Pull request #4077: search_tool: allow an override of the search method

Merge in SNORT/snort3 from ~RDEMPSTE/snort3:search_tool to master

Squashed commit of the following:

commit 69f8dddd2647a3e02e6446a9fe0e9a1ac78771f0
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Fri Oct 27 12:14:12 2023 -0400

    search_tool: allow an override of the search method

diff --git a/src/network_inspectors/appid/client_plugins/test/client_plugins_mock.h b/src/network_inspectors/appid/client_plugins/test/client_plugins_mock.h
index 1370d6e63f27f54f1fb1234da8ac7111fb6886a3..a4c1e31ba34b374aff17992d8c0643e8c6d0935f 100644 (file)
--- a/src/network_inspectors/appid/client_plugins/test/client_plugins_mock.h
+++ b/src/network_inspectors/appid/client_plugins/test/client_plugins_mock.h
@@ -26,7 +26,8 @@ void LogMessage(const char*,...) { }
 void WarningMessage(const char*,...) { }
 
 // Stubs for search_tool.cc
-SearchTool::SearchTool(bool) { }
+SearchTool::SearchTool(bool multi, const char*) : mpsegrp(nullptr), max_len(0), multi_match(multi)
+{ }
 SearchTool::~SearchTool() = default;
 void SearchTool::add(const char*, unsigned, int, bool, bool) { }
 void SearchTool::add(const char*, unsigned, void*, bool, bool) { }

diff --git a/src/network_inspectors/appid/detector_plugins/test/detector_sip_test.cc b/src/network_inspectors/appid/detector_plugins/test/detector_sip_test.cc
index e70bdff0eb870a8f94f0bb2a8b34a58c80134795..6317241b43984a1127cdaeb003b0f84377a4e5ee 100644 (file)
--- a/src/network_inspectors/appid/detector_plugins/test/detector_sip_test.cc
+++ b/src/network_inspectors/appid/detector_plugins/test/detector_sip_test.cc
@@ -65,7 +65,7 @@ Flow::~Flow() = default;
 AppIdSession* AppIdApi::get_appid_session(snort::Flow const&) { return nullptr; }
 
 MpseGroup::~MpseGroup() = default;
-SearchTool::SearchTool(bool)
+SearchTool::SearchTool(bool, const char*)
 {
     mpsegrp = &mpse_group;
 }

diff --git a/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc b/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc
index cd0f38c25d19f98f60dcd48653606adf4b1d0f5b..c8b8bd30fb144449bf4fe7b6d26578ef15d47155 100644 (file)
--- a/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc
+++ b/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc
@@ -60,7 +60,7 @@ namespace snort
 {
 AppIdSessionApi::AppIdSessionApi(const AppIdSession*, const SfIp&) :
     StashGenericObject(STASH_GENERIC_OBJECT_APPID) {}
-SearchTool::SearchTool(bool) { }
+SearchTool::SearchTool(bool, const char*) { }
 void SearchTool::reload() { }
 static bool test_find_all_done = false;
 static bool test_find_all_enabled = false;

diff --git a/src/network_inspectors/appid/service_plugins/test/service_alpn_patterns_mock.h b/src/network_inspectors/appid/service_plugins/test/service_alpn_patterns_mock.h
index b01124e25ce9251738b71a713fac2753837bf844..96fd9ee90b90b607834fd14e3ba892c0572d89f8 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/test/service_alpn_patterns_mock.h
+++ b/src/network_inspectors/appid/service_plugins/test/service_alpn_patterns_mock.h
@@ -22,7 +22,8 @@
 namespace snort
 {
 // Stubs for search_tool.cc
-SearchTool::SearchTool(bool) { }
+SearchTool::SearchTool(bool multi, const char*) : mpsegrp(nullptr), max_len(0), multi_match(multi)
+{ }
 SearchTool::~SearchTool() = default;
 void SearchTool::add(const char*, unsigned, int, bool, bool) { }
 void SearchTool::add(const char*, unsigned, void*, bool, bool) { }

