8000d078 |
/* |
33872a43 |
* Copyright (C) 2007-2009 Sourcefire, Inc. |
1a2906f4 |
* |
2023340a |
* Authors: Tomasz Kojm |
8000d078 |
*
* This program is free software; you can redistribute it and/or modify |
bb34cb31 |
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation. |
8000d078 |
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software |
48b7b4a7 |
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301, USA. |
8000d078 |
*/
#ifndef __MATCHER_AC_H
#define __MATCHER_AC_H
|
ee99255a |
#include <sys/types.h>
|
a85bd2ac |
#include "filetypes.h" |
227f8f7c |
#include "cltypes.h" |
048d7677 |
#include "fmap.h" |
d2ba6f98 |
#include "hashtab.h" |
8000d078 |
|
1a2906f4 |
#define AC_CH_MAXDIST 32 |
4e9ab8ed |
|
6038397e |
#define AC_SCAN_VIR 1
#define AC_SCAN_FT 2
|
4e9ab8ed |
struct cli_ac_data { |
fbcef1b0 |
int32_t ***offmatrix; |
aca9ea82 |
uint32_t partsigs, lsigs, reloffsigs; |
677fc4ba |
uint32_t **lsigcnt; |
0d710688 |
uint32_t **lsigsuboff_last, **lsigsuboff_first; |
aca9ea82 |
uint32_t *offset; |
ab893605 |
uint32_t macro_lastmatch[32]; |
d2ba6f98 |
/** Hashset for versioninfo matching */ |
2db3514c |
const struct cli_hashset *vinfo; |
b87fe385 |
uint32_t min_partno; |
bedc58de |
};
|
a6d4c62e |
struct cli_ac_special { |
20c2455d |
unsigned char *str; |
a6d4c62e |
struct cli_ac_special *next; |
9381324a |
uint16_t len, num; |
a6d4c62e |
uint8_t type, negative; |
1a648b37 |
};
|
bedc58de |
struct cli_ac_patt {
uint16_t *pattern, *prefix, length, prefix_length;
uint32_t mindist, maxdist;
uint32_t sigid; |
677fc4ba |
uint32_t lsigid[3]; |
1a2906f4 |
uint16_t ch[2]; |
33872a43 |
char *virname; |
10290ba3 |
void *customdata; |
1a2906f4 |
uint16_t ch_mindist[2];
uint16_t ch_maxdist[2]; |
a6d4c62e |
uint16_t parts, partno, special, special_pattern;
struct cli_ac_special **special_table; |
9381324a |
struct cli_ac_patt *next, *next_same; |
6038397e |
uint16_t rtype, type; |
33872a43 |
uint32_t offdata[4], offset_min, offset_max; |
8c3c77b4 |
uint32_t boundary; |
2545f976 |
uint8_t depth; |
4e9ab8ed |
}; |
c6fb0b98 |
|
bedc58de |
struct cli_ac_node {
struct cli_ac_patt *list; |
fbcef1b0 |
struct cli_ac_node **trans, *fail; |
bedc58de |
};
|
fc0493d2 |
#define IS_LEAF(node) (!node->trans)
#define IS_FINAL(node) (!!node->list)
|
710a22f1 |
struct cli_ac_result {
const char *virname;
void *customdata; |
2e4fd44f |
off_t offset; |
710a22f1 |
struct cli_ac_result *next;
};
|
bedc58de |
#include "matcher.h"
|
5612732c |
int cli_ac_addpatt(struct cli_matcher *root, struct cli_ac_patt *pattern); |
aca9ea82 |
int cli_ac_initdata(struct cli_ac_data *data, uint32_t partsigs, uint32_t lsigs, uint32_t reloffsigs, uint8_t tracklen); |
ab893605 |
void cli_ac_chkmacro(struct cli_matcher *root, struct cli_ac_data *data, unsigned lsigid1); |
ee8bd2fb |
int cli_ac_chklsig(const char *expr, const char *end, uint32_t *lsigcnt, unsigned int *cnt, uint64_t *ids, unsigned int parse_only); |
4e9ab8ed |
void cli_ac_freedata(struct cli_ac_data *data); |
6ad45a29 |
int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **virname, void **customdata, struct cli_ac_result **res, const struct cli_matcher *root, struct cli_ac_data *mdata, uint32_t offset, cli_file_t ftype, struct cli_matched_type **ftoffset, unsigned int mode, cli_ctx *ctx); |
5612732c |
int cli_ac_buildtrie(struct cli_matcher *root); |
5b74e89a |
int cli_ac_init(struct cli_matcher *root, uint8_t mindepth, uint8_t maxdepth, uint8_t dconf_prefiltering); |
294558a5 |
int cli_ac_caloff(const struct cli_matcher *root, struct cli_ac_data *data, const struct cli_target_info *info); |
5612732c |
void cli_ac_free(struct cli_matcher *root); |
341faf60 |
int cli_ac_addsig(struct cli_matcher *root, const char *virname, const char *hexsig, uint32_t sigid, uint16_t parts, uint16_t partno, uint16_t rtype, uint16_t type, uint32_t mindist, uint32_t maxdist, const char *offset, const uint32_t *lsigid, unsigned int options); |
8000d078 |
#endif |