diff --git a/src/filter-test.c b/src/filter-test.c index 89ec780..f0ebcdb 100644 --- a/src/filter-test.c +++ b/src/filter-test.c @@ -29,6 +29,8 @@ int main(int argc, char *argv[]) { char stats[4096]; size_t read = 0, matched = 0; FILE *file = NULL; + uint32_t ftag; + short int score; if (argc < 3) usage(); @@ -67,9 +69,9 @@ int main(int argc, char *argv[]) { while (fgets(line, sizeof(line), file) != NULL) { read++; - if (f2b_filter_match(filter, line, match, sizeof(match))) { + if ((ftag = f2b_filter_match(filter, line, match, sizeof(match), &score)) > 0) { matched++; - fprintf(stdout, "+ %s\n", match); + fprintf(stdout, "+ %s (score: %d, tag: %08X)\n", match, score, ftag); continue; } else { fprintf(stdout, "- (no-match): %s", line); diff --git a/src/filter.c b/src/filter.c index b4b9c3d..1a8aba3 100644 --- a/src/filter.c +++ b/src/filter.c @@ -193,13 +193,12 @@ f2b_filter_append(f2b_filter_t *filter, const char *pattern) { return filter->append(filter->cfg, pattern); } -bool -f2b_filter_match(f2b_filter_t *filter, const char *line, char *buf, size_t buf_size) { +uint32_t +f2b_filter_match(f2b_filter_t *filter, const char *line, char *buf, size_t bufsize, short int *score) { assert(filter != NULL); assert(line != NULL); - assert(buf != NULL); - return filter->match(filter->cfg, line, buf, buf_size); + return filter->match(filter->cfg, line, buf, bufsize, score); } void diff --git a/src/filter.h b/src/filter.h index 3506477..f279177 100644 --- a/src/filter.h +++ b/src/filter.h @@ -33,7 +33,7 @@ typedef struct f2b_filter_t { /** dlsym pointer to handler of @a stats command */ bool (*stats) (void *cfg, char *buf, size_t bufsize); /** dlsym pointer to handler of @a match command */ - bool (*match) (void *cfg, const char *line, char *buf, size_t buf_size); + uint32_t (*match)(void *cfg, const char *line, char *buf, size_t bufsize, short int *score); /** dlsym pointer to handler of @a destroy command */ void (*destroy) (void *cfg); /* config variables */ @@ -76,9 +76,10 @@ bool f2b_filter_append(f2b_filter_t *f, const char *pattern); * @param line Line of data * @param buf Match buffer * @param bufsize Size of match buffer - * @returns false if no match and true otherwise with filling @a buf with matched token + * @param score Pointer to score + * @returns >0 on match 0 otherwise, fills @a buf with extracted host string and @a score with match score */ -bool f2b_filter_match (f2b_filter_t *f, const char *line, char *buf, size_t bufsize); +uint32_t f2b_filter_match (f2b_filter_t *f, const char *line, char *buf, size_t bufsize, short int *score); /* handlers for csocket commands processing */ /** handler of 'jail $JAIL filter reload' cmd */ diff --git a/src/filters/filter.h b/src/filters/filter.h index 10f98a6..f371f05 100644 --- a/src/filters/filter.h +++ b/src/filters/filter.h @@ -100,7 +100,7 @@ extern bool stats(cfg_t *cfg, char *buf, size_t bufsize); * @param bufsize Size of buffer above * @returns false if no match or true otherwise with filling @a buf */ -extern bool match(cfg_t *cfg, const char *line, char *buf, size_t bufsize); +extern uint32_t match(cfg_t *cfg, const char *line, char *buf, size_t bufsize, short int *score); /** * @brief Destroy all added patterns and free it's resources * @param cfg Module handler diff --git a/src/filters/pcre.c b/src/filters/pcre.c index 74d44a3..346ad1f 100644 --- a/src/filters/pcre.c +++ b/src/filters/pcre.c @@ -140,8 +140,8 @@ append(cfg_t *cfg, const char *pattern) { return true; } -bool -match(cfg_t *cfg, const char *line, char *buf, size_t buf_size) { +uint32_t +match(cfg_t *cfg, const char *line, char *buf, size_t buf_size, short int *score) { enum { OVECSIZE = 30 }; int ovector[OVECSIZE]; int flags = 0; @@ -156,7 +156,7 @@ match(cfg_t *cfg, const char *line, char *buf, size_t buf_size) { if (rc < 0 && rc == PCRE_ERROR_NOMATCH) continue; if (rc < 0) { - log_msg(cfg, error, "matched failed with error: %d", rc); + log_msg(cfg, error, "pcre match failed with error: %d", rc); continue; } /* matched */ @@ -167,10 +167,11 @@ match(cfg_t *cfg, const char *line, char *buf, size_t buf_size) { log_msg(cfg, error, "can't copy matched string: %d", rc); continue; } - return true; + *score = r->score; + return r->ftag; } - return false; + return 0; } void diff --git a/src/filters/preg.c b/src/filters/preg.c index b496c76..f0f8e22 100644 --- a/src/filters/preg.c +++ b/src/filters/preg.c @@ -112,8 +112,8 @@ append(cfg_t *cfg, const char *pattern) { return false; } -bool -match(cfg_t *cfg, const char *line, char *buf, size_t buf_size) { +uint32_t +match(cfg_t *cfg, const char *line, char *buf, size_t buf_size, short int *score) { size_t match_len = 0; regmatch_t match[2]; @@ -131,10 +131,11 @@ match(cfg_t *cfg, const char *line, char *buf, size_t buf_size) { memcpy(buf, &line[match[1].rm_so], match_len); buf[match_len] = '\0'; buf[buf_size - 1] = '\0'; - return true; + *score = cfg->defscore; + return r->ftag; } - return false; + return 0; } void diff --git a/t/t_filters.c b/t/t_filters.c index d9df4db..4247cfb 100644 --- a/t/t_filters.c +++ b/t/t_filters.c @@ -8,7 +8,9 @@ int main() { cfg_t *filter = NULL; char matchbuf[IPADDR_MAX] = ""; bool result = false; + short int score; int flags; + uint32_t ftag; UNUSED(result); @@ -36,17 +38,17 @@ int main() { flags = state(filter); assert(flags & MOD_IS_READY); - result = match(filter, "host", matchbuf, sizeof(matchbuf)); - assert(result == false); + ftag = match(filter, "host", matchbuf, sizeof(matchbuf), &score); + assert(ftag == 0); - result = match(filter, "host with marker ", matchbuf, sizeof(matchbuf)); - assert(result == false); + ftag = match(filter, "host with marker ", matchbuf, sizeof(matchbuf), &score); + assert(ftag == 0); - result = match(filter, "host with marker 1.2.3.4", matchbuf, sizeof(matchbuf)); - assert(result == true); + ftag = match(filter, "host with marker 1.2.3.4", matchbuf, sizeof(matchbuf), &score); + assert(ftag > 0); - result = match(filter, "host with marker example.com", matchbuf, sizeof(matchbuf)); - assert(result == false); + ftag = match(filter, "host with marker example.com", matchbuf, sizeof(matchbuf), &score); + assert(ftag == 0); destroy(filter);