int main (int argc, char **argv) { int i, nocase = 0; FILE *fd; char filename[20]; ACSM_STRUCT * acsm; if (argc < 3) { fprintf (stderr,"Usage: acsmx filename pattern1 pattern2 ... -nocase\n"); exit (0); } acsm = acsmNew (); strcpy (filename, argv[1]); fd = fopen(filename,"r"); if(fd == NULL) { fprintf(stderr,"Open file error!\n"); exit(1); } for (i = 1; i < argc; i++) if (strcmp (argv[i], "-nocase") == 0) nocase = 1; for (i = 2; i < argc; i++) { if (argv[i][0] == '-') continue; printf("%s,%d\n",argv[i],strlen (argv[i])); acsmAddPattern (acsm, argv[i], strlen (argv[i]), nocase,1); } fgets(text,MAXLEN,fd); /* Generate GtoTo Table and Fail Table */ acsmCompile (acsm); printf("--------------------------------\n"); NS_TIME(time); NS_TIME_START(time); /*Search Pattern*/ //while ( fgets(text,MAXLEN,fd) ) //{ acsmSearch (acsm, text, strlen (text), PrintMatch); // nline++; //} NS_TIME_END(time); PrintSummary(acsm->acsmPatterns); int a[10]={45,45,45,4,1}; #ifdef __HAVE__LOAD__ printf("-------%d\n", getSummary (acsm->acsmPatterns,a)); #endif acsmFree (acsm); printf ("\n### AC Match Finished ###\n"); // system("pause"); return (0); }
int main (int argc, char **argv) { int i, nocase = 0; ACSM_STRUCT * acsm; if (argc < 3) { fprintf (stderr, "Usage: acsmx pattern word-1 word-2 ... word-n -nocase\n"); exit (0); } acsm = acsmNew (); strcpy (text, argv[1]); for (i = 1; i < argc; i++) if (strcmp (argv[i], "-nocase") == 0) nocase = 1; for (i = 2; i < argc; i++) { if (argv[i][0] == '-') continue; acsmAddPattern (acsm, argv[i], strlen (argv[i]), nocase, 0, 0, argv[i], i - 2); } acsmCompile (acsm); acsmSearch (acsm, text, strlen (text), MatchFound, (void *) 0); acsmFree (acsm); printf ("normal pgm end\n"); return (0); }
void mpseFree( void * pv ) { MPSE * p = (MPSE*)pv; switch( p->method ) { case MPSE_AC: if(p->obj)acsmFree(p->obj); free(p); return ; break; case MPSE_AUTO: case MPSE_MWM: if(p->obj)mwmFree( p->obj ); free( p ); break; case MPSE_KTBM: case MPSE_LOWMEM: return ; break; default: return ; break; } }
void mpseFree( void * pvoid ) { MPSE * p = (MPSE*)pvoid; if (p == NULL) return; switch( p->method ) { case MPSE_AC_BNFA: case MPSE_AC_BNFA_Q: if (p->obj) bnfaFree((bnfa_struct_t*)p->obj); free(p); return; case MPSE_AC: if (p->obj) acsmFree((ACSM_STRUCT *)p->obj); free(p); return; case MPSE_ACF: case MPSE_ACF_Q: case MPSE_ACS: case MPSE_ACB: case MPSE_ACSB: if (p->obj) acsmFree2((ACSM_STRUCT2 *)p->obj); free(p); return; case MPSE_LOWMEM: case MPSE_LOWMEM_Q: if (p->obj) KTrieDelete((KTRIE_STRUCT *)p->obj); free(p); return; #ifdef INTEL_SOFT_CPM case MPSE_INTEL_CPM: if (p->obj) IntelPmDelete((IntelPm *)p->obj); free(p); break; #endif default: return; } }
int main(int argc, char **argv) { int i, nocase = 0; FILE *fd; char filename[20]; ACSM_STRUCT * acsm; // if (argc < 3) // { // fprintf(stderr, "Usage: acsmx filename pattern1 pattern2 ... -nocase\n"); // exit(0); // } acsm = acsmNew(); strcpy_s(filename, "test.txt"); fd = fopen(filename, "r"); if (fd == NULL) { fprintf(stderr, "Open file error!\n"); exit(1); } for (i = 1; i < argc; i++) if (strcmp(argv[i], "-nocase") == 0) nocase = 1; char a[] = { "test" }; acsmAddPattern(acsm, (unsigned char *)a, strlen(a), nocase); /* Generate GtoTo Table and Fail Table */ acsmCompile(acsm); /*Search Pattern*/ while (fgets(( char*)text, MAXLEN, fd)) { acsmSearch(acsm, text, strlen((char*)text), PrintMatch); nline++; } PrintSummary(acsm->acsmPatterns); acsmFree(acsm); printf("\n### AC Match Finished ###\n"); system("pause"); return (0); }
