97 lines
3.8 KiB
C
97 lines
3.8 KiB
C
|
/*
|
||
|
* Support for matcher using PCRE
|
||
|
*
|
||
|
* Copyright (C) 2013-2022 Cisco Systems, Inc. and/or its affiliates. All rights reserved.
|
||
|
* Copyright (C) 2007-2013 Sourcefire, Inc.
|
||
|
*
|
||
|
* Authors: Kevin Lin
|
||
|
*
|
||
|
* This program is free software; you can redistribute it and/or modify
|
||
|
* it under the terms of the GNU General Public License version 2 as
|
||
|
* published by the Free Software Foundation.
|
||
|
*
|
||
|
* This program is distributed in the hope that it will be useful,
|
||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||
|
* GNU General Public License for more details.
|
||
|
*
|
||
|
* You should have received a copy of the GNU General Public License
|
||
|
* along with this program; if not, write to the Free Software
|
||
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
|
||
|
* MA 02110-1301, USA.
|
||
|
*/
|
||
|
|
||
|
#ifndef __MATCHER_PCRE_H
|
||
|
#define __MATCHER_PCRE_H
|
||
|
|
||
|
#if HAVE_CONFIG_H
|
||
|
#include "clamav-config.h"
|
||
|
#endif
|
||
|
|
||
|
#include <sys/types.h>
|
||
|
|
||
|
#include "clamav-types.h"
|
||
|
#include "dconf.h"
|
||
|
#include "mpool.h"
|
||
|
#include "regex_pcre.h"
|
||
|
|
||
|
#define PCRE_SCAN_NONE 0
|
||
|
#define PCRE_SCAN_BUFF 1
|
||
|
#define PCRE_SCAN_FMAP 2
|
||
|
|
||
|
/* stores offset data */
|
||
|
struct cli_pcre_off {
|
||
|
uint32_t *offset, *shift;
|
||
|
};
|
||
|
|
||
|
#if HAVE_PCRE
|
||
|
#define PCRE_BYPASS "7374756c747a676574737265676578"
|
||
|
#define CLI_PCRE_GLOBAL 0x00000001 /* g */
|
||
|
#define CLI_PCRE_ENCOMPASS 0x00000002 /* e */
|
||
|
#define CLI_PCRE_ROLLING 0x00000004 /* r */
|
||
|
|
||
|
#define CLI_PCRE_DISABLED 0x80000000 /* used for dconf or fail to build */
|
||
|
|
||
|
struct cli_pcre_meta {
|
||
|
char *trigger;
|
||
|
char *virname;
|
||
|
uint32_t lsigid[3]; /* 0=valid, 1=lsigid, 2=subsigid */
|
||
|
struct cli_pcre_data pdata;
|
||
|
/* clamav offset data */
|
||
|
uint32_t offdata[4];
|
||
|
uint32_t offset_min, offset_max;
|
||
|
/* internal flags (bitfield?) */
|
||
|
uint32_t flags;
|
||
|
/* performance tracking */
|
||
|
char *statname; /* freed by us, not cli_events_free */
|
||
|
uint32_t sigtime_id, sigmatch_id;
|
||
|
};
|
||
|
|
||
|
/* PCRE PERFORMANCE DECLARATIONS */
|
||
|
void cli_pcre_perf_print();
|
||
|
void cli_pcre_perf_events_destroy();
|
||
|
|
||
|
/* PCRE MATCHER DECLARATIONS */
|
||
|
int cli_pcre_init();
|
||
|
cl_error_t cli_pcre_addpatt(struct cli_matcher *root, const char *virname, const char *trigger, const char *pattern, const char *cflags, const char *offset, const uint32_t *lsigid, unsigned int options);
|
||
|
cl_error_t cli_pcre_build(struct cli_matcher *root, long long unsigned match_limit, long long unsigned recmatch_limit, const struct cli_dconf *dconf);
|
||
|
cl_error_t cli_pcre_recaloff(struct cli_matcher *root, struct cli_pcre_off *data, struct cli_target_info *info, cli_ctx *ctx);
|
||
|
void cli_pcre_freeoff(struct cli_pcre_off *data);
|
||
|
cl_error_t cli_pcre_scanbuf(const unsigned char *buffer, uint32_t length, const char **virname, struct cli_ac_result **res, const struct cli_matcher *root, struct cli_ac_data *mdata, const struct cli_pcre_off *data, cli_ctx *ctx);
|
||
|
void cli_pcre_freemeta(struct cli_matcher *root, struct cli_pcre_meta *pm);
|
||
|
void cli_pcre_freetable(struct cli_matcher *root);
|
||
|
#else
|
||
|
/* NO-PCRE DECLARATIONS - defined because encasing everything in '#if' is a pain and because dynamic library mappings are weird */
|
||
|
#define PCRE_BYPASS ""
|
||
|
|
||
|
void cli_pcre_perf_print();
|
||
|
void cli_pcre_perf_events_destroy();
|
||
|
|
||
|
int cli_pcre_init();
|
||
|
int cli_pcre_build(struct cli_matcher *root, long long unsigned match_limit, long long unsigned recmatch_limit, const struct cli_dconf *dconf);
|
||
|
int cli_pcre_scanbuf(const unsigned char *buffer, uint32_t length, const char **virname, struct cli_ac_result **res, const struct cli_matcher *root, struct cli_ac_data *mdata, const struct cli_pcre_off *data, cli_ctx *ctx);
|
||
|
int cli_pcre_recaloff(struct cli_matcher *root, struct cli_pcre_off *data, struct cli_target_info *info, cli_ctx *ctx);
|
||
|
void cli_pcre_freeoff(struct cli_pcre_off *data);
|
||
|
#endif /* HAVE_PCRE */
|
||
|
#endif /*__MATCHER_PCRE_H*/
|