diff --git a/src/network_inspectors/appid/service_plugins/test/service_plugin_mock.h b/src/network_inspectors/appid/service_plugins/test/service_plugin_mock.h
index 7a98af47bb72fb7e5eabe819f9052d26254e2169..dd7e44fc81eb5893287b52fc1b7f870e5b2fe6e4 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/test/service_plugin_mock.h
+++ b/src/network_inspectors/appid/service_plugins/test/service_plugin_mock.h
@@ -46,7 +46,7 @@ bool Inspector::get_buf(const char*, Packet*, InspectionBuffer&) { return true;
 class StreamSplitter* Inspector::get_splitter(bool) { return nullptr; }
 
 // Stubs for search_tool.cc
-SearchTool::SearchTool(bool) { }
+SearchTool::SearchTool(bool, const char*) { }
 SearchTool::~SearchTool() = default;
 
 // Stubs for util.cc

diff --git a/src/network_inspectors/appid/test/appid_discovery_test.cc b/src/network_inspectors/appid/test/appid_discovery_test.cc
index 60fcb096be139c8cd177e98816ba289500b9e5cd..b95616f589692571a34fd556ab014b71b9dc8904 100644 (file)
--- a/src/network_inspectors/appid/test/appid_discovery_test.cc
+++ b/src/network_inspectors/appid/test/appid_discovery_test.cc
@@ -99,7 +99,7 @@ char* snort_strndup(const char* src, size_t)
 time_t packet_time() { return std::time(nullptr); }
 
 // Stubs for search_tool
-SearchTool::SearchTool(bool) {}
+SearchTool::SearchTool(bool, const char*) {}
 SearchTool::~SearchTool() = default;
 void SearchTool::add(const char*, unsigned, int, bool, bool) {}
 void SearchTool::add(const char*, unsigned, void*, bool, bool) {}

diff --git a/src/network_inspectors/appid/test/appid_mock_definitions.h b/src/network_inspectors/appid/test/appid_mock_definitions.h
index 72d54a6d32ccd5d6b1b6567a11c50ce88ae51832..29175872707158ec7ce38ce7149e74b182abe953 100644 (file)
--- a/src/network_inspectors/appid/test/appid_mock_definitions.h
+++ b/src/network_inspectors/appid/test/appid_mock_definitions.h
@@ -59,7 +59,8 @@ void LogLabel(const char*, FILE*) {}
 
 unsigned DataBus::get_id(const PubKey&) { return 0; }
 
-SearchTool::SearchTool(bool) { }
+SearchTool::SearchTool(bool multi, const char*) : mpsegrp(nullptr), max_len(0), multi_match(multi)
+{ }
 SearchTool::~SearchTool() = default;
 }
 DiscoveryFilter::~DiscoveryFilter(){}

diff --git a/src/network_inspectors/appid/test/service_state_test.cc b/src/network_inspectors/appid/test/service_state_test.cc
index cd840f9e30e1862fdd59a24f684b3129cee8807d..73f07b2ad3695be848c1b55551abf4fed5cc1ad0 100644 (file)
--- a/src/network_inspectors/appid/test/service_state_test.cc
+++ b/src/network_inspectors/appid/test/service_state_test.cc
@@ -137,7 +137,7 @@ SipPatternMatchers::~SipPatternMatchers() = default;
 SslPatternMatchers::~SslPatternMatchers() = default;
 AlpnPatternMatchers::~AlpnPatternMatchers() = default;
 CipPatternMatchers::~CipPatternMatchers() = default;
-snort::SearchTool::SearchTool(bool) { }
+snort::SearchTool::SearchTool(bool, const char*) { }
 snort::SearchTool::~SearchTool() = default;
 void appid_log(const snort::Packet*, unsigned char, char const* fmt, ...)
 {

