SnortExtras: src/search_engines/lowmem/lowmem.cc

"Fossies" - the Fresh Open Source Software Archive

Member "snort3_extra-3.1.51.0/src/search_engines/lowmem/lowmem.cc" (20 Dec 2022, 3540 Bytes) of package /linux/misc/snort3_extra-3.1.51.0.tar.gz:

As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "lowmem.cc" see the Fossies "Dox" file reference documentation.

1 //-------------------------------------------------------------------------- 2 // Copyright (C) 2014-2022 Cisco and/or its affiliates. All rights reserved. 3 // Copyright (C) 2002-2013 Sourcefire, Inc. 4 // 5 // This program is free software; you can redistribute it and/or modify it 6 // under the terms of the GNU General Public License Version 2 as published 7 // by the Free Software Foundation. You may not use, modify or distribute 8 // this program under any other version of the GNU General Public License. 9 // 10 // This program is distributed in the hope that it will be useful, but 11 // WITHOUT ANY WARRANTY; without even the implied warranty of 12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 // General Public License for more details. 14 // 15 // You should have received a copy of the GNU General Public License along 16 // with this program; if not, write to the Free Software Foundation, Inc., 17 // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 //-------------------------------------------------------------------------- 19 20 /* 21 * An abstracted interface to the Multi-Pattern Matching routines, 22 * thats why we're passing 'void *' objects around. 23 * 24 * Marc A Norton <mnorton@sourcefire.com> 25 * 26 * Updates: 27 * 3/06 - Added AC_BNFA search 28 */ 29 // lowmem.cc author Russ Combs <rucombs@cisco.com> 30 31 #include "log/messages.h" 32 #include "framework/mpse.h" 33 34 #include "sfksearch.h" 35 36 using namespace snort; 37 38 //------------------------------------------------------------------------- 39 // "lowmem" 40 //------------------------------------------------------------------------- 41 42 class LowmemMpse : public Mpse 43 { 44 private: 45 KTRIE_STRUCT* obj; 46 47 public: 48 LowmemMpse(const MpseAgent* agent) : Mpse("lowmem") 49 { obj = KTrieNew(0, agent); } 50 51 ~LowmemMpse() override 52 { KTrieDelete(obj); } 53 54 int add_pattern( 55 const uint8_t* P, unsigned m, const PatternDescriptor& desc, void* user) override 56 { 57 return KTrieAddPattern(obj, P, m, desc.no_case, desc.negated, user); 58 } 59 60 int prep_patterns(SnortConfig* sc) override 61 { 62 return KTrieCompile(sc, obj); 63 } 64 65 int _search( 66 const uint8_t* T, int n, MpseMatch match, 67 void* context, int* current_state) override 68 { 69 *current_state = 0; 70 return KTrieSearch(obj, T, n, match, context); 71 } 72 73 int get_pattern_count() const override 74 { return KTriePatternCount(obj); } 75 }; 76 77 //------------------------------------------------------------------------- 78 // api 79 //------------------------------------------------------------------------- 80 81 static Mpse* lm_ctor(const SnortConfig*, class Module*, const MpseAgent* agent) 82 { 83 return new LowmemMpse(agent); 84 } 85 86 static void lm_dtor(Mpse* p) 87 { 88 delete p; 89 } 90 91 static void lm_init() 92 { 93 KTrie_init_xlatcase(); 94 KTrieInitMemUsed(); 95 } 96 97 static void lm_print() 98 { 99 if ( !KTrieMemUsed() ) 100 return; 101 102 double x = (double)KTrieMemUsed(); 103 104 LogMessage("[ LowMem Search-Method Memory Used : %g %s ]\n", 105 (x > 1.e+6) ? x/1.e+6 : x/1.e+3, 106 (x > 1.e+6) ? "MBytes" : "KBytes"); 107 } 108 109 static const MpseApi lm_api = 110 { 111 { 112 PT_SEARCH_ENGINE, 113 sizeof(MpseApi), 114 SEAPI_VERSION, 115 0, 116 API_RESERVED, 117 API_OPTIONS, 118 "lowmem", 119 "Keyword Trie (low memory, moderate performance) MPSE", 120 nullptr, 121 nullptr 122 }, 123 MPSE_BASE, 124 nullptr, 125 nullptr, 126 nullptr, 127 nullptr, 128 lm_ctor, 129 lm_dtor, 130 lm_init, 131 lm_print, 132 nullptr 133 }; 134 135 const BaseApi* se_lowmem = &lm_api.base; 136