示例#1
0
int PCRESetup(Rule *rule, PCREInfo *pcreInfo)
{
    const char *error;
    int erroffset;

    pcreInfo->compiled_expr = (void *)pcre_compile(pcreInfo->expr,
                                                    pcreInfo->compile_flags,
                                                    &error,
                                                    &erroffset,
                                                    NULL);

    if (!pcreInfo->compiled_expr)
    {
        /* error doing compilation. */
        _ded.errMsg("Failed to compile PCRE in dynamic rule [%d:%d]\n",
            rule->info.genID, rule->info.sigID);
        return -1;
    }
    else
    {
        pcreInfo->compiled_extra = (void *)pcre_study(pcreInfo->compiled_expr, 0, &error);
    }

    if (error)
    {
        /* error doing study. */
        _ded.errMsg("Failed to study PCRE in dynamic rule [%d:%d]\n",
            rule->info.genID, rule->info.sigID);
        return -1;
    }

    return 0;
}
/* Evaluates the rule -- indirect interface, this will be
 * called from the SpecialPurpose detection plugin as
 * CheckRule (void *, void *);
 */
static int CheckRule(void *p, void *r)
{
    Rule *rule = (Rule *)r;
    if (!rule->initialized)
    {
        _ded.errMsg("Dynamic Rule [%d:%d] was not initialized properly.\n",
            rule->info.genID, rule->info.sigID);
        return RULE_NOMATCH;
    }

    ContentSetup();

    /* If there is an eval func, use it, this is a 'hand-coded' rule */
    if (rule->evalFunc)
        return rule->evalFunc((SFSnortPacket *)p);
    else
        return ruleMatch(p, rule);
}
/*
 *  Initialize Boyer-Moore-Horspool data for single pattern comparisons
 *
 *  returns: 0  -> success
 *           !0 -> error,failed
 */
int BoyerContentSetup(Rule *rule, ContentInfo *content)
{
    /* XXX: need to precompile the B-M stuff */
    
    if( !content->patternByteForm || !content->patternByteFormLength )
        return 0;
    
    content->boyer_ptr = hbm_prep(content->patternByteForm,
        content->patternByteFormLength, 
        content->flags & CONTENT_NOCASE);
    
    if( !content->boyer_ptr )
    {
        /* error doing compilation. */
        _ded.errMsg("Failed to setup pattern match for dynamic rule [%d:%d]\n",
            rule->info.genID, rule->info.sigID);
        return -1;
    }

    return 0;
}