Feature #8019 » 0001-TEST-mpm-honor-endswith.patch
| src/detect-engine-mpm.c | ||
|---|---|---|
|
SCLogDebug("Negated MPM");
|
||
|
flags |= MPM_PATTERN_FLAG_NEGATED;
|
||
|
}
|
||
|
if (cd->flags & DETECT_CONTENT_ENDS_WITH) {
|
||
|
SCLogDebug("Negated MPM");
|
||
|
flags |= MPM_PATTERN_FLAG_ENDSWITH;
|
||
|
}
|
||
|
/* We have to effectively "wild card" values that will be coming from
|
||
|
* byte_extract variables
|
||
| src/util-hyperscan.c | ||
|---|---|---|
|
return str;
|
||
|
}
|
||
|
/**
|
||
|
* \internal
|
||
|
* \brief Convert a pattern into a regex string accepted by the Hyperscan
|
||
|
* compiler.
|
||
|
*
|
||
|
* For simplicity, we just take each byte of the original pattern and render it
|
||
|
* with a hex escape (i.e. ' ' -> "\x20")/
|
||
|
*/
|
||
|
char *HSRenderPatternAnchorToEnd(const uint8_t *pat, uint16_t pat_len)
|
||
|
{
|
||
|
if (pat == NULL) {
|
||
|
return NULL;
|
||
|
}
|
||
|
const size_t hex_len = (pat_len * 4) + 1 + 1;
|
||
|
char *str = SCMalloc(hex_len);
|
||
|
if (str == NULL) {
|
||
|
return NULL;
|
||
|
}
|
||
|
memset(str, 0, hex_len);
|
||
|
char *sp = str;
|
||
|
for (uint16_t i = 0; i < pat_len; i++) {
|
||
|
snprintf(sp, 5, "\\x%02x", pat[i]);
|
||
|
sp += 4;
|
||
|
}
|
||
|
*sp = '$';
|
||
|
sp++;
|
||
|
*sp = '\0';
|
||
|
return str;
|
||
|
}
|
||
|
#endif /* BUILD_HYPERSCAN */
|
||
| src/util-hyperscan.h | ||
|---|---|---|
|
#define __UTIL_HYPERSCAN__H__
|
||
|
char *HSRenderPattern(const uint8_t *pat, uint16_t pat_len);
|
||
|
char *HSRenderPatternAnchorToEnd(const uint8_t *pat, uint16_t pat_len);
|
||
|
#endif /* __UTIL_HYPERSCAN__H__ */
|
||
| src/util-mpm-hs.c | ||
|---|---|---|
|
cd->flags[i] |= HS_FLAG_CASELESS;
|
||
|
}
|
||
|
cd->expressions[i] = HSRenderPattern(p->original_pat, p->len);
|
||
|
if (p->flags & MPM_PATTERN_FLAG_ENDSWITH) {
|
||
|
cd->expressions[i] = HSRenderPatternAnchorToEnd(p->original_pat, p->len);
|
||
|
}
|
||
|
else
|
||
|
cd->expressions[i] = HSRenderPattern(p->original_pat, p->len);
|
||
|
if (p->flags & (MPM_PATTERN_FLAG_OFFSET | MPM_PATTERN_FLAG_DEPTH)) {
|
||
|
cd->ext[i] = SCMalloc(sizeof(hs_expr_ext_t));
|
||
| src/util-mpm.h | ||
|---|---|---|
|
/** the ctx uses it's own internal id instead of
|
||
|
* what is passed through the API */
|
||
|
#define MPM_PATTERN_CTX_OWNS_ID 0x20
|
||
|
#define MPM_PATTERN_FLAG_ENDSWITH 0x40
|
||
|
typedef struct MpmTableElmt_ {
|
||
|
const char *name;
|
||
- « Previous
- 1
- …
- 3
- 4
- 5
- Next »