diff options
Diffstat (limited to 'src/util-mpm.h')
| -rw-r--r-- | src/util-mpm.h | 201 |
1 files changed, 201 insertions, 0 deletions
diff --git a/src/util-mpm.h b/src/util-mpm.h new file mode 100644 index 0000000..4ddd4de --- /dev/null +++ b/src/util-mpm.h @@ -0,0 +1,201 @@ +/* Copyright (C) 2007-2014 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +/** + * \file + * + * \author Victor Julien <victor@inliniac.net> + */ + +#ifndef __UTIL_MPM_H__ +#define __UTIL_MPM_H__ + +#include "app-layer-protos.h" +#include "util-prefilter.h" + +#define MPM_INIT_HASH_SIZE 65536 + +enum { + MPM_NOTSET = 0, + + /* aho-corasick */ + MPM_AC, + MPM_AC_BS, + MPM_AC_KS, + MPM_HS, + /* table size */ + MPM_TABLE_SIZE, +}; + +/* Internal Pattern Index: 0 to pattern_cnt-1 */ +typedef uint32_t MpmPatternIndex; + +typedef struct MpmThreadCtx_ { + void *ctx; + + uint32_t memory_cnt; + uint32_t memory_size; + +} MpmThreadCtx; + +typedef struct MpmPattern_ { + /* length of the pattern */ + uint16_t len; + /* flags describing the pattern */ + uint8_t flags; + + /* offset into the buffer where match may start */ + uint16_t offset; + + /* offset into the buffer before which match much complete */ + uint16_t depth; + + /* holds the original pattern that was added */ + uint8_t *original_pat; + /* case sensitive */ + uint8_t *cs; + /* case insensitive */ + uint8_t *ci; + /* pattern id */ + uint32_t id; + + /* sid(s) for this pattern */ + uint32_t sids_size; + SigIntId *sids; + + struct MpmPattern_ *next; +} MpmPattern; + +/* Indicates if this a global mpm_ctx. Global mpm_ctx is the one that + * is instantiated when we use "single". Non-global is "full", i.e. + * one per sgh. */ +#define MPMCTX_FLAGS_GLOBAL BIT_U8(0) +#define MPMCTX_FLAGS_NODEPTH BIT_U8(1) + +typedef struct MpmCtx_ { + void *ctx; + uint8_t mpm_type; + + uint8_t flags; + + uint16_t maxdepth; + + /* unique patterns */ + uint32_t pattern_cnt; + + uint16_t minlen; + uint16_t maxlen; + + uint32_t memory_cnt; + uint32_t memory_size; + + uint32_t max_pat_id; + + /* hash used during ctx initialization */ + MpmPattern **init_hash; +} MpmCtx; + +/* if we want to retrieve an unique mpm context from the mpm context factory + * we should supply this as the key */ +#define MPM_CTX_FACTORY_UNIQUE_CONTEXT -1 + +typedef struct MpmCtxFactoryItem { + const char *name; + MpmCtx *mpm_ctx_ts; + MpmCtx *mpm_ctx_tc; + int32_t id; + int32_t sm_list; + AppProto alproto; /**< ALPROTO_UNKNOWN is not an app item */ + struct MpmCtxFactoryItem *next; +} MpmCtxFactoryItem; + +typedef struct MpmCtxFactoryContainer_ { + MpmCtxFactoryItem *items; + int32_t no_of_items; + int32_t max_id; +} MpmCtxFactoryContainer; + +/** pattern is case insensitive */ +#define MPM_PATTERN_FLAG_NOCASE 0x01 +/** pattern has a depth setting */ +#define MPM_PATTERN_FLAG_DEPTH 0x04 +/** pattern has an offset setting */ +#define MPM_PATTERN_FLAG_OFFSET 0x08 +/** the ctx uses it's own internal id instead of + * what is passed through the API */ +#define MPM_PATTERN_CTX_OWNS_ID 0x20 + +typedef struct MpmTableElmt_ { + const char *name; + void (*InitCtx)(struct MpmCtx_ *); + void (*InitThreadCtx)(struct MpmCtx_ *, struct MpmThreadCtx_ *); + void (*DestroyCtx)(struct MpmCtx_ *); + void (*DestroyThreadCtx)(struct MpmCtx_ *, struct MpmThreadCtx_ *); + + /** function pointers for adding patterns to the mpm ctx. + * + * \param mpm_ctx Mpm context to add the pattern to + * \param pattern pointer to the pattern + * \param pattern_len length of the pattern in bytes + * \param offset pattern offset setting + * \param depth pattern depth setting + * \param pid pattern id + * \param sid signature _internal_ id + * \param flags pattern flags + */ + int (*AddPattern)(struct MpmCtx_ *, uint8_t *, uint16_t, uint16_t, uint16_t, uint32_t, SigIntId, uint8_t); + int (*AddPatternNocase)(struct MpmCtx_ *, uint8_t *, uint16_t, uint16_t, uint16_t, uint32_t, SigIntId, uint8_t); + int (*Prepare)(struct MpmCtx_ *); + uint32_t (*Search)(const struct MpmCtx_ *, struct MpmThreadCtx_ *, PrefilterRuleStore *, const uint8_t *, uint32_t); + void (*PrintCtx)(struct MpmCtx_ *); + void (*PrintThreadCtx)(struct MpmThreadCtx_ *); + void (*RegisterUnittests)(void); + uint8_t flags; +} MpmTableElmt; + +extern MpmTableElmt mpm_table[MPM_TABLE_SIZE]; +extern uint8_t mpm_default_matcher; + +struct DetectEngineCtx_; + +int32_t MpmFactoryRegisterMpmCtxProfile( + struct DetectEngineCtx_ *, const char *, const int, const AppProto); +void MpmFactoryReClaimMpmCtx(const struct DetectEngineCtx_ *, MpmCtx *); +MpmCtx *MpmFactoryGetMpmCtxForProfile(const struct DetectEngineCtx_ *, int32_t, int); +void MpmFactoryDeRegisterAllMpmCtxProfiles(struct DetectEngineCtx_ *); +int32_t MpmFactoryIsMpmCtxAvailable(const struct DetectEngineCtx_ *, const MpmCtx *); + +void MpmTableSetup(void); +void MpmRegisterTests(void); + +void MpmInitCtx(MpmCtx *mpm_ctx, uint8_t matcher); +void MpmInitThreadCtx(MpmThreadCtx *mpm_thread_ctx, uint16_t); + +int MpmAddPatternCS(struct MpmCtx_ *mpm_ctx, uint8_t *pat, uint16_t patlen, + uint16_t offset, uint16_t depth, + uint32_t pid, SigIntId sid, uint8_t flags); +int MpmAddPatternCI(struct MpmCtx_ *mpm_ctx, uint8_t *pat, uint16_t patlen, + uint16_t offset, uint16_t depth, + uint32_t pid, SigIntId sid, uint8_t flags); + +void MpmFreePattern(MpmCtx *mpm_ctx, MpmPattern *p); + +int MpmAddPattern(MpmCtx *mpm_ctx, uint8_t *pat, uint16_t patlen, + uint16_t offset, uint16_t depth, uint32_t pid, + SigIntId sid, uint8_t flags); + +#endif /* __UTIL_MPM_H__ */ |