int PCRESetup(Rule *rule, PCREInfo *pcreInfo)
{
const char *error;
int erroffset;
pcreInfo->compiled_expr = (void *)pcre_compile(pcreInfo->expr,
pcreInfo->compile_flags,
&error,
&erroffset,
NULL);
if (!pcreInfo->compiled_expr)
{
/* error doing compilation. */
_ded.errMsg("Failed to compile PCRE in dynamic rule [%d:%d]\n",
rule->info.genID, rule->info.sigID);
return -1;
}
else
{
pcreInfo->compiled_extra = (void *)pcre_study(pcreInfo->compiled_expr, 0, &error);
}
if (error)
{
/* error doing study. */
_ded.errMsg("Failed to study PCRE in dynamic rule [%d:%d]\n",
rule->info.genID, rule->info.sigID);
return -1;
}
return 0;
}
/* Evaluates the rule -- indirect interface, this will be
* called from the SpecialPurpose detection plugin as
* CheckRule (void *, void *);
*/
static int CheckRule(void *p, void *r)
{
Rule *rule = (Rule *)r;
if (!rule->initialized)
{
_ded.errMsg("Dynamic Rule [%d:%d] was not initialized properly.\n",
rule->info.genID, rule->info.sigID);
return RULE_NOMATCH;
}
ContentSetup();
/* If there is an eval func, use it, this is a 'hand-coded' rule */
if (rule->evalFunc)
return rule->evalFunc((SFSnortPacket *)p);
else
return ruleMatch(p, rule);
}
/*
* Initialize Boyer-Moore-Horspool data for single pattern comparisons
*
* returns: 0 -> success
* !0 -> error,failed
*/
int BoyerContentSetup(Rule *rule, ContentInfo *content)
{
/* XXX: need to precompile the B-M stuff */
if( !content->patternByteForm || !content->patternByteFormLength )
return 0;
content->boyer_ptr = hbm_prep(content->patternByteForm,
content->patternByteFormLength,
content->flags & CONTENT_NOCASE);
if( !content->boyer_ptr )
{
/* error doing compilation. */
_ded.errMsg("Failed to setup pattern match for dynamic rule [%d:%d]\n",
rule->info.genID, rule->info.sigID);
return -1;
}
return 0;
}