void codegen_select(tree *expr) { switch (state.class) { case PROC_CLASS_EEPROM8: case PROC_CLASS_GENERIC: case PROC_CLASS_PIC12: case PROC_CLASS_SX: analyze_error(expr, "unsupported processor class"); break; case PROC_CLASS_PIC14: func_ptr = &codegen14_func; state.pointer_size = size_uint8; break; case PROC_CLASS_PIC16: analyze_error(expr, "unsupported processor class"); break; case PROC_CLASS_PIC16E: func_ptr = &codegen16e_func; state.pointer_size = size_uint16; break; default: assert(0); } }
static void gen_expr(tree *expr) { struct variable *var; switch(expr->tag) { case node_arg: var = get_global(ARG_NAME(expr)); codegen_load_file(expr, var); break; case node_call: analyze_call(expr, true, codegen_size); break; case node_constant: LOAD_CONSTANT(expr->value.constant, codegen_size); break; case node_symbol: var = get_global(SYM_NAME(expr)); if (var->tag == sym_const) { LOAD_CONSTANT(var->value, codegen_size); } else { codegen_load_file(expr, var); } break; case node_unop: gen_unop_expr(expr); break; case node_binop: if (expr->value.binop.op == op_assign) { analyze_error(expr, "assign operator = should be equal operator =="); } else if ((expr->value.binop.op == op_lsh) || (expr->value.binop.op == op_rsh)) { /* for shifts it is best to calculate the left side first */ gen_binop_expr(expr->value.binop.op, expr->value.binop.p1, expr->value.binop.p0); } else { /* for all others calculate the right side first */ gen_binop_expr(expr->value.binop.op, expr->value.binop.p0, expr->value.binop.p1); } break; default: assert(0); } }
static void codegen_load_file(tree *symbol, struct variable *var) { int offset; int element_size; if ((symbol->tag == node_symbol) && (SYM_OFST(symbol))) { /* access an array */ element_size = type_size(var->type->prim); if ((var) && (var->type) && (var->type->tag == type_array)) { if (can_evaluate(SYM_OFST(symbol), false)) { /* direct access */ offset = analyze_check_array(symbol, var) * element_size; if (is_far(var)) { LOAD_FILE(var->name, codegen_size, offset, true); } else { LOAD_FILE(var->name, codegen_size, offset, false); } } else { codegen_indirect(SYM_OFST(symbol), var, element_size, false); if (is_far(var)) { LOAD_INDIRECT(var->name, codegen_size, 0, true); } else { LOAD_INDIRECT(var->name, codegen_size, 0, false); } } } else { analyze_error(symbol, "symbol %s is not an array", SYM_NAME(symbol)); } } else { if (is_far(var)) { LOAD_FILE(var->name, codegen_size, 0, true); } else { LOAD_FILE(var->name, codegen_size, 0, false); } } return; }
void traffic_pattern_match_packet_user(t_session *s, t_pkt *p) { int buflen = 0; int buflen_base = 0; ///!<used to keep buflen befors rule alteration int rc, nummatch; int i = 0; char *bufc = p->payload; char *buf = p->payload; t_traffic_user *t = NULL; t_user *user = NULL; int ovector[150]; ///!<allows 50 substring matches (including the overall match) _u8 phase = 0; _u8 stream = 0; //add check here assert(s); assert(p); assert(s->proto > 0); assert(p->payload_len); //tuning inspection size if (tuning.patternrestrictlen && p->payload_len > tuning.patternrestrictlen) buflen = tuning.patternrestrictlen; else buflen = p->payload_len; //saving original size buflen_base = buflen; //we are client style : ip src, port dst if(option.debug == 24) printf("doing user pattern matching on session %lld pkt %d for len %d\n", s->id, s->nb_pkt_in + s->nb_pkt_out, buflen); //use the phase detection luke if(p->ip->src == s->src) { stream = HOST_FROM; if (p->phase_client == CONTROL_PHASE) { t = user_patterns; phase = CONTROL_PHASE; } else if (p->phase_client == DATA_PHASE && (s->file_client_last_pkt_num < tuning.contentpktnum || tuning.contentpktnum == 0)) { t= duser_patterns; phase = DATA_PHASE; } } else { stream = HOST_TO; if (p->phase_server == CONTROL_PHASE) { t = user_patterns; phase = CONTROL_PHASE; } else if (p->phase_server == DATA_PHASE && (s->file_client_last_pkt_num < tuning.contentpktnum || tuning.contentpktnum == 0)) { t= duser_patterns; phase = DATA_PHASE; } } while (t != NULL) { assert(t->common); assert(t->common->regex_compiled); i++; //restoring bufc = p->payload; buf = p->payload; buflen = buflen_base; //pattern restriction according to rules options //start offset if((t->common->offset <= buflen) && (t->common->offset != 0)) { bufc = (bufc + t->common->offset); buf = bufc; buflen -= t->common->offset; } //restrict depth if possible if ((buflen > t->common->depth) && (t->common->depth != 0)) buflen = t->common->depth; nummatch = pcre_exec(t->common->regex_compiled, t->common->regex_extra, bufc, buflen, 0, 0, ovector, sizeof(ovector) / sizeof(*ovector)); if (nummatch < 0) { #ifdef PCRE_ERROR_MATCHLIMIT // earlier PCRE versions lack this if (nummatch == PCRE_ERROR_MATCHLIMIT) { if (option.debug == 24) printf("Warning: Hit PCRE_ERROR_MATCHLIMIT when probing for service %s with the regex '%s'", t->common->servicename, t->common->matchstr); } //else #endif // PCRE_ERROR_MATCHLIMIT } else { if(option.debug == 24) printf("User match for session %lld : proto %s\n",s->id, t->common->servicename); // Yeah! Match apparently succeeded. user = (t_user *)malloc(sizeof(t_user)); bzero(user, sizeof(t_user)); strncpy(user->protocol, t->common->servicename, sizeof(user->protocol)); if(p->ip) user->ip = p->ip->src; // Now lets get captured variable if(t->familly_template != NULL) { rc = dotmplsubst(buf, buflen, ovector, nummatch, t->familly_template, user->familly, sizeof(user->familly)); if (rc != 0) warning("Warning: User pattern matching failed to fill familly_template (subjectlen: %d). Too long? Match string was line: v/%s/%s/", buf, (t->familly_template)? t->familly_template : "", (t->login_template)? t->login_template : ""); } if(t->login_template != NULL) { rc = dotmplsubst(buf, buflen, ovector, nummatch, t->login_template, user->login, sizeof(user->login)); if (rc != 0) warning("Warning: User pattern matching failed to fill login_template (subjectlen: %d). Too long? Match string was line: v/%s/%s/", buf, (t->familly_template)? t->familly_template : "", (t->login_template)? t->login_template : ""); } if(t->additionnal_template != NULL) { rc = dotmplsubst(buf, buflen, ovector, nummatch, t->additionnal_template, user->additionnal, sizeof(user->additionnal)); if (rc != 0) warning("Warning: User pattern matching failed to fill additionnal_template (subjectlen: %d). Too long? Match string was line: v/%s/%s/", buf, (t->familly_template)? t->familly_template : "", (t->login_template)? t->login_template : ""); } if(t->pass_template != NULL) { rc = dotmplsubst(buf, buflen, ovector, nummatch, t->pass_template, user->pass, sizeof(user->pass)); if (rc != 0) warning("Warning: User pattern matching failed to fill additionnal_template (subjectlen: %d). Too long? Match string was line: v/%s/%s/", buf, (t->familly_template)? t->familly_template : "", (t->login_template)? t->login_template : ""); } if(t->algorithm_template != NULL) { rc = dotmplsubst(buf, buflen, ovector, nummatch, t->algorithm_template, user->algorithm, sizeof(user->algorithm)); if (rc != 0) warning("Warning: User pattern matching failed to fill algorithm_template (subjectlen: %d). Too long? Match string was line: v/%s/%s/", buf, (t->familly_template)? t->familly_template : "", (t->login_template)? t->login_template : ""); } if(t->origin_template != NULL) { rc = dotmplsubst(buf, buflen, ovector, nummatch, t->origin_template, user->origin, sizeof(user->origin)); if (rc != 0) warning("Warning: User pattern matching failed to fill origin_template (subjectlen: %d). Too long? Match string was line: v/%s/%s/", buf, (t->familly_template)? t->familly_template : "", (t->login_template)? t->login_template : ""); } //nature of the file user->nature = t->nature; //adding it to user hashtable if needed if (analyze_user(user)) { //adding it to session if needed pthread_mutex_lock(&mutex.hashsession); if(s->last_user) s->last_user->next = user; else s->user = user; s->last_user = user; pthread_mutex_unlock(&mutex.hashsession); } if (analyze.error && t->common->event_type == TYPE_ERROR) analyze_error(s, p, s->id, 0, p->ip->src, TYPE_ERROR, '4', t->common->class_shortname, t->common->event_name, t->common->event_nature, t->common->event_details, t->common->event_target, s->last_time, s->last_time_usec); if (analyze.event && t->common->event_type == TYPE_EVENT) analyze_error(s, p, s->id, 0, p->ip->src, TYPE_EVENT, '4', t->common->class_shortname, t->common->event_name, t->common->event_nature, t->common->event_details, t->common->event_target, s->last_time, s->last_time_usec); //stating l4 if(t->common->type) traffic_analyze_stat(s, p, stream, t->common->type); //phase feedback if(t->common->next_phase) traffic_phase_feedback(s, p, t->common->next_phase); //Dynamic content protocol detection signature feedback if(strncmp(t->common->servicename, "n/a",3) != 0) detection_protocol_pattern(s, p, t->common->servicename, t->common->confidence); if(need_to_return(t->common->policy)) return; } t = t->next; } }