void mpseFree( void * pvoid ) { MPSE * p = (MPSE*)pvoid; if (p == NULL) return; switch( p->method ) { case MPSE_AC_BNFA: if (p->obj) bnfaFree((bnfa_struct_t*)p->obj); free(p); return; case MPSE_AC: if (p->obj) acsmFree((ACSM_STRUCT *)p->obj); free(p); return; case MPSE_ACF: case MPSE_ACS: case MPSE_ACB: case MPSE_ACSB: if (p->obj) acsmFree2((ACSM_STRUCT2 *)p->obj); free(p); return; case MPSE_LOWMEM: if (p->obj) KTrieDelete((KTRIE_STRUCT *)p->obj); free(p); return; default: return; } }
int main (int argc, char **argv) { int i, nocase = 0; char filename[20]; ACSM_STRUCT * acsm; acsm = acsmNew (); memset(text,'a',200); strcat(text,"http"); strcat(text,"ut"); strcat(text,"get"); //nocase = 0; for(i=0;i<1;++i) acsmAddPattern (acsm, pro_patern[i], strlen (pro_patern[i]), nocase,1); /* Generate GtoTo Table and Fail Table */ acsmCompile (acsm); printf("--------------------------------\n"); int textlen=strlen (text); NS_TIME(time); NS_TIME_START(time); /*Search Pattern*/ //while ( fgets(text,MAXLEN,fd) ) //{ int n=10000; while(n>0) { n--; acsmSearch (acsm, text, textlen, PrintMatch); } // nline++; //} NS_TIME_END(time); //PrintSummary(acsm->acsmPatterns); ACSM_PATTERN * mlist = acsm->acsmPatterns; printf("\n### Summary ###\n"); for (;mlist!=NULL;mlist=mlist->next) { if(mlist->nocase) printf("%12s : %5d\n",mlist->patrn,mlist->nmatch); else printf("%12s : %5d\n",mlist->casepatrn,mlist->nmatch); mlist->nmatch=0; } mlist = acsm->acsmPatterns; for (;mlist!=NULL;mlist=mlist->next) { if(mlist->nocase) printf("%12s : %5d\n",mlist->patrn,mlist->nmatch); else printf("%12s : %5d\n",mlist->casepatrn,mlist->nmatch); mlist->nmatch=0; } acsmFree (acsm); printf ("\n### AC Match Finished ###\n"); // system("pause"); return (0); }
int main (int argc, char **argv) { int i; unsigned int total_len = 0; struct timeval begtime,endtime; FILE *sfd,*pfd; char sfilename[20] = "string"; char pfilename[20] = "pattern"; //=============================================== if (argc < 4) { fprintf (stderr,"Usage: acsmx stringfile patternfile ... -nocase\n"); exit (0); } strcpy (sfilename, argv[1]); sfd = fopen(sfilename,"r"); if(sfd == NULL) { fprintf(stderr,"Open file error!\n"); exit(1); } strcpy(pfilename,argv[2]); pfd = fopen(pfilename,"r"); if(sfd == NULL) { fprintf(stderr,"Open file error!\n"); exit(1); } thread_num = atoi(argv[3]); acsm = acsmNew (thread_num); //read patterns i = 0; while(fgets(pattern,MAXPATTERNLEN,pfd)) { int len = strlen(pattern); acsmAddPattern (acsm, pattern, len-1); i++; } fclose(pfd); printf("\n\nread %d patterns\n\n===============================",i); /* Generate GtoTo Table and Fail Table */ acsmCompile (acsm); //========================================================= /*read string*/ for(i = 0;i < MAXLINE;i++) { if(!fgets(text[i],MAXLEN,sfd)) break; total_len += strlen(text[i]) - 1; //ignore the last char '\n' } line = i; fclose(sfd); printf("\n\nreading finished...