diff --git a/src/network_inspectors/appid/test/tp_lib_handler_test.cc b/src/network_inspectors/appid/test/tp_lib_handler_test.cc
index c05d189b0f71bd1f49f2e6de93214f27bfe77f47..5788a00716c8c066686753f61442b2e126fd8cd8 100644 (file)
--- a/src/network_inspectors/appid/test/tp_lib_handler_test.cc
+++ b/src/network_inspectors/appid/test/tp_lib_handler_test.cc
@@ -43,7 +43,8 @@ static OdpContext stub_odp_ctxt(config, nullptr);
 OdpContext* AppIdContext::odp_ctxt = &stub_odp_ctxt;
 ThirdPartyAppIdContext* AppIdContext::tp_appid_ctxt = nullptr;
 
-snort::SearchTool::SearchTool(bool) { }
+snort::SearchTool::SearchTool(bool multi, const char*) : mpsegrp(nullptr), max_len(0), multi_match(multi)
+{ }
 snort::SearchTool::~SearchTool() = default;
 
 AppIdDiscovery::~AppIdDiscovery() = default;

diff --git a/src/network_inspectors/rna/test/rna_ua_fp_processor_test.cc b/src/network_inspectors/rna/test/rna_ua_fp_processor_test.cc
index c6da0e684e182252aa7c6dc464b11b08e004d219..3b5e479e124d4de6231d6b8768093750fbc08de7 100644 (file)
--- a/src/network_inspectors/rna/test/rna_ua_fp_processor_test.cc
+++ b/src/network_inspectors/rna/test/rna_ua_fp_processor_test.cc
@@ -62,7 +62,7 @@ static std::string s_data, s_prep_data;
 
 namespace snort
 {
-    SearchTool::SearchTool(bool)
+    SearchTool::SearchTool(bool multi, const char*) : mpsegrp(nullptr), max_len(0), multi_match(multi)
     { s_prep_count = s_count = 0; }
 
     SearchTool::~SearchTool()

diff --git a/src/search_engines/search_tool.cc b/src/search_engines/search_tool.cc
index 698c37286772b720219aa73ae987a8e977da8184..bd809b008f08d1428366f476d44c12470806febb 100644 (file)
--- a/src/search_engines/search_tool.cc
+++ b/src/search_engines/search_tool.cc
@@ -32,11 +32,12 @@
 
 namespace snort
 {
-SearchTool::SearchTool(bool multi)
+SearchTool::SearchTool(bool multi, const char* override_method)
 {
     const SnortConfig* sc = SnortConfig::get_conf();
     assert(sc and sc->fast_pattern_config);
-    const char* method = sc->fast_pattern_config->get_search_method();
+    assert(!override_method || strcmp(override_method, "hyperscan"));
+    const char* method = override_method ? override_method : sc->fast_pattern_config->get_search_method();
 
     if ( strcmp(method, "hyperscan") )
         method = "ac_full";
@@ -54,6 +55,9 @@ SearchTool::~SearchTool()
     delete mpsegrp;
 }
 
+const char* SearchTool::get_method() const
+{ return mpsegrp->get_normal_mpse()->get_method(); }
+
 void SearchTool::add(const char* pat, unsigned len, int id, bool no_case, bool literal)
 { add((const uint8_t*)pat, len, id, no_case, literal); }
 

diff --git a/src/search_engines/search_tool.h b/src/search_engines/search_tool.h
index 6e0427f00ba54c56f120e50ea2ec70fbe1296cd2..2f38a807e98aaf4f6a5ad807989eceab024ecb2c 100644 (file)
--- a/src/search_engines/search_tool.h
+++ b/src/search_engines/search_tool.h
@@ -37,9 +37,11 @@ namespace snort
 class SO_PUBLIC SearchTool
 {
 public:
-    SearchTool(bool multi_match = true);
+    SearchTool(bool multi_match = true, const char* = nullptr);
     ~SearchTool();
 
+    const char* get_method() const;
+
     void add(const char* pattern, unsigned len, int s_id, bool no_case = true, bool literal = true);
     void add(const char* pattern, unsigned len, void* s_context, bool no_case = true, bool literal = true);