tango-maat/scanner/adapter_hs/adapter_hs.h

/*
**********************************************************************************************
*	File: adapter_hs.h
*   Description: wrapper for raw hyperscan
*	Authors: Liu WenTan <liuwentan@geedgenetworks.com>
*	Date:    2022-10-31
*   Copyright: (c) 2018-2022 Geedge Networks, Inc. All rights reserved.
***********************************************************************************************
*/

#ifndef _ADAPTER_HS_H_
#define _ADAPTER_HS_H_

#ifdef __cplusplus
extern "C"
{
#endif

#include <stddef.h>
#include <stdint.h>

#include "log/log.h"

#define MAX_EXPR_PATTERN_NUM 8

struct adapter_hs;

/* match method */
enum hs_match_mode {
    HS_MATCH_MODE_INVALID = -1,
    HS_MATCH_MODE_EXACTLY = 1,  /* scan data must match pattern exactly */
    HS_MATCH_MODE_PREFIX,       /* pattern must in the head of scan_data */
    HS_MATCH_MODE_SUFFIX,       /* pattern must in the end of scan_data */
    HS_MATCH_MODE_SUB,           /* pattern must in the range[l_offset, r_offset] of scan_data */
    HS_MATCH_MODE_MAX
};

enum hs_pattern_type {
    HS_PATTERN_TYPE_STR = 0,  /* pure literal string */
    HS_PATTERN_TYPE_REG,      /* regex expression */
    HS_PATTERN_TYPE_MAX
};

enum hs_case_sensitive {
    HS_CASE_SENSITIVE = 0,
    HS_CASE_INSENSITIVE
};

struct hs_scan_result {
    long long rule_id;
    void *user_tag;
};

struct hs_pattern {
    enum hs_case_sensitive case_sensitive;
    enum hs_match_mode match_mode;
    enum hs_pattern_type pattern_type;

    int is_hexbin; /* 1(yes) 0(no) */

    /* 
     * just match in scan_data's range of [start_offset, end_offset], -1 means no limits
     * for example:
     *  [-1, end_offset] means the pattern must in scan_data's [0 ~ start_offset]
     *  [start_offset, -1] means the pattern must in scan_data's [start_offset ~ data_end]
     */
    int start_offset;
    int end_offset;

    /* start pointer of pattern */
    char *pat;
    /* pattern length */
    size_t pat_len;
};

/* logic AND expression, such as (pattern1 & pattern2) */
struct expr_rule {
    long long expr_id;
    size_t n_patterns;
    struct hs_pattern patterns[MAX_EXPR_PATTERN_NUM];
    void *user_tag;
};

int adapter_hs_verify_regex_expression(const char *regex_expr,
                                       struct log_handle *logger);
/**
 * @brief new adapter_hs instance
 * 
 * @param nr_worker_threads: the number of scan threads which will call adapter_hs_scan()
 * @param rules:             logic AND expression's array
 * @param n_rule:            the number of logic AND expression's array
 * 
 * @retval the pointer to adapter_hs instance
*/
struct adapter_hs *adapter_hs_new(size_t n_worker_thread,
                                  struct expr_rule *rules, size_t n_rule,
                                  struct log_handle *logger);

/**
 * @brief scan input data to match logic AND expression, return all matched expr_id
 * 
 * @param instance:  adapter_hs instance obtained by adapter_hs_new()
 * @param thread_id: the thread_id of caller
 * @param data:      data to be scanned
 * @param data_len:  the length of data to be scanned
 * @param results:   the array of expr_id
 * @param n_results: number of elements in array of expr_id
*/
int adapter_hs_scan(struct adapter_hs *hs_instance, int thread_id,
                    const char *data, size_t data_len, 
                    struct hs_scan_result *results,
                    size_t n_result, size_t *n_hit_result);

/**
 * @brief destroy adapter_hs instance
 * 
 * @param instance: adapter_hs instance obtained by adapter_hs_new()
*/
void adapter_hs_free(struct adapter_hs *instance);

struct adapter_hs_stream;
/**
 * @brief open adapter_hs stream after adapter_hs instance initialized for stream scan
 * 
*/
struct adapter_hs_stream *adapter_hs_stream_open(struct adapter_hs *hs_instance, int thread_id);

int adapter_hs_scan_stream(struct adapter_hs_stream *stream, const char *data, size_t data_len,
                           struct hs_scan_result *results, size_t n_result, size_t *n_hit_result);

void adapter_hs_stream_close(struct adapter_hs_stream *stream);

