suricata
util-spm.h
Go to the documentation of this file.
1 /* Copyright (C) 2007-2022 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Pablo Rincon Crespo <pablo.rincon.crespo@gmail.com>
22  */
23 
24 #ifndef SURICATA_UTIL_SPM_H
25 #define SURICATA_UTIL_SPM_H
26 
27 #include "util-spm-bs.h"
28 
29 enum {
30  SPM_BM, /* Boyer-Moore */
31  SPM_HS, /* Hyperscan */
32  SPM_MM, /* Memmem */
33  /* Other SPM matchers will go here. */
34  SPM_TABLE_SIZE
35 };
36 
37 uint8_t SinglePatternMatchDefaultMatcher(void);
38 
39 /** Structure holding an immutable "built" SPM matcher (such as the Boyer-Moore
40  * tables, Hyperscan database etc) that is passed to the Scan call. */
41 typedef struct SpmCtx_ {
42  uint8_t matcher;
43  void *ctx;
44 } SpmCtx;
45 
46 /** Structure holding a global prototype for per-thread scratch space, passed
47  * to each InitCtx call. */
48 typedef struct SpmGlobalThreadCtx_ {
49  uint8_t matcher;
50  void *ctx;
51 } SpmGlobalThreadCtx;
52 
53 /** Structure holding some mutable per-thread space for use by a matcher at
54  * scan time. Constructed from SpmGlobalThreadCtx by the MakeThreadCtx call. */
55 typedef struct SpmThreadCtx_ {
56  uint8_t matcher;
57  void *ctx;
58 } SpmThreadCtx;
59 
60 typedef struct SpmTableElmt_ {
61  const char *name;
62  SpmGlobalThreadCtx *(*InitGlobalThreadCtx)(void);
63  void (*DestroyGlobalThreadCtx)(SpmGlobalThreadCtx *g_thread_ctx);
64  SpmThreadCtx *(*MakeThreadCtx)(const SpmGlobalThreadCtx *g_thread_ctx);
65  void (*DestroyThreadCtx)(SpmThreadCtx *thread_ctx);
66  SpmCtx *(*InitCtx)(const uint8_t *needle, uint16_t needle_len, int nocase,
67  SpmGlobalThreadCtx *g_thread_ctx);
68  void (*DestroyCtx)(SpmCtx *);
69  uint8_t *(*Scan)(const SpmCtx *ctx, SpmThreadCtx *thread_ctx,
70  const uint8_t *haystack, uint32_t haystack_len);
71 } SpmTableElmt;
72 
73 extern SpmTableElmt spm_table[SPM_TABLE_SIZE];
74 
75 void SpmTableSetup(void);
76 
77 SpmGlobalThreadCtx *SpmInitGlobalThreadCtx(uint8_t matcher);
78 
79 void SpmDestroyGlobalThreadCtx(SpmGlobalThreadCtx *g_thread_ctx);
80 
81 SpmThreadCtx *SpmMakeThreadCtx(const SpmGlobalThreadCtx *g_thread_ctx);
82 
83 void SpmDestroyThreadCtx(SpmThreadCtx *thread_ctx);
84 
85 SpmCtx *SpmInitCtx(const uint8_t *needle, uint16_t needle_len, int nocase,
86  SpmGlobalThreadCtx *g_thread_ctx);
87 
88 void SpmDestroyCtx(SpmCtx *ctx);
89 
90 uint8_t *SpmScan(const SpmCtx *ctx, SpmThreadCtx *thread_ctx,
91  const uint8_t *haystack, uint32_t haystack_len);
92 
93 /** Default algorithm to use: Boyer Moore */
94 uint8_t *Bs2bmSearch(
95  const uint8_t *text, uint32_t textlen, const uint8_t *needle, uint16_t needlelen);
96 uint8_t *BoyerMooreSearch(const uint8_t *text, uint32_t textlen, const uint8_t *needle, uint16_t needlelen);
97 uint8_t *BoyerMooreNocaseSearch(const uint8_t *text, uint32_t textlen, uint8_t *needle, uint16_t needlelen);
98 
99 /* Macros for automatic algorithm selection (use them only when you can't store the context) */
100 #define SpmSearch(text, textlen, needle, needlelen) ({\
101  uint8_t *mfound; \
102  if (needlelen < 4 && textlen < 512) \
103  mfound = BasicSearch(text, textlen, needle, needlelen); \
104  else if (needlelen < 4) \
105  mfound = BasicSearch(text, textlen, needle, needlelen); \
106  else \
107  mfound = BoyerMooreSearch(text, textlen, needle, needlelen); \
108  mfound; \
109  })
110 
111 #define SpmNocaseSearch(text, textlen, needle, needlelen) ({\
112  uint8_t *mfound; \
113  if (needlelen < 4 && textlen < 512) \
114  mfound = BasicSearchNocase(text, textlen, needle, needlelen); \
115  else if (needlelen < 4) \
116  mfound = BasicSearchNocase(text, textlen, needle, needlelen); \
117  else \
118  mfound = BoyerMooreNocaseSearch(text, textlen, needle, needlelen); \
119  mfound; \
120  })
121 
122 #ifdef UNITTESTS
123 void UtilSpmSearchRegistertests(void);
124 #endif
125 #endif /* SURICATA_UTIL_SPM_H */
SpmThreadCtx_::ctx
void * ctx
Definition: util-spm.h:57
SpmCtx_::matcher
uint8_t matcher
Definition: util-spm.h:42
SpmGlobalThreadCtx
struct SpmGlobalThreadCtx_ SpmGlobalThreadCtx
SpmInitCtx
SpmCtx * SpmInitCtx(const uint8_t *needle, uint16_t needle_len, int nocase, SpmGlobalThreadCtx *g_thread_ctx)
Definition: util-spm.c:183
SPM_HS
@ SPM_HS
Definition: util-spm.h:31
ctx
struct Thresholds ctx
SpmTableElmt_::name
const char * name
Definition: util-spm.h:61
SpmCtx
struct SpmCtx_ SpmCtx
SpmScan
uint8_t * SpmScan(const SpmCtx *ctx, SpmThreadCtx *thread_ctx, const uint8_t *haystack, uint32_t haystack_len)
Definition: util-spm.c:203
SinglePatternMatchDefaultMatcher
uint8_t SinglePatternMatchDefaultMatcher(void)
Returns the single pattern matcher algorithm to be used, based on the spm-algo setting in yaml.