\n=============================\n\n"); printf("%d lines\t%d bytes",line,total_len); printf("\n\n=============================\n"); gettimeofday(&begtime,0); //create multi_thread thread_array = calloc(thread_num,sizeof(pthread_t)); valid_len_array = calloc(thread_num,sizeof(unsigned int)); pthread_barrier_init(&barrier_thread,NULL,thread_num); pthread_barrier_init(&barrier_validation,NULL,thread_num); for(i = 0;i < thread_num; i++) { pthread_create(&thread_array[i], NULL, SearchThread, (void*)i); } //=========================================================== int err; for(i = 0;i < thread_num;i++) { err = pthread_join(thread_array[i],NULL); if(err != 0) { printf("can not join with thread %d:%s\n", i,strerror(err)); } } gettimeofday(&endtime,0); PrintSummary(acsm); acsmFree (acsm); printf ("\n### AC Match Finished ###\n"); printf("\nTime Cost: %lu us\n\n",(endtime.tv_sec - begtime.tv_sec)*1000000 + (endtime.tv_usec - begtime.tv_usec)); printf ("\n====================================\n\n"); printf ("Validation Stage Len:\n\n"); for(i = 0;i < thread_num;i++) printf("rank%d\t%u\n",i,valid_len_array[i]); printf ("\n====================================\n\n"); free(thread_array); free(valid_len_array); pthread_barrier_destroy(&barrier_thread); pthread_barrier_destroy(&barrier_validation); return 0; }
void my_callback(u_char *useless,const struct pcap_pkthdr* pkthdr,const u_char* packet) { packet_num++; packet_len+=pkthdr->caplen; static int count = 0; //static int nn=0; static int i; static unsigned short eth_type; static int vlan_flag=0; //sem_getvalue(&shmp[i]->sem,&semnum); //printf("sem:%d\n",semnum); //usleep(1000); static int semnum; // sem_getvalue(&bin_sem,&semnum); // printf("sem:%d\n",semnum); //printf("mmmmmmmmmmmmmm\n"); if(exitflag) { /*for(i=0;i<snortnum;++i) { memcpy(shmp[i]->data[shmp[i]->tail],"########",strlen("########")); shmp[i]->tail=(shmp[i]->tail+1)%shmp[i]->looplen; my_lock_release(shmp[i]); } sleep(4); for(i=0;i<snortnum;++i) { destroy_loop(shmp[i]); DeleteShm(shmid[i]); }*/ for(i=0;i<PRO_MAX+2;++i) { printf("%s:%lld\n",pro_map[i],pronum[i]); } printf("losepacket=%lld\n",losepacket); //sem_post(&bin_sem); NS_TIME_END(time); speed1(NS_GET_TIMEP(time),packet_num,packet_len); printf("count=%d,\nfind_pro=%lld\n",count,find_pro); printf("exit\n"); del_HB(&hb); acsmFree (acsm); // exitflag=0; exit(0); } //return; mac=(struct ether_header*)packet; eth_type=ntohs(mac->ether_type); if((eth_type==0x8100)) { vlan_flag=1; //msg("W:****0X%04X\n",eth_type); eth_type=(packet[16])*256+packet[17]; } else vlan_flag=0; // msg("W:0X%04X\n",eth_type); if((eth_type!=0x0800))//不是ip数据报 return; if(vlan_flag) ip=(struct ip*)(packet+size_mac+4); else ip=(struct ip*)(packet+size_mac); /*char ipdotdecs[20]={0}; char ipdotdecc[20]={0}; inet_ntop(AF_INET,(void*)&(ip->ip_src),ipdotdecs,16); inet_ntop(AF_INET,(void*)&(ip->ip_dst),ipdotdecc,16);*/ //printf("%s-->%s: len:%d\n",ipdotdecs,ipdotdecc,pkthdr->caplen); if((ip->ip_p==6))//tcp { // msg("EIStcp\n"); //tcp=(struct fniff_tcp*)(packet+size_mac+size_ip); tcp=(struct fniff_tcp*)((char*)ip+size_ip); sd.b_ip=(ip->ip_src.s_addr); sd.l_ip=(ip->ip_dst.s_addr); if(sd.b_ip>sd.l_ip) { sd.b_port=ntohs(tcp->th_sport); sd.l_port=ntohs(tcp->th_dport); } else { sd.b_ip^=sd.l_ip; sd.l_ip^=sd.b_ip; sd.b_ip^=sd.l_ip; sd.b_port=ntohs(tcp->th_dport); sd.l_port=ntohs(tcp->th_sport); } hash=hash_HB(sd.b_ip,sd.b_port,sd.l_ip,sd.l_port); tcplen=ntohs(ip->ip_len)-(ip->ip_hl*4)-(tcp->th_off*4); // msg("EIStcp11111111111\n"); // printf("ntohs(ip->ip_len)=%d\n",ntohs(ip->ip_len)+14); // packet.tcp_URG=tcp->th_flags&TH_URG; ack=tcp->th_flags&TH_ACK; // packet.tcp_PSH=tcp->th_flags&TH_PUSH; rst=tcp->th_flags&TH_RST; syn=tcp->th_flags&TH_SYN; fin=tcp->th_flags&TH_FIN; datalen=pkthdr->caplen; ptcp=(unsigned char*)tcp+(tcp->th_off*4); temp=find_node(hb[hash].virtual_sn,&sd); if(temp==NULL&&syn&&!ack&&tcplen==0)//not find { //msg("E no\n"); SN* q=get_node(); q->sdipport=sd; q->state=1; insert_node(&(hb[hash].virtual_sn),q); hb[hash].virtual_sn_num++; //msg("**********=%ld\n",hb[hash].virtual_sn_num); #if 0 if(sd.b_port==21||sd.l_port==21) { q->state=10; pronum[FTP]++; } else if(sd.b_port==80||sd.l_port==80) { q->state=10; pronum[HTTP]++; } memcpy(fortest,packet,pkthdr->caplen); #endif } else if(temp!=NULL) { // printf("state:%d\n",temp->state); if((temp->state==1)&&syn&&ack&&(tcplen==0)) { //msg("W:my ooooooooooooooooooo\n"); temp->state=2; } else if(temp->state==2&&ack&&!syn&&tcplen==0) { temp->state=3; //msg("W:its ===============================static\n"); //msg("W:my hash:%u\n",hash); } else if(temp->state>=3&&temp->state<9) { //if(tcplen==0) // return; //msg("W:my hash:%u\n",hash); //msg("+++++\n"); //msg("ttttttttttttt\n"); p=get_BC_node(); //msg("mmmmmmmmm\n"); if(p==NULL) {msg("EISget bc node error\n");exit(0);} p->datalen=pkthdr->caplen; p->tcplen=tcplen; //msg("tcplen=%d,pkthdr->caplen=%d\n",tcplen,pkthdr->caplen); if(tcplen<0) { msg("EIS tcp<0\n"); exit(0); } p->next=NULL; memcpy(p->buf,packet,pkthdr->caplen); p->ptcp=(unsigned char*)(p->buf)+(tcp->th_off*4)+((unsigned char*)tcp-(unsigned char*)mac);//ptcp; temp->tcp_content_len+=tcplen; if(temp->bc_head==NULL) { temp->bc_head=temp->bc_tail=p; } else { temp->bc_tail->next=p; temp->bc_tail=p; } temp->state++; if((temp->state==9)||rst||fin||(temp->tcp_content_len>150)) { //msg("EIS static\n"); #if 0 p=temp->bc_head; while(p!=NULL) { if(p->tcplen!=0) acsmSearch(acsm,p->ptcp,p->tcplen,PrintMatch); p=p->next; } #else acSearch(acsm,temp->bc_head); acSearch(acsm,temp->bc_head); #endif i=getSummary(acsm->acsmPatterns,feature_num); pronum[i]++; temp->proto=i; if(rst||fin) { temp->state=10; resume_BC_node(temp->bc_head); resume_node(temp); hb[hash].virtual_sn_num--; //msg("*********=%ld\n",hb[hash].virtual_sn_num); if(hb[hash].virtual_sn_num==0) hb[hash].virtual_sn=NULL; return; } temp->state=10; resume_BC_node(temp->bc_head); temp->bc_head=NULL; temp->bc_tail=NULL; } } else if(temp->state>=10) { if(rst||fin) { //resume_node(temp); move_node(&(hb[hash].virtual_sn),temp); hb[hash].virtual_sn_num--; //msg("**************=%ld\n",hb[hash].virtual_sn_num); if(hb[hash].virtual_sn_num==0) hb[hash].virtual_sn=NULL; return; } } else { msg("ggggggggggg\n"); } } }//tcp else if(ip->ip_p==1)//icmp { //printf("2222\n"); //static char pro_map[PRO_MAX+2][20]={"HTTP","FTP","POP3","SMTP","UNKOWN","UDP","ICMP"}; pronum[PRO_MAX+1]++; } else if(ip->ip_p==17)//udp { //printf("1111111\n"); pronum[PRO_MAX]++; } else { printf("no\n"); } }