Texte vergleichen

Finden Sie den Unterschied zwischen zwei Textdateien

Real-time diff
Unified diff
Collapse lines
Highlight change
Syntax highlighting
Onlinewerkzeuge
Diffchecker Desktop icon
Diffchecker Desktop The most secure way to run Diffchecker. Get the Diffchecker Desktop app: your diffs never leave your computer!Get Desktop

diff lowmem.cc

Created Diff never expires
5 removals
Lines
Total
Removed
Words
Total
Removed
To continue using this feature, upgrade to
Diffchecker logo
Diffchecker Pro
136 lines
52 additions
Lines
Total
Added
Words
Total
Added
To continue using this feature, upgrade to
Diffchecker logo
Diffchecker Pro
176 lines
//--------------------------------------------------------------------------
//--------------------------------------------------------------------------
// Copyright (C) 2014-2024 Cisco and/or its affiliates. All rights reserved.
// Copyright (C) 2014-2024 Cisco and/or its affiliates. All rights reserved.
// Copyright (C) 2002-2013 Sourcefire, Inc.
// Copyright (C) 2002-2013 Sourcefire, Inc.
//
//
// This program is free software; you can redistribute it and/or modify it
// This program is free software; you can redistribute it and/or modify it
// under the terms of the GNU General Public License Version 2 as published
// under the terms of the GNU General Public License Version 2 as published
// by the Free Software Foundation. You may not use, modify or distribute
// by the Free Software Foundation. You may not use, modify or distribute
// this program under any other version of the GNU General Public License.
// this program under any other version of the GNU General Public License.
//
//
// This program is distributed in the hope that it will be useful, but
// This program is distributed in the hope that it will be useful, but
// WITHOUT ANY WARRANTY; without even the implied warranty of
// WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
// General Public License for more details.
// General Public License for more details.
//
//
// You should have received a copy of the GNU General Public License along
// You should have received a copy of the GNU General Public License along
// with this program; if not, write to the Free Software Foundation, Inc.,
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
//--------------------------------------------------------------------------
//--------------------------------------------------------------------------


/*
/*
* An abstracted interface to the Multi-Pattern Matching routines,
* An abstracted interface to the Multi-Pattern Matching routines,
* thats why we're passing 'void *' objects around.
* thats why we're passing 'void *' objects around.
*
*
* Marc A Norton <mnorton@sourcefire.com>
* Marc A Norton <mnorton@sourcefire.com>
*
*
* Updates:
* Updates:
* 3/06 - Added AC_BNFA search
* 3/06 - Added AC_BNFA search
*/
*/
// lowmem.cc author Russ Combs <rucombs@cisco.com>
// lowmem.cc author Russ Combs <rucombs@cisco.com>


#include "log/messages.h"
#include "log/messages.h"
#include "framework/mpse.h"
#include "framework/mpse.h"


#include "sfksearch.h"
#include "sfksearch.h"


#include <deque>

using namespace snort;
using namespace snort;


//-------------------------------------------------------------------------
//-------------------------------------------------------------------------
// "lowmem"
// "lowmem"
//-------------------------------------------------------------------------
//-------------------------------------------------------------------------


class LowmemMpse : public Mpse
class LowmemMpse : public Mpse
{
{
private:
private:
KTRIE_STRUCT* obj;
KTRIE_STRUCT* obj;


std::deque<int> dbg_match_dq, dbg_match_want_dq;

public:
public:
LowmemMpse(const MpseAgent* agent) : Mpse("lowmem")
LowmemMpse(const MpseAgent* agent) : Mpse("lowmem")
{ obj = KTrieNew(0, agent); }
{
obj = KTrieNew(0, agent);

dbg_match_want_dq = std::deque<int>({35, 3, 32, 7, 10, 58, 1});
obj->can_debug = false;
}