Definition: util-spm.c:69
util-spm-bs.h
BoyerMooreNocaseSearch
uint8_t * BoyerMooreNocaseSearch(const uint8_t *text, uint32_t textlen, uint8_t *needle, uint16_t needlelen)
Search a pattern in the text using Boyer Moore nocase algorithm (build a bad character shifts array a...
Definition: util-spm.c:262
BoyerMooreSearch
uint8_t * BoyerMooreSearch(const uint8_t *text, uint32_t textlen, const uint8_t *needle, uint16_t needlelen)
Search a pattern in the text using Boyer Moore algorithm (build a bad character shifts array and good...
Definition: util-spm.c:242
Bs2bmSearch
uint8_t * Bs2bmSearch(const uint8_t *text, uint32_t textlen, const uint8_t *needle, uint16_t needlelen)
Search a pattern in the text using the Bs2Bm algorithm (build a bad characters array)
Definition: util-spm.c:224
SpmDestroyGlobalThreadCtx
void SpmDestroyGlobalThreadCtx(SpmGlobalThreadCtx *g_thread_ctx)
Definition: util-spm.c:154
SpmTableSetup
void SpmTableSetup(void)
Definition: util-spm.c:131
SPM_TABLE_SIZE
@ SPM_TABLE_SIZE
Definition: util-spm.h:34
SpmMakeThreadCtx
SpmThreadCtx * SpmMakeThreadCtx(const SpmGlobalThreadCtx *g_thread_ctx)
Definition: util-spm.c:163
SpmDestroyCtx
void SpmDestroyCtx(SpmCtx *ctx)
Definition: util-spm.c:193
SpmGlobalThreadCtx_::matcher
uint8_t matcher
Definition: util-spm.h:49
SpmCtx_
Definition: util-spm.h:41
spm_table
SpmTableElmt spm_table[SPM_TABLE_SIZE]
Definition: util-spm.c:63
SPM_BM
@ SPM_BM
Definition: util-spm.h:30
SpmTableElmt_::DestroyCtx
void(* DestroyCtx)(SpmCtx *)
Definition: util-spm.h:68
SpmCtx_::ctx
void * ctx
Definition: util-spm.h:43
SpmGlobalThreadCtx_::ctx
void * ctx
Definition: util-spm.h:50
SpmGlobalThreadCtx_
Definition: util-spm.h:48
SpmTableElmt
struct SpmTableElmt_ SpmTableElmt
SpmInitGlobalThreadCtx
SpmGlobalThreadCtx * SpmInitGlobalThreadCtx(uint8_t matcher)
Definition: util-spm.c:148
SpmDestroyThreadCtx
void SpmDestroyThreadCtx(SpmThreadCtx *thread_ctx)
Definition: util-spm.c:173
SpmTableElmt_
Definition: util-spm.h:60
SpmThreadCtx_::matcher
uint8_t matcher
Definition: util-spm.h:56
UtilSpmSearchRegistertests
void UtilSpmSearchRegistertests(void)
Definition: util-spm.c:2657
SPM_MM
@ SPM_MM
Definition: util-spm.h:32
SpmThreadCtx
struct SpmThreadCtx_ SpmThreadCtx
SpmTableElmt_::DestroyThreadCtx
void(* DestroyThreadCtx)(SpmThreadCtx *thread_ctx)
Definition: util-spm.h:65
SpmTableElmt_::DestroyGlobalThreadCtx
void(* DestroyGlobalThreadCtx)(SpmGlobalThreadCtx *g_thread_ctx)
Definition: util-spm.h:63
SpmThreadCtx_
Definition: util-spm.h:55