Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: acsmx2.c

From: Todd Wease <twease () sourcefire com>
Date: Tue, 04 Nov 2008 09:37:40 -0500
Hi Rayne,

The main() function you're looking at in acsmx2.c was a way to initially
test the functionality of the acsmx2 code.  It looks like the prototype
for acsmSearch2 has changed since that driver function was written. 
Notice the main() is wrapped in a #ifdef ACSMX2S_MAIN.  This code is not
compiled into making the snort binary.

If you look at fpdetect.c, you will see calls to mpseSearch(), which
will in turn call acsmSearch2() if that is the pattern matcher being
used.  The data passed in is an OTNX_MATCH_DATA.  Also take a look in
fpcreate.c and look for mpse*.  Using the detection option tree code,
the Match callback points to rule_tree_match() in fpdetect.c.  So when a
match state is reached in acsmx2, the rule_tree_match() function is
called, with a pointer to an OTNX_MATCH_DATA data structure.

Todd


Rayne wrote:

Hi,

In the acsmx2.c file, the acsmSearch2 function was called by
acsmSearch2(acsm, text, strlen(text), MatchFound, (void *)0);

However, the function header for this function is
int acsmSearch2 ( ACSM_STRUCT2 * acsm, unsigned char * T, int n,
#ifdef DETECTION_OPTION_TREE
          int (*Match)(void * id, void *tree, int index, void *data),
#else
          int (*Match)( void * id, int index, void * data ),
#endif
                  void * data, int* current_state );

So assuming the (void *)0 in acsmx2.c corresponds to void *data, where
is the int* current_state?

Also, what does the void *data in both the Match, MatchFound and
acsmSearch2 functions represent or point to?

Thank you.

Regards,
Rayne


------------------------------------------------------------------------

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: