { int i, nocase = 0; FILE *fd; char filename[20]; ACSM_STRUCT * acsm; // if (argc < 3) // { // fprintf(stderr, "Usage: acsmx filename pattern1 pattern2 ... -nocase\n"); // exit(0); // } acsm = acsmNew(); strcpy_s(filename, "test.txt"); fd = fopen(filename, "r"); if (fd == NULL) { fprintf(stderr, "Open file error!\n"); exit(1); } for (i = 1; i < argc; i++) if (strcmp(argv[i], "-nocase") == 0) nocase = 1; char a[] = { "test" }; acsmAddPattern(acsm, (unsigned char *)a, strlen(a), nocase); /* Generate GtoTo Table and Fail Table */ acsmCompile(acsm); /*Search Pattern*/ while (fgets(( char*)text, MAXLEN, fd)) { acsmSearch(acsm, text, strlen((char*)text), PrintMatch); nline++; } PrintSummary(acsm->acsmPatterns); acsmFree(acsm); printf("\n### AC Match Finished ###\n"); system("pause"); return (0); }
int main (int argc, char **argv) { int i, nocase = 0; char filename[20]; ACSM_STRUCT * acsm; acsm = acsmNew (); memset(text,'a',200); strcat(text,"http"); strcat(text,"ut"); strcat(text,"get"); //nocase = 0; for(i=0;i<1;++i) acsmAddPattern (acsm, pro_patern[i], strlen (pro_patern[i]), nocase,1); /* Generate GtoTo Table and Fail Table */ acsmCompile (acsm); printf("--------------------------------\n"); int textlen=strlen (text); NS_TIME(time); NS_TIME_START(time); /*Search Pattern*/ //while ( fgets(text,MAXLEN,fd) ) //{ int n=10000; while(n>0) { n--; acsmSearch (acsm, text, textlen, PrintMatch); } // nline++; //} NS_TIME_END(time); //PrintSummary(acsm->acsmPatterns); ACSM_PATTERN * mlist = acsm->acsmPatterns; printf("\n### Summary ###\n"); for (;mlist!=NULL;mlist=mlist->next) { if(mlist->nocase) printf("%12s : %5d\n",mlist->patrn,mlist->nmatch); else printf("%12s : %5d\n",mlist->casepatrn,mlist->nmatch); mlist->nmatch=0; } mlist = acsm->acsmPatterns; for (;mlist!=NULL;mlist=mlist->next) { if(mlist->nocase) printf("%12s : %5d\n",mlist->patrn,mlist->nmatch); else printf("%12s : %5d\n",mlist->casepatrn,mlist->nmatch); mlist->nmatch=0; } acsmFree (acsm); printf ("\n### AC Match Finished ###\n"); // system("pause"); return (0); }
void my_callback(u_char *useless,const struct pcap_pkthdr* pkthdr,const u_char* packet) { packet_num++; packet_len+=pkthdr->caplen; static int count = 0; //static int nn=0; static int i; static unsigned short eth_type; static int vlan_flag=0; //sem_getvalue(&shmp[i]->sem,&semnum); //printf("sem:%d\n",semnum); //usleep(1000); static int semnum; // sem_getvalue(&bin_sem,&semnum); // printf("sem:%d\n",semnum); //printf("mmmmmmmmmmmmmm\n"); if(exitflag) { /*for(i=0;i<snortnum;++i) { memcpy(shmp[i]->data[shmp[i]->tail],"########",strlen("########")); shmp[i]->tail=(shmp[i]->tail+1)%shmp[i]->looplen; my_lock_release(shmp[i]); } sleep(4); for(i=0;i<snortnum;++i) { destroy_loop(shmp[i]); DeleteShm(shmid[i]); }*/ for(i=0;i<PRO_MAX+2;++i) { printf("%s:%lld\n",pro_map[i],pronum[i]); } printf("losepacket=%lld\n",losepacket); //sem_post(&bin_sem); NS_TIME_END(time); speed1(NS_GET_TIMEP(time),packet_num,packet_len); printf("count=%d,\nfind_pro=%lld\n",count,find_pro); printf("exit\n"); del_HB(&hb); acsmFree (acsm); // exitflag=0; exit(0); } //return; mac=(struct ether_header*)packet; eth_type=ntohs(mac->ether_type); if((eth_type==0x8100)) { vlan_flag=1; //msg("W:****0X%04X\n",eth_type); eth_type=(packet[16])*256+packet[17]; } else vlan_flag=0; // msg("W:0X%04X\n",eth_type); if((eth_type!