suricata
util-spm-bs.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2010 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  * \author Pablo Rincon Crespo <pablo.rincon.crespo@gmail.com>
23  *
24  * bs is a bruteforce search. It will try to search the pattern
25  * from all characters until the available text len is less
26  * than the length of the pattern. It needs no context but it
27  * time cost is not good.
28  */
29 
30 #include "suricata-common.h"
31 #include "suricata.h"
32 
33 #include "util-debug.h"
34 #include "util-spm-bs.h"
35 
36 
37 /**
38  * \brief Basic search improved. Limits are better handled, so
39  * it doesn't start searches that wont fit in the remaining buffer
40  *
41  * \param haystack pointer to the buffer to search in
42  * \param haystack_len length limit of the buffer
43  * \param neddle pointer to the pattern we ar searching for
44  * \param needle_len length limit of the needle
45  *
46  * \retval ptr to start of the match; NULL if no match
47  */
48 uint8_t *BasicSearch(const uint8_t *haystack, uint32_t haystack_len, const uint8_t *needle, uint16_t needle_len)
49 {
50  SCEnter();
51 
52  const uint8_t *h, *n;
53  const uint8_t *hmax = haystack + haystack_len;
54  const uint8_t *nmax = needle + needle_len;
55 
56  if (needle_len == 0 || needle_len > haystack_len) {
57  SCReturnPtr(NULL, "uint8_t");
58  }
59 
60  //PrintRawDataFp(stdout,needle,needle_len);
61 
62  //PrintRawDataFp(stdout,haystack,haystack_len);
63 
64  for (n = needle; nmax - n <= hmax - haystack; haystack++) {
65  if (*haystack != *n) {
66  continue;
67  }
68 
69  SCLogDebug("*haystack == *n, %c == %c", *haystack, *n);
70 
71  /* one byte needles */
72  if (needle_len == 1) {
73  SCReturnPtr((uint8_t *)haystack, "uint8_t");
74  }
75 
76  for (h = haystack+1, n++; nmax - n <= hmax - haystack; h++, n++) {
77  if (*h != *n) {
78  break;
79  }
80  SCLogDebug("*haystack == *n, %c == %c", *haystack, *n);
81  /* if we run out of needle we fully matched */
82  if (n == nmax - 1) {
83  SCReturnPtr((uint8_t *)haystack, "uint8_t");
84  }
85  }
86  n = needle;
87  }
88 
89  SCReturnPtr(NULL, "uint8_t");
90 }
91 
92 /**
93  * \brief Basic search case less
94  *
95  * \param haystack pointer to the buffer to search in
96  * \param haystack_len length limit of the buffer
97  * \param neddle pointer to the pattern we ar searching for
98  * \param needle_len length limit of the needle
99  *
100  * \retval ptr to start of the match; NULL if no match
101  */
102 uint8_t *BasicSearchNocase(const uint8_t *haystack, uint32_t haystack_len, const uint8_t *needle, uint16_t needle_len)
103 {
104  const uint8_t *h, *n;
105  const uint8_t *hmax = haystack + haystack_len;
106  const uint8_t *nmax = needle + needle_len;
107 
108  if (needle_len == 0 || needle_len > haystack_len)
109  return NULL;
110 
111  for (n = needle; nmax - n <= hmax - haystack; haystack++) {
112  if (u8_tolower(*haystack) != u8_tolower(*n)) {
113  continue;
114  }
115  /* one byte needles */
116  if (needle_len == 1) {
117  return (uint8_t *)haystack;
118  }
119 
120  for (h = haystack+1, n++; nmax - n <= hmax - h ; h++, n++) {
121  if (u8_tolower(*h) != u8_tolower(*n)) {
122  break;
123  }
124  /* if we run out of needle we fully matched */
125  if (n == nmax - 1) {
126  return (uint8_t *)haystack;
127  }
128  }
129  n = needle;
130  }
131 
132  return NULL;
133 }
134 
135 void BasicSearchInit (void)
136 {
137  /* nothing no more */
138 }
139 
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:296
u8_tolower
#define u8_tolower(c)
Definition: suricata.h:177
util-spm-bs.h
util-debug.h
BasicSearchNocase
uint8_t * BasicSearchNocase(const uint8_t *haystack, uint32_t haystack_len, const uint8_t *needle, uint16_t needle_len)
Basic search case less.
Definition: util-spm-bs.c:102
SCEnter
#define SCEnter(...)
Definition: util-debug.h:298
BasicSearch
uint8_t * BasicSearch(const uint8_t *haystack, uint32_t haystack_len, const uint8_t *needle, uint16_t needle_len)
Basic search improved. Limits are better handled, so it doesn't start searches that wont fit in the r...
Definition: util-spm-bs.c:48
SCReturnPtr
#define SCReturnPtr(x, type)
Definition: util-debug.h:314
suricata-common.h
BasicSearchInit
void BasicSearchInit(void)
Definition: util-spm-bs.c:135
suricata.h