#ifdef __cplusplus
}
#endif

#endif
unfinished work 2022-11-17 05:05:35 +08:00			`/*`
			`**********************************************************************************************`
			`* File: adapter_hs.h`
			`* Description: wrapper for raw hyperscan`
			`* Authors: Liu WenTan <liuwentan@geedgenetworks.com>`
			`* Date: 2022-10-31`
			`* Copyright: (c) 2018-2022 Geedge Networks, Inc. All rights reserved.`
			`***********************************************************************************************`
			`*/`

			`#ifndef _ADAPTER_HS_H_`
			`#define _ADAPTER_HS_H_`

cpp->c and expr support configurable generation of literal_db or regex_db 2023-02-15 11:53:46 +08:00			`#ifdef __cplusplus`
unfinished work 2022-11-17 05:05:35 +08:00			`extern "C"`
			`{`
			`#endif`

			`#include <stddef.h>`
			`#include <stdint.h>`

unfinished work 2023-01-30 21:59:35 +08:00			`#include "log/log.h"`

unfinished work 2022-11-17 05:05:35 +08:00			`#define MAX_EXPR_PATTERN_NUM 8`

			`struct adapter_hs;`

cpp->c and expr support configurable generation of literal_db or regex_db 2023-02-15 11:53:46 +08:00			`/* match method */`
			`enum hs_match_mode {`
add ci config 2023-02-16 11:13:23 +08:00			`HS_MATCH_MODE_INVALID = -1,`
cpp->c and expr support configurable generation of literal_db or regex_db 2023-02-15 11:53:46 +08:00			`HS_MATCH_MODE_EXACTLY = 1, /* scan data must match pattern exactly */`
			`HS_MATCH_MODE_PREFIX, /* pattern must in the head of scan_data */`
			`HS_MATCH_MODE_SUFFIX, /* pattern must in the end of scan_data */`
			`HS_MATCH_MODE_SUB, /* pattern must in the range[l_offset, r_offset] of scan_data */`
			`HS_MATCH_MODE_MAX`
			`};`

			`enum hs_pattern_type {`
			`HS_PATTERN_TYPE_STR = 0, /* pure literal string */`
			`HS_PATTERN_TYPE_REG, /* regex expression */`
			`HS_PATTERN_TYPE_MAX`
			`};`

			`enum hs_case_sensitive {`
			`HS_CASE_SENSITIVE = 0,`
simplify table rcu hash 2023-05-07 23:09:33 +08:00			`HS_CASE_INSENSITIVE`
unfinished work 2022-11-17 05:05:35 +08:00			`};`

unfinished work 2023-02-03 17:28:14 +08:00			`struct hs_scan_result {`
simplify table rcu hash 2023-05-07 23:09:33 +08:00			`long long rule_id;`
unfinished work 2023-02-03 17:28:14 +08:00			`void *user_tag;`
			`};`

item_uthash -> item_rcu && add foreign cont dir API 2023-03-15 11:36:54 +08:00			`struct hs_pattern {`
cpp->c and expr support configurable generation of literal_db or regex_db 2023-02-15 11:53:46 +08:00			`enum hs_case_sensitive case_sensitive;`
			`enum hs_match_mode match_mode;`
support same pattern different offset(x-x:pat1 & y-y:pat1) 2023-03-22 11:10:00 +08:00			`enum hs_pattern_type pattern_type;`

