From: Ron Dempster (rdempste) Date: Mon, 30 Oct 2023 18:44:00 +0000 (+0000) Subject: Pull request #4077: search_tool: allow an override of the search method X-Git-Tag: 3.1.74.0~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1c63186c75281e1c70356a05a5de7d9d8bf0856c;p=thirdparty%2Fsnort3.git Pull request #4077: search_tool: allow an override of the search method Merge in SNORT/snort3 from ~RDEMPSTE/snort3:search_tool to master Squashed commit of the following: commit 69f8dddd2647a3e02e6446a9fe0e9a1ac78771f0 Author: Ron Dempster (rdempste) Date: Fri Oct 27 12:14:12 2023 -0400 search_tool: allow an override of the search method --- diff --git a/src/network_inspectors/appid/client_plugins/test/client_plugins_mock.h b/src/network_inspectors/appid/client_plugins/test/client_plugins_mock.h index 1370d6e63..a4c1e31ba 100644 --- a/src/network_inspectors/appid/client_plugins/test/client_plugins_mock.h +++ b/src/network_inspectors/appid/client_plugins/test/client_plugins_mock.h @@ -26,7 +26,8 @@ void LogMessage(const char*,...) { } void WarningMessage(const char*,...) { } // Stubs for search_tool.cc -SearchTool::SearchTool(bool) { } +SearchTool::SearchTool(bool multi, const char*) : mpsegrp(nullptr), max_len(0), multi_match(multi) +{ } SearchTool::~SearchTool() = default; void SearchTool::add(const char*, unsigned, int, bool, bool) { } void SearchTool::add(const char*, unsigned, void*, bool, bool) { } diff --git a/src/network_inspectors/appid/detector_plugins/test/detector_sip_test.cc b/src/network_inspectors/appid/detector_plugins/test/detector_sip_test.cc index e70bdff0e..6317241b4 100644 --- a/src/network_inspectors/appid/detector_plugins/test/detector_sip_test.cc +++ b/src/network_inspectors/appid/detector_plugins/test/detector_sip_test.cc @@ -65,7 +65,7 @@ Flow::~Flow() = default; AppIdSession* AppIdApi::get_appid_session(snort::Flow const&) { return nullptr; } MpseGroup::~MpseGroup() = default; -SearchTool::SearchTool(bool) +SearchTool::SearchTool(bool, const char*) { mpsegrp = &mpse_group; } diff --git a/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc b/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc index cd0f38c25..c8b8bd30f 100644 --- a/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc +++ b/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc @@ -60,7 +60,7 @@ namespace snort { AppIdSessionApi::AppIdSessionApi(const AppIdSession*, const SfIp&) : StashGenericObject(STASH_GENERIC_OBJECT_APPID) {} -SearchTool::SearchTool(bool) { } +SearchTool::SearchTool(bool, const char*) { } void SearchTool::reload() { } static bool test_find_all_done = false; static bool test_find_all_enabled = false; diff --git a/src/network_inspectors/appid/service_plugins/test/service_alpn_patterns_mock.h b/src/network_inspectors/appid/service_plugins/test/service_alpn_patterns_mock.h index b01124e25..96fd9ee90 100644 --- a/src/network_inspectors/appid/service_plugins/test/service_alpn_patterns_mock.h +++ b/src/network_inspectors/appid/service_plugins/test/service_alpn_patterns_mock.h @@ -22,7 +22,8 @@ namespace snort { // Stubs for search_tool.cc -SearchTool::SearchTool(bool) { } +SearchTool::SearchTool(bool multi, const char*) : mpsegrp(nullptr), max_len(0), multi_match(multi) +{ } SearchTool::~SearchTool() = default; void SearchTool::add(const char*, unsigned, int, bool, bool) { } void SearchTool::add(const char*, unsigned, void*, bool, bool) { } diff --git a/src/network_inspectors/appid/service_plugins/test/service_plugin_mock.h b/src/network_inspectors/appid/service_plugins/test/service_plugin_mock.h index 7a98af47b..dd7e44fc8 100644 --- a/src/network_inspectors/appid/service_plugins/test/service_plugin_mock.h +++ b/src/network_inspectors/appid/service_plugins/test/service_plugin_mock.h @@ -46,7 +46,7 @@ bool Inspector::get_buf(const char*, Packet*, InspectionBuffer&) { return true; class StreamSplitter* Inspector::get_splitter(bool) { return nullptr; } // Stubs for search_tool.cc -SearchTool::SearchTool(bool) { } +SearchTool::SearchTool(bool, const char*) { } SearchTool::~SearchTool() = default; // Stubs for util.cc diff --git a/src/network_inspectors/appid/test/appid_discovery_test.cc b/src/network_inspectors/appid/test/appid_discovery_test.cc index 60fcb096b..b95616f58 100644 --- a/src/network_inspectors/appid/test/appid_discovery_test.cc +++ b/src/network_inspectors/appid/test/appid_discovery_test.cc @@ -99,7 +99,7 @@ char* snort_strndup(const char* src, size_t) time_t packet_time() { return std::time(nullptr); } // Stubs for search_tool -SearchTool::SearchTool(bool) {} +SearchTool::SearchTool(bool, const char*) {} SearchTool::~SearchTool() = default; void SearchTool::add(const char*, unsigned, int, bool, bool) {} void SearchTool::add(const char*, unsigned, void*, bool, bool) {} diff --git a/src/network_inspectors/appid/test/appid_mock_definitions.h b/src/network_inspectors/appid/test/appid_mock_definitions.h index 72d54a6d3..291758727 100644 --- a/src/network_inspectors/appid/test/appid_mock_definitions.h +++ b/src/network_inspectors/appid/test/appid_mock_definitions.h @@ -59,7 +59,8 @@ void LogLabel(const char*, FILE*) {} unsigned DataBus::get_id(const PubKey&) { return 0; } -SearchTool::SearchTool(bool) { } +SearchTool::SearchTool(bool multi, const char*) : mpsegrp(nullptr), max_len(0), multi_match(multi) +{ } SearchTool::~SearchTool() = default; } DiscoveryFilter::~DiscoveryFilter(){} diff --git a/src/network_inspectors/appid/test/service_state_test.cc b/src/network_inspectors/appid/test/service_state_test.cc index cd840f9e3..73f07b2ad 100644 --- a/src/network_inspectors/appid/test/service_state_test.cc +++ b/src/network_inspectors/appid/test/service_state_test.cc @@ -137,7 +137,7 @@ SipPatternMatchers::~SipPatternMatchers() = default; SslPatternMatchers::~SslPatternMatchers() = default; AlpnPatternMatchers::~AlpnPatternMatchers() = default; CipPatternMatchers::~CipPatternMatchers() = default; -snort::SearchTool::SearchTool(bool) { } +snort::SearchTool::SearchTool(bool, const char*) { } snort::SearchTool::~SearchTool() = default; void appid_log(const snort::Packet*, unsigned char, char const* fmt, ...) { diff --git a/src/network_inspectors/appid/test/tp_lib_handler_test.cc b/src/network_inspectors/appid/test/tp_lib_handler_test.cc index c05d189b0..5788a0071 100644 --- a/src/network_inspectors/appid/test/tp_lib_handler_test.cc +++ b/src/network_inspectors/appid/test/tp_lib_handler_test.cc @@ -43,7 +43,8 @@ static OdpContext stub_odp_ctxt(config, nullptr); OdpContext* AppIdContext::odp_ctxt = &stub_odp_ctxt; ThirdPartyAppIdContext* AppIdContext::tp_appid_ctxt = nullptr; -snort::SearchTool::SearchTool(bool) { } +snort::SearchTool::SearchTool(bool multi, const char*) : mpsegrp(nullptr), max_len(0), multi_match(multi) +{ } snort::SearchTool::~SearchTool() = default; AppIdDiscovery::~AppIdDiscovery() = default; diff --git a/src/network_inspectors/rna/test/rna_ua_fp_processor_test.cc b/src/network_inspectors/rna/test/rna_ua_fp_processor_test.cc index c6da0e684..3b5e479e1 100644 --- a/src/network_inspectors/rna/test/rna_ua_fp_processor_test.cc +++ b/src/network_inspectors/rna/test/rna_ua_fp_processor_test.cc @@ -62,7 +62,7 @@ static std::string s_data, s_prep_data; namespace snort { - SearchTool::SearchTool(bool) + SearchTool::SearchTool(bool multi, const char*) : mpsegrp(nullptr), max_len(0), multi_match(multi) { s_prep_count = s_count = 0; } SearchTool::~SearchTool() diff --git a/src/search_engines/search_tool.cc b/src/search_engines/search_tool.cc index 698c37286..bd809b008 100644 --- a/src/search_engines/search_tool.cc +++ b/src/search_engines/search_tool.cc @@ -32,11 +32,12 @@ namespace snort { -SearchTool::SearchTool(bool multi) +SearchTool::SearchTool(bool multi, const char* override_method) { const SnortConfig* sc = SnortConfig::get_conf(); assert(sc and sc->fast_pattern_config); - const char* method = sc->fast_pattern_config->get_search_method(); + assert(!override_method || strcmp(override_method, "hyperscan")); + const char* method = override_method ? override_method : sc->fast_pattern_config->get_search_method(); if ( strcmp(method, "hyperscan") ) method = "ac_full"; @@ -54,6 +55,9 @@ SearchTool::~SearchTool() delete mpsegrp; } +const char* SearchTool::get_method() const +{ return mpsegrp->get_normal_mpse()->get_method(); } + void SearchTool::add(const char* pat, unsigned len, int id, bool no_case, bool literal) { add((const uint8_t*)pat, len, id, no_case, literal); } diff --git a/src/search_engines/search_tool.h b/src/search_engines/search_tool.h index 6e0427f00..2f38a807e 100644 --- a/src/search_engines/search_tool.h +++ b/src/search_engines/search_tool.h @@ -37,9 +37,11 @@ namespace snort class SO_PUBLIC SearchTool { public: - SearchTool(bool multi_match = true); + SearchTool(bool multi_match = true, const char* = nullptr); ~SearchTool(); + const char* get_method() const; + void add(const char* pattern, unsigned len, int s_id, bool no_case = true, bool literal = true); void add(const char* pattern, unsigned len, void* s_context, bool no_case = true, bool literal = true);