1 //--------------------------------------------------------------------------
2 // Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved.
3 //
4 // This program is free software; you can redistribute it and/or modify it
5 // under the terms of the GNU General Public License Version 2 as published
6 // by the Free Software Foundation.  You may not use, modify or distribute
7 // this program under any other version of the GNU General Public License.
8 //
9 // This program is distributed in the hope that it will be useful, but
10 // WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
12 // General Public License for more details.
13 //
14 // You should have received a copy of the GNU General Public License along
15 // with this program; if not, write to the Free Software Foundation, Inc.,
16 // 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
17 //--------------------------------------------------------------------------
18 // mpse.h author Russ Combs <rucombs@cisco.com>
19 
20 #ifndef MPSE_H
21 #define MPSE_H
22 
23 // MPSE = Multi-Pattern Search Engine - ie fast pattern matching. The key
24 // methods of an MPSE are the ability to add patterns, compile a state
25 // machine from the patterns, and search either a single buffer or a set
26 // of (related) buffers for patterns.
27 
28 #include <cassert>
29 #include <string>
30 
31 #include "framework/base_api.h"
32 #include "main/snort_types.h"
33 #include "main/thread.h"
34 #include "search_engines/search_common.h"
35 
36 namespace snort
37 {
38 // this is the current version of the api
39 #define SEAPI_VERSION ((BASE_API_VERSION << 16) | 0)
40 
41 struct SnortConfig;
42 class Mpse;
43 struct MpseApi;
44 struct MpseBatch;
45 struct ProfileStats;
46 
47 class SO_PUBLIC Mpse
48 {
49 public:
50     enum MpseType
51     {
52         MPSE_TYPE_NORMAL = 0,
53         MPSE_TYPE_OFFLOAD = 1
54     };
55 
56     enum MpseRespType
57     {
58         MPSE_RESP_COMPLETE_FAIL    = -1,
59         MPSE_RESP_NOT_COMPLETE     = 0,
60         MPSE_RESP_COMPLETE_SUCCESS = 1
61     };
62 
63     virtual ~Mpse() = default;
64 
65     struct PatternDescriptor
66     {
67         bool no_case;
68         bool negated;
69         bool literal;
70         unsigned flags;
71 
72         PatternDescriptor(
73             bool noc = false, bool neg = false, bool lit = false, unsigned f = 0)
74         { no_case = noc; negated = neg; literal = lit; flags = f; }
75     };
76 
77     virtual int add_pattern(
78         const uint8_t* pat, unsigned len, const PatternDescriptor&, void* user) = 0;
79 
80     virtual int prep_patterns(SnortConfig*) = 0;
81 
reuse_search()82     virtual void reuse_search() { }
83 
84     int search(
85         const uint8_t* T, int n, MpseMatch, void* context, int* current_state);
86 
87     virtual int search_all(
88         const uint8_t* T, int n, MpseMatch, void* context, int* current_state);
89 
90     void search(MpseBatch&, MpseType);
91 
receive_responses(MpseBatch &,MpseType)92     virtual MpseRespType receive_responses(MpseBatch&, MpseType)
93     { return MPSE_RESP_COMPLETE_SUCCESS; }
94 
95     static MpseRespType poll_responses(MpseBatch*&, MpseType);
96 
set_opt(int)97     virtual void set_opt(int) { }
print_info()98     virtual int print_info() { return 0; }
get_pattern_count()99     virtual int get_pattern_count() const { return 0; }
100 
serialize(uint8_t * &,size_t &)101     virtual bool serialize(uint8_t*&, size_t&) const { return false; }
deserialize(const uint8_t *,size_t)102     virtual bool deserialize(const uint8_t*, size_t) { return false; }
get_hash(std::string &)103     virtual void get_hash(std::string&) { }
104 
get_method()105     const char* get_method() { return method.c_str(); }
106     void set_verbose(bool b = true) { verbose = b; }
107 
set_api(const MpseApi * p)108     void set_api(const MpseApi* p) { api = p; }
get_api()109     const MpseApi* get_api() { return api; }
110 
111 protected:
112     Mpse(const char* method);
113 
114     virtual int _search(
115         const uint8_t* T, int n, MpseMatch, void* context, int* current_state) = 0;
116 
117     virtual void _search(MpseBatch&, MpseType);
118 
119 private:
120     std::string method;
121     int verbose;
122     const MpseApi* api;
123 };
124 
125 typedef void (* MpseOptFunc)(SnortConfig*);
126 typedef void (* MpseExeFunc)();
127 
128 typedef Mpse* (* MpseNewFunc)(const SnortConfig*, class Module*, const MpseAgent*);
129 typedef void (* MpseDelFunc)(Mpse*);
130 
131 typedef Mpse::MpseRespType (* MpsePollFunc)(MpseBatch*&, Mpse::MpseType);
132 
133 #define MPSE_BASE   0x00  // no optional features
134 #define MPSE_REGEX  0x02  // supports regex patterns
135 #define MPSE_ASYNC  0x04  // does asynchronous (lookaside) searches
136 #define MPSE_MTBLD  0x08  // support multithreaded / parallel compilation
137 
138 struct MpseApi
139 {
140     BaseApi base;
141     uint32_t flags;
142 
143     MpseOptFunc activate;
144     MpseOptFunc setup;
145     MpseExeFunc start;
146     MpseExeFunc stop;
147     MpseNewFunc ctor;
148     MpseDelFunc dtor;
149     MpseExeFunc init;
150     MpseExeFunc print;
151     MpsePollFunc poll;
152 };
153 }
154 #endif
155 
156