struct Banner1 * banner1_create(void) { struct Banner1 *b; unsigned i; b = (struct Banner1 *)malloc(sizeof(*b)); memset(b, 0, sizeof(*b)); /* * These patterns match the start of the TCP stream */ b->smack = smack_create("banner1", SMACK_CASE_INSENSITIVE); for (i=0; patterns[i].pattern; i++) smack_add_pattern( b->smack, patterns[i].pattern, patterns[i].pattern_length, patterns[i].id, patterns[i].is_anchored); smack_compile(b->smack); banner_http.init(b); return b; }
void cfg_parser_init(void) { size_t i; statement_names = smack_create("confload", SMACK_CASE_SENSITIVE); for (i=0; tokens[i].name; i++) { smack_add_pattern( statement_names, tokens[i].name, (unsigned)strlen(tokens[i].name) + 1, tokens[i].id, SMACK_ANCHOR_BEGIN ); } for (i=0; tsigkeys[i].name; i++) { char *foo; size_t len; smack_add_pattern( statement_names, tsigkeys[i].name, (unsigned)strlen(tsigkeys[i].name) + 1, tsigkeys[i].id, SMACK_ANCHOR_BEGIN ); /* for truncation, where an algorithm might * appear as "hmac-md5-80" instead of simply * "hmac-md5" */ len = strlen(tsigkeys[i].name); foo = malloc(len + 2); memcpy(foo, tsigkeys[i].name, len+1); foo[len] = '-'; foo[len+1] = '\0'; smack_add_pattern( statement_names, foo, (unsigned)len, tsigkeys[i].id, SMACK_ANCHOR_BEGIN ); free(foo); } smack_compile(statement_names); }
/*************************************************************************** * Create the --banners systems ***************************************************************************/ struct Banner1 * banner1_create(void) { struct Banner1 *b; unsigned i; b = (struct Banner1 *)malloc(sizeof(*b)); if (b == NULL) exit(1); memset(b, 0, sizeof(*b)); /* * These patterns match the start of the TCP stream */ b->smack = smack_create("banner1", SMACK_CASE_INSENSITIVE); for (i=0; patterns[i].pattern; i++) smack_add_pattern( b->smack, patterns[i].pattern, patterns[i].pattern_length, i, patterns[i].is_anchored); smack_compile(b->smack); banner_http.init(b); b->tcp_payloads[80] = &banner_http; b->tcp_payloads[8080] = &banner_http; b->tcp_payloads[443] = (void*)&banner_ssl; /* HTTP/s */ b->tcp_payloads[465] = (void*)&banner_ssl; /* SMTP/s */ b->tcp_payloads[990] = (void*)&banner_ssl; /* FTP/s */ b->tcp_payloads[991] = (void*)&banner_ssl; b->tcp_payloads[992] = (void*)&banner_ssl; /* Telnet/s */ b->tcp_payloads[993] = (void*)&banner_ssl; /* IMAP4/s */ b->tcp_payloads[994] = (void*)&banner_ssl; b->tcp_payloads[995] = (void*)&banner_ssl; /* POP3/s */ b->tcp_payloads[2083] = (void*)&banner_ssl; /* cPanel - SSL */ b->tcp_payloads[2087] = (void*)&banner_ssl; /* WHM - SSL */ b->tcp_payloads[2096] = (void*)&banner_ssl; /* cPanel webmail - SSL */ b->tcp_payloads[8443] = (void*)&banner_ssl; /* Plesk Control Panel - SSL */ b->tcp_payloads[9050] = (void*)&banner_ssl; /* Tor */ b->tcp_payloads[8140] = (void*)&banner_ssl; /* puppet */ return b; }