=0x0800))//不是ip数据报 return; if(vlan_flag) ip=(struct ip*)(packet+size_mac+4); else ip=(struct ip*)(packet+size_mac); /*char ipdotdecs[20]={0}; char ipdotdecc[20]={0}; inet_ntop(AF_INET,(void*)&(ip->ip_src),ipdotdecs,16); inet_ntop(AF_INET,(void*)&(ip->ip_dst),ipdotdecc,16);*/ //printf("%s-->%s: len:%d\n",ipdotdecs,ipdotdecc,pkthdr->caplen); if((ip->ip_p==6))//tcp { // msg("EIStcp\n"); //tcp=(struct fniff_tcp*)(packet+size_mac+size_ip); tcp=(struct fniff_tcp*)((char*)ip+size_ip); sd.b_ip=(ip->ip_src.s_addr); sd.l_ip=(ip->ip_dst.s_addr); if(sd.b_ip>sd.l_ip) { sd.b_port=ntohs(tcp->th_sport); sd.l_port=ntohs(tcp->th_dport); } else { sd.b_ip^=sd.l_ip; sd.l_ip^=sd.b_ip; sd.b_ip^=sd.l_ip; sd.b_port=ntohs(tcp->th_dport); sd.l_port=ntohs(tcp->th_sport); } hash=hash_HB(sd.b_ip,sd.b_port,sd.l_ip,sd.l_port); tcplen=ntohs(ip->ip_len)-(ip->ip_hl*4)-(tcp->th_off*4); // msg("EIStcp11111111111\n"); // printf("ntohs(ip->ip_len)=%d\n",ntohs(ip->ip_len)+14); // packet.tcp_URG=tcp->th_flags&TH_URG; ack=tcp->th_flags&TH_ACK; // packet.tcp_PSH=tcp->th_flags&TH_PUSH; rst=tcp->th_flags&TH_RST; syn=tcp->th_flags&TH_SYN; fin=tcp->th_flags&TH_FIN; datalen=pkthdr->caplen; ptcp=(unsigned char*)tcp+(tcp->th_off*4); temp=find_node(hb[hash].virtual_sn,&sd); if(temp==NULL&&syn&&!ack&&tcplen==0)//not find { //msg("E no\n"); SN* q=get_node(); q->sdipport=sd; q->state=1; insert_node(&(hb[hash].virtual_sn),q); hb[hash].virtual_sn_num++; //msg("**********=%ld\n",hb[hash].virtual_sn_num); #if 0 if(sd.b_port==21||sd.l_port==21) { q->state=10; pronum[FTP]++; } else if(sd.b_port==80||sd.l_port==80) { q->state=10; pronum[HTTP]++; } memcpy(fortest,packet,pkthdr->caplen); #endif } else if(temp!=NULL) { // printf("state:%d\n",temp->state); if((temp->state==1)&&syn&&ack&&(tcplen==0)) { //msg("W:my ooooooooooooooooooo\n"); temp->state=2; } else if(temp->state==2&&ack&&!syn&&tcplen==0) { temp->state=3; //msg("W:its ===============================static\n"); //msg("W:my hash:%u\n",hash); } else if(temp->state>=3&&temp->state<9) { //if(tcplen==0) // return; //msg("W:my hash:%u\n",hash); //msg("+++++\n"); //msg("ttttttttttttt\n"); p=get_BC_node(); //msg("mmmmmmmmm\n"); if(p==NULL) {msg("EISget bc node error\n");exit(0);} p->datalen=pkthdr->caplen; p->tcplen=tcplen; //msg("tcplen=%d,pkthdr->caplen=%d\n",tcplen,pkthdr->caplen); if(tcplen<0) { msg("EIS tcp<0\n"); exit(0); } p->next=NULL; memcpy(p->buf,packet,pkthdr->caplen); p->ptcp=(unsigned char*)(p->buf)+(tcp->th_off*4)+((unsigned char*)tcp-(unsigned char*)mac);//ptcp; temp->tcp_content_len+=tcplen; if(temp->bc_head==NULL) { temp->bc_head=temp->bc_tail=p; } else { temp->bc_tail->next=p; temp->bc_tail=p; } temp->state++; if((temp->state==9)||rst||fin||(temp->tcp_content_len>150)) { //msg("EIS static\n"); #if 0 p=temp->bc_head; while(p!=NULL) { if(p->tcplen!=0) acsmSearch(acsm,p->ptcp,p->tcplen,PrintMatch); p=p->next; } #else acSearch(acsm,temp->bc_head); acSearch(acsm,temp->bc_head); #endif i=getSummary(acsm->acsmPatterns,feature_num); pronum[i]++; temp->proto=i; if(rst||fin) { temp->state=10; resume_BC_node(temp->bc_head); resume_node(temp); hb[hash].virtual_sn_num--; //msg("*********=%ld\n",hb[hash].virtual_sn_num); if(hb[hash].virtual_sn_num==0) hb[hash].virtual_sn=NULL; return; } temp->state=10; resume_BC_node(temp->bc_head); temp->bc_head=NULL; temp->bc_tail=NULL; } } else if(temp->state>=10) { if(rst||fin) { //resume_node(temp); move_node(&(hb[hash].virtual_sn),temp); hb[hash].virtual_sn_num--; //msg("**************=%ld\n",hb[hash].virtual_sn_num); if(hb[hash].virtual_sn_num==0) hb[hash].virtual_sn=NULL; return; } } else { msg("ggggggggggg\n"); } } }//tcp else if(ip->ip_p==1)//icmp { //printf("2222\n"); //static char pro_map[PRO_MAX+2][20]={"HTTP","FTP","POP3","SMTP","UNKOWN","UDP","ICMP"}; pronum[PRO_MAX+1]++; } else if(ip->ip_p==17)//udp { //printf("1111111\n"); pronum[PRO_MAX]++; } else { printf("no\n"); } }