~LowmemMpse() override
~LowmemMpse() override
{ KTrieDelete(obj); }
{
KTrieDelete(obj);
}


int add_pattern(
int add_pattern(
const uint8_t* P, unsigned m, const PatternDescriptor& desc, void* user) override
const uint8_t* P, unsigned m, const PatternDescriptor& desc, void* user) override
{
{
return KTrieAddPattern(obj, P, m, desc.no_case, desc.negated, user);
int ans = KTrieAddPattern(obj, P, m, desc.no_case, desc.negated, user);

return ans;
}
}


int prep_patterns(SnortConfig* sc) override
int prep_patterns(SnortConfig* sc) override
{
{
return KTrieCompile(sc, obj);
int ans = KTrieCompile(sc, obj);

return ans;
}
}


int _search(
int _search(
const uint8_t* T, int n, MpseMatch match,
const uint8_t* T, int n, MpseMatch match,
void* context, int* current_state) override
void* context, int* current_state) override
{
{
*current_state = 0;
*current_state = 0;
return KTrieSearch(obj, T, n, match, context);

if (dbg_match_dq == dbg_match_want_dq) {
obj->can_debug = true;
}

int ans = KTrieSearch(obj, T, n, match, context);

dbg_match_dq.push_back(ans);
if (dbg_match_dq.size() > dbg_match_want_dq.size()) dbg_match_dq.pop_front();

if (obj->can_debug) {
obj->can_debug = false;

printf("search finished: matches = %d\n", ans);
printf("number of patterns: %d\n", KTriePatternCount(obj));
printf("T = ");
for (int i = 0; i < n; i++) printf("%d ", T[i]);
printf("\n");
}

return ans;
}
}


int get_pattern_count() const override
int get_pattern_count() const override
{ return KTriePatternCount(obj); }
{
int ans = KTriePatternCount(obj);

return ans;
}
};
};


//-------------------------------------------------------------------------
//-------------------------------------------------------------------------
// api
// api
//-------------------------------------------------------------------------
//-------------------------------------------------------------------------


static Mpse* lm_ctor(const SnortConfig*, class Module*, const MpseAgent* agent)
static Mpse* lm_ctor(const SnortConfig*, class Module*, const MpseAgent* agent)
{
{
return new LowmemMpse(agent);
return new LowmemMpse(agent);
}
}


static void lm_dtor(Mpse* p)
static void lm_dtor(Mpse* p)
{
{
delete p;
delete p;
}
}


static void lm_init()
static void lm_init()
{
{
KTrie_init_xlatcase();
KTrie_init_xlatcase();
KTrieInitMemUsed();
KTrieInitMemUsed();
}
}


static void lm_print()
static void lm_print()
{
{
if ( !KTrieMemUsed() )
if ( !KTrieMemUsed() )
return;
return;


double x = (double)KTrieMemUsed();
double x = (double)KTrieMemUsed();


LogMessage("[ LowMem Search-Method Memory Used : %g %s ]\n",
LogMessage("[ LowMem Search-Method Memory Used : %g %s ]\n",
(x > 1.e+6) ? x/1.e+6 : x/1.e+3,
(x > 1.e+6) ? x/1.e+6 : x/1.e+3,
(x > 1.e+6) ? "MBytes" : "KBytes");
(x > 1.e+6) ? "MBytes" : "KBytes");
}
}


static const MpseApi lm_api =
static const MpseApi lm_api =
{
{
{
{
PT_SEARCH_ENGINE,
PT_SEARCH_ENGINE,
sizeof(MpseApi),
sizeof(MpseApi),
SEAPI_VERSION,
SEAPI_VERSION,
0,
0,
API_RESERVED,
API_RESERVED,
API_OPTIONS,
API_OPTIONS,
"lowmem",
"lowmem",
"Keyword Trie (low memory, moderate performance) MPSE",
"Keyword Trie (low memory, moderate performance) MPSE",
nullptr,
nullptr,
nullptr
nullptr
},
},
MPSE_BASE,
MPSE_BASE,
nullptr,
nullptr,
nullptr,
nullptr,
nullptr,
nullptr,
nullptr,
nullptr,
lm_ctor,
lm_ctor,
lm_dtor,
lm_dtor,
lm_init,
lm_init,
lm_print,
lm_print,
nullptr
nullptr
};
};


const BaseApi* se_lowmem = &lm_api.base;
const BaseApi* se_lowmem = &lm_api.base;



Gespeicherten Diffs