suricata
util-spm.h
Go to the documentation of this file.
1/* Copyright (C) 2007-2022 Open Information Security Foundation
2 *
3 * You can copy, redistribute or modify this Program under the terms of
4 * the GNU General Public License version 2 as published by the Free
5 * Software Foundation.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * version 2 along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15 * 02110-1301, USA.
16 */
17
18/**
19 * \file
20 *
21 * \author Pablo Rincon Crespo <pablo.rincon.crespo@gmail.com>
22 */
23
24#ifndef SURICATA_UTIL_SPM_H
25#define SURICATA_UTIL_SPM_H
26
27#include "util-spm-bs.h"
28
29enum {
30 SPM_BM, /* Boyer-Moore */
31 SPM_HS, /* Hyperscan */
32 /* Other SPM matchers will go here. */
34};
35
37
38/** Structure holding an immutable "built" SPM matcher (such as the Boyer-Moore
39 * tables, Hyperscan database etc) that is passed to the Scan call. */
40typedef struct SpmCtx_ {
41 uint8_t matcher;
42 void *ctx;
44
45/** Structure holding a global prototype for per-thread scratch space, passed
46 * to each InitCtx call. */
51
52/** Structure holding some mutable per-thread space for use by a matcher at
53 * scan time. Constructed from SpmGlobalThreadCtx by the MakeThreadCtx call. */
54typedef struct SpmThreadCtx_ {
55 uint8_t matcher;
56 void *ctx;
58
59typedef struct SpmTableElmt_ {
60 const char *name;
61 SpmGlobalThreadCtx *(*InitGlobalThreadCtx)(void);
63 SpmThreadCtx *(*MakeThreadCtx)(const SpmGlobalThreadCtx *g_thread_ctx);
64 void (*DestroyThreadCtx)(SpmThreadCtx *thread_ctx);
65 SpmCtx *(*InitCtx)(const uint8_t *needle, uint16_t needle_len, int nocase,
66 SpmGlobalThreadCtx *g_thread_ctx);
67 void (*DestroyCtx)(SpmCtx *);
68 uint8_t *(*Scan)(const SpmCtx *ctx, SpmThreadCtx *thread_ctx,
69 const uint8_t *haystack, uint32_t haystack_len);
71
73
74void SpmTableSetup(void);
75
77
79
81
82void SpmDestroyThreadCtx(SpmThreadCtx *thread_ctx);
83
84SpmCtx *SpmInitCtx(const uint8_t *needle, uint16_t needle_len, int nocase,
85 SpmGlobalThreadCtx *g_thread_ctx);
86
88
89uint8_t *SpmScan(const SpmCtx *ctx, SpmThreadCtx *thread_ctx,
90 const uint8_t *haystack, uint32_t haystack_len);
91
92/** Default algorithm to use: Boyer Moore */
93uint8_t *Bs2bmSearch(
94 const uint8_t *text, uint32_t textlen, const uint8_t *needle, uint16_t needlelen);
95uint8_t *BoyerMooreSearch(const uint8_t *text, uint32_t textlen, const uint8_t *needle, uint16_t needlelen);
96uint8_t *BoyerMooreNocaseSearch(const uint8_t *text, uint32_t textlen, uint8_t *needle, uint16_t needlelen);
97
98/* Macros for automatic algorithm selection (use them only when you can't store the context) */
99#define SpmSearch(text, textlen, needle, needlelen) ({\
100 uint8_t *mfound; \
101 if (needlelen < 4 && textlen < 512) \
102 mfound = BasicSearch(text, textlen, needle, needlelen); \
103 else if (needlelen < 4) \
104 mfound = BasicSearch(text, textlen, needle, needlelen); \
105 else \
106 mfound = BoyerMooreSearch(text, textlen, needle, needlelen); \
107 mfound; \
108 })
109
110#define SpmNocaseSearch(text, textlen, needle, needlelen) ({\
111 uint8_t *mfound; \
112 if (needlelen < 4 && textlen < 512) \
113 mfound = BasicSearchNocase(text, textlen, needle, needlelen); \
114 else if (needlelen < 4) \
115 mfound = BasicSearchNocase(text, textlen, needle, needlelen); \
116 else \
117 mfound = BoyerMooreNocaseSearch(text, textlen, needle, needlelen); \
118 mfound; \
119 })
120
121#ifdef UNITTESTS
123#endif
124#endif /* SURICATA_UTIL_SPM_H */
struct Thresholds ctx
uint8_t matcher
Definition util-spm.h:41
void * ctx
Definition util-spm.h:42
void(* DestroyGlobalThreadCtx)(SpmGlobalThreadCtx *g_thread_ctx)
Definition util-spm.h:62
void(* DestroyThreadCtx)(SpmThreadCtx *thread_ctx)
Definition util-spm.h:64
const char * name
Definition util-spm.h:60
void(* DestroyCtx)(SpmCtx *)
Definition util-spm.h:67
uint8_t matcher
Definition util-spm.h:55
void * ctx
Definition util-spm.h:56
struct SpmTableElmt_ SpmTableElmt
struct SpmThreadCtx_ SpmThreadCtx
uint8_t SinglePatternMatchDefaultMatcher(void)
Returns the single pattern matcher algorithm to be used, based on the spm-algo setting in yaml.
Definition util-spm.c:68
uint8_t * Bs2bmSearch(const uint8_t *text, uint32_t textlen, const uint8_t *needle, uint16_t needlelen)
Search a pattern in the text using the Bs2Bm algorithm (build a bad characters array)
Definition util-spm.c:214
SpmCtx * SpmInitCtx(const uint8_t *needle, uint16_t needle_len, int nocase, SpmGlobalThreadCtx *g_thread_ctx)
Definition util-spm.c:173
void UtilSpmSearchRegistertests(void)
Definition util-spm.c:2657
uint8_t * BoyerMooreNocaseSearch(const uint8_t *text, uint32_t textlen, uint8_t *needle, uint16_t needlelen)
Search a pattern in the text using Boyer Moore nocase algorithm (build a bad character shifts array a...
Definition util-spm.c:252
struct SpmCtx_ SpmCtx
SpmGlobalThreadCtx * SpmInitGlobalThreadCtx(uint8_t matcher)
Definition util-spm.c:138
void SpmTableSetup(void)
Definition util-spm.c:122
void SpmDestroyThreadCtx(SpmThreadCtx *thread_ctx)
Definition util-spm.c:163
void SpmDestroyGlobalThreadCtx(SpmGlobalThreadCtx *g_thread_ctx)
Definition util-spm.c:144
uint8_t * BoyerMooreSearch(const uint8_t *text, uint32_t textlen, const uint8_t *needle, uint16_t needlelen)
Search a pattern in the text using Boyer Moore algorithm (build a bad character shifts array and good...
Definition util-spm.c:232
@ SPM_BM
Definition util-spm.h:30
@ SPM_TABLE_SIZE
Definition util-spm.h:33
@ SPM_HS
Definition util-spm.h:31
struct SpmGlobalThreadCtx_ SpmGlobalThreadCtx
void SpmDestroyCtx(SpmCtx *ctx)
Definition util-spm.c:183
SpmTableElmt spm_table[SPM_TABLE_SIZE]
Definition util-spm.c:62
uint8_t * SpmScan(const SpmCtx *ctx, SpmThreadCtx *thread_ctx, const uint8_t *haystack, uint32_t haystack_len)
Definition util-spm.c:193
SpmThreadCtx * SpmMakeThreadCtx(const SpmGlobalThreadCtx *g_thread_ctx)
Definition util-spm.c:153