add ci config 2023-02-16 11:13:23 +08:00			`int is_hexbin; /* 1(yes) 0(no) */`
cpp->c and expr support configurable generation of literal_db or regex_db 2023-02-15 11:53:46 +08:00
			`/*`
support same pattern different offset(x-x:pat1 & y-y:pat1) 2023-03-22 11:10:00 +08:00			`* just match in scan_data's range of [start_offset, end_offset], -1 means no limits`
cpp->c and expr support configurable generation of literal_db or regex_db 2023-02-15 11:53:46 +08:00			`* for example:`
support same pattern different offset(x-x:pat1 & y-y:pat1) 2023-03-22 11:10:00 +08:00			`* [-1, end_offset] means the pattern must in scan_data's [0 ~ start_offset]`
			`* [start_offset, -1] means the pattern must in scan_data's [start_offset ~ data_end]`
cpp->c and expr support configurable generation of literal_db or regex_db 2023-02-15 11:53:46 +08:00			`*/`
support same pattern different offset(x-x:pat1 & y-y:pat1) 2023-03-22 11:10:00 +08:00			`int start_offset;`
			`int end_offset;`
support expr offset match 2023-02-09 22:13:15 +08:00
unfinished work 2022-11-17 05:05:35 +08:00			`/* start pointer of pattern */`
			`char *pat;`
			`/* pattern length */`
			`size_t pat_len;`
item_uthash -> item_rcu && add foreign cont dir API 2023-03-15 11:36:54 +08:00			`};`
unfinished work 2022-11-17 05:05:35 +08:00
			`/* logic AND expression, such as (pattern1 & pattern2) */`
simplify table rcu hash 2023-05-07 23:09:33 +08:00			`struct expr_rule {`
item_uthash -> item_rcu && add foreign cont dir API 2023-03-15 11:36:54 +08:00			`long long expr_id;`
unfinished work 2022-11-17 05:05:35 +08:00			`size_t n_patterns;`
item_uthash -> item_rcu && add foreign cont dir API 2023-03-15 11:36:54 +08:00			`struct hs_pattern patterns[MAX_EXPR_PATTERN_NUM];`
unfinished work 2023-02-03 17:28:14 +08:00			`void *user_tag;`
item_uthash -> item_rcu && add foreign cont dir API 2023-03-15 11:36:54 +08:00			`};`
unfinished work 2022-11-17 05:05:35 +08:00
[feature]verify regex expression 2023-05-09 17:45:43 +08:00			`int adapter_hs_verify_regex_expression(const char *regex_expr,`
			`struct log_handle *logger);`
unfinished work 2022-11-17 05:05:35 +08:00			`/**`
change lib name to libmaat4 for test 2023-03-22 11:23:21 +08:00			`* @brief new adapter_hs instance`
unfinished work 2022-11-17 05:05:35 +08:00			`*`
			`* @param nr_worker_threads: the number of scan threads which will call adapter_hs_scan()`
simplify table rcu hash 2023-05-07 23:09:33 +08:00			`* @param rules: logic AND expression's array`
			`* @param n_rule: the number of logic AND expression's array`
unfinished work 2022-11-17 05:05:35 +08:00			`*`
			`* @retval the pointer to adapter_hs instance`
			`*/`
change lib name to libmaat4 for test 2023-03-22 11:23:21 +08:00			`struct adapter_hs *adapter_hs_new(size_t n_worker_thread,`
simplify table rcu hash 2023-05-07 23:09:33 +08:00			`struct expr_rule *rules, size_t n_rule,`
change lib name to libmaat4 for test 2023-03-22 11:23:21 +08:00			`struct log_handle *logger);`
unfinished work 2022-11-17 05:05:35 +08:00
			`/**`
			`* @brief scan input data to match logic AND expression, return all matched expr_id`
			`*`
change lib name to libmaat4 for test 2023-03-22 11:23:21 +08:00			`* @param instance: adapter_hs instance obtained by adapter_hs_new()`
unfinished work 2022-11-17 05:05:35 +08:00			`* @param thread_id: the thread_id of caller`
			`* @param data: data to be scanned`
			`* @param data_len: the length of data to be scanned`
			`* @param results: the array of expr_id`
			`* @param n_results: number of elements in array of expr_id`
			`*/`
add flagMatcher and IntevalMatcher 2023-02-06 08:14:25 +08:00			`int adapter_hs_scan(struct adapter_hs *hs_instance, int thread_id,`
			`const char *data, size_t data_len,`
			`struct hs_scan_result *results,`
			`size_t n_result, size_t *n_hit_result);`
unfinished work 2022-11-17 05:05:35 +08:00
			`/**`
			`* @brief destroy adapter_hs instance`
			`*`
change lib name to libmaat4 for test 2023-03-22 11:23:21 +08:00			`* @param instance: adapter_hs instance obtained by adapter_hs_new()`
unfinished work 2022-11-17 05:05:35 +08:00			`*/`
change lib name to libmaat4 for test 2023-03-22 11:23:21 +08:00			`void adapter_hs_free(struct adapter_hs *instance);`
unfinished work 2022-11-17 05:05:35 +08:00
			`struct adapter_hs_stream;`
			`/**`
			`* @brief open adapter_hs stream after adapter_hs instance initialized for stream scan`
			`*`
			`*/`
			`struct adapter_hs_stream adapter_hs_stream_open(struct adapter_hs hs_instance, int thread_id);`

			`int adapter_hs_scan_stream(struct adapter_hs_stream stream, const char data, size_t data_len,`
fix flag_matcher and interval_matcher compile error 2023-02-07 11:25:31 +08:00			`struct hs_scan_result results, size_t n_result, size_t n_hit_result);`
unfinished work 2022-11-17 05:05:35 +08:00
			`void adapter_hs_stream_close(struct adapter_hs_stream *stream);`

cpp->c and expr support configurable generation of literal_db or regex_db 2023-02-15 11:53:46 +08:00			`#ifdef __cplusplus`
unfinished work 2022-11-17 05:05:35 +08:00			`}`
			`#endif`

adapter_hs engine only construct stream db 2023-03-17 17:28:52 +08:00			`#endif`