int main(int argc, char *argv[]) { printf("---- SMACK/2 - benchmark program ----\n"); { char dir[512]; char *p = getcwd(dir, sizeof(dir)); if (p == NULL) perror("getcwd"); else printf("directory = %s\n", p); } #if WIN32 { SetProcessAffinityMask(NULL, 1); SetPriorityClass(NULL, REALTIME_PRIORITY_CLASS); } #endif #ifdef __linux__ { cpu_set_t mask; int status; CPU_ZERO(&mask); CPU_SET(1, &mask); status = sched_setaffinity(0, sizeof(mask), &mask); if (status != 0) { perror("sched_setaffinity"); } } #endif /* * Print cpu info */ { char vendor[16]; char brand[64]; struct CpuInfo info; pixie_cpu_vendor(vendor); pixie_cpu_brand(brand); pixie_cpu_info(&info); printf("CPU width = %u-bits\n", (unsigned)sizeof(void*)*8); printf("CPU vendor = \"%s\"\n", vendor); printf("CPU brand = \"%s\"\n", brand); printf("CPU codename = \"%s\" (0x%X" "x)\n", info.codename, info.codenumber); printf("CPU info = type(%u) family(%u) model(%u) stepping(%u)\n", info.type, info.family, info.model, info.stepping); printf("\n"); } /* * First, do a unit-test. If the unit-test fails, then it's pointless * continueing with the benchmarks */ if (smack_selftest() != 0) { printf("selftest failed\n"); return 1; } /* * Print help if user is confused */ if (0 && ( argc <= 1 || get_parm("--help", argc, argv) || get_parm("-h", argc, argv) || get_parm("-?", argc, argv))) { printf("usage:\n" " smack2 --benchmark\n" " smack2 --haystack kingjames.txt --needle pharoah\n" " smack2 --haystack kingjames.txt --needles patterns.txt\n" ); return 1; } if (get_parm("--haystack", argc, argv)) { if (!get_parm("--needles", argc, argv) && !get_parm("--needle", argc, argv)) { printf("FAIL: need to specify patterns to search for\n"); printf(" hint: use \"--needles <file>\" to read patterns from file\n"); printf(" hint: use \"--needle <pattern\" to specify one or more patterns\n"); return 1; } } /* * If doing simple benchmarks, do them first */ if (get_parm("--benchmark", argc, argv) || argc <= 1) { printf("--- low-level benchmarks ---\n"); bench_c_ptr(); bench_c_idx(0); bench_asm_ptr(); //bench_asm_ptr2(); bench_asm_idx(); printf("\n"); smack_benchmark(); } if (!get_parm("--haystack", argc, argv)) return 0; /* * Look in file for patterns */ { const char *filename = get_parm("--haystack", argc, argv); char *buf; size_t sizeof_buf; struct stat s; int x; struct SMACK *smack; int i; fprintf(stderr, "haystack file = %s\n", filename); /* * Find file size */ x = stat(filename, &s); if (x != 0) { perror(filename); return 1; } sizeof_buf = s.st_size; /* * Allocate memory */ buf = (char*)malloc(sizeof_buf); if (buf == 0) { fprintf(stderr, "Could not allocate %u bytes for buffer\n", (unsigned)sizeof_buf); return 1; } /* * Read in the file */ { FILE *fp; size_t bytes_read; fp = fopen(filename, "rb"); if (fp == NULL) { perror(filename); return 1; } bytes_read = fread(buf, 1, sizeof_buf, fp); if (bytes_read == 0) { perror(filename); return 1; } if (bytes_read < sizeof_buf) { fprintf(stderr, "ERROR: could not read entire file\n"); fprintf(stderr, "wanted %u bytes, read %u bytes\n", (unsigned)sizeof_buf, (unsigned)bytes_read); sizeof_buf = bytes_read; } fclose(fp); fprintf(stderr, "file-size = %u\n", (unsigned)sizeof_buf); } /* * Build the smack object */ smack = smack_create("haystack", SMACK_CASE_INSENSITIVE); if (smack == 0) { fprintf(stderr, "FAIL: couldn't create test object\n"); return 1; } /* * Add patterns */ for (i=1; i<argc; i++) { if (strcmp(argv[i], "--needle") == 0) { const char *pattern = argv[i+1]; if (i+1 >= argc) { fprintf(stderr, "FAIL: expected value to parm\n"); return 1; } smack_add_pattern(smack, pattern, strlen(pattern), 1, 0); } if (strcmp(argv[i], "--needles") == 0) { const char *patterns = argv[i+1]; FILE *fp; char line[80]; if (i+1 >= argc) { fprintf(stderr, "FAIL: expected value to parm\n"); return 1; } fp = fopen(patterns, "rt"); if (fp == NULL) { perror(patterns); return 1; } while (fgets(line, sizeof(line), fp)) { /* strip whitespace */ while (line[0] && isspace(line[0]&0xFF)) memmove(line, line+1, strlen(line)); while (line[0] && isspace(line[strlen(line)-1]&0xFF)) line[strlen(line)-1] = '\0'; if (line[0] == '\0' || ispunct(line[0]&0xFF)) continue; smack_add_pattern(smack, line, strlen(line), 1, 0); } } } if (smack_count_patterns(smack) == 0) { fprintf(stderr, "FAIL: no patterns found\n"); return 1; } else { fprintf(stderr, "needles = %u patterns\n", smack_count_patterns(smack)); } smack_compile(smack); /* * Do the benchmark */ do_haystack(smack, buf, sizeof_buf, 10); } return 0; }
/*************************************************************************** * Create the --banners systems ***************************************************************************/ struct Banner1 * banner1_create(void) { struct Banner1 *b; unsigned i; b = (struct Banner1 *)malloc(sizeof(*b)); if (b == NULL) exit(1); memset(b, 0, sizeof(*b)); /* * This creates a pattern-matching blob for heuristically determining * a protocol that runs on wrong ports, such as how FTP servers * often respond with "220 " or VNC servers respond with "RFB". */ b->smack = smack_create("banner1", SMACK_CASE_INSENSITIVE); for (i=0; patterns[i].pattern; i++) smack_add_pattern( b->smack, patterns[i].pattern, patterns[i].pattern_length, i, patterns[i].is_anchored); smack_compile(b->smack); /* * This goes down the list of all the TCP protocol handlers and initializes * them. */ banner_ftp.init(b); banner_http.init(b); banner_imap4.init(b); banner_memcached.init(b); banner_pop3.init(b); banner_smtp.init(b); banner_ssh.init(b); banner_ssl.init(b); banner_vnc.init(b); b->tcp_payloads[80] = &banner_http; b->tcp_payloads[8080] = &banner_http; b->tcp_payloads[443] = (void*)&banner_ssl; /* HTTP/s */ b->tcp_payloads[465] = (void*)&banner_ssl; /* SMTP/s */ b->tcp_payloads[990] = (void*)&banner_ssl; /* FTP/s */ b->tcp_payloads[991] = (void*)&banner_ssl; b->tcp_payloads[992] = (void*)&banner_ssl; /* Telnet/s */ b->tcp_payloads[993] = (void*)&banner_ssl; /* IMAP4/s */ b->tcp_payloads[994] = (void*)&banner_ssl; b->tcp_payloads[995] = (void*)&banner_ssl; /* POP3/s */ b->tcp_payloads[2083] = (void*)&banner_ssl; /* cPanel - SSL */ b->tcp_payloads[2087] = (void*)&banner_ssl; /* WHM - SSL */ b->tcp_payloads[2096] = (void*)&banner_ssl; /* cPanel webmail - SSL */ b->tcp_payloads[8443] = (void*)&banner_ssl; /* Plesk Control Panel - SSL */ b->tcp_payloads[9050] = (void*)&banner_ssl; /* Tor */ b->tcp_payloads[8140] = (void*)&banner_ssl; /* puppet */ b->tcp_payloads[11211] = (void*)&banner_memcached; return b; }