+++ /dev/null
-From a71cca137eb33f659354ce0ebda4951cb26485df Mon Sep 17 00:00:00 2001
-From: Christian Marangi <ansuelsmth@gmail.com>
-Date: Mon, 6 Nov 2023 22:43:59 +0100
-Subject: [PATCH] core: convert project to PCRE2
-
-Convert project to PCRE2 as PCRE is EOL and won't receive any security
-updates anymore.
-
-PCRE2 changed some API and concept. Mainly there isn't the concept of
-study anymore, replaced by match_context concept and match_data is used
-instead of ovector to handle results. Because of this the scratcher is
-not needed anymore and is replaced by a simple function to setup the max
-ovector size on end module init.
-
-Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
----
- README.md | 17 +-
- cmake/FindPCRE.cmake | 32 --
- cmake/FindPCRE2.cmake | 32 ++
- cmake/create_pkg_config.cmake | 4 +-
- cmake/include_libraries.cmake | 2 +-
- configure_cmake.sh | 16 +-
- lua/balanced.lua | 2 +-
- lua/max_detect.lua | 6 +-
- lua/security.lua | 4 +-
- snort.pc.in | 4 +-
- src/CMakeLists.txt | 4 +-
- src/detection/detection_module.cc | 48 +--
- src/detection/detection_options.cc | 6 +-
- src/ips_options/ips_options.cc | 4 +-
- src/ips_options/ips_pcre.cc | 391 ++++++++----------
- src/main/shell.cc | 9 +-
- src/main/snort_config.h | 26 +-
- .../appid/lua_detector_api.cc | 62 +--
- src/parser/parse_rule.cc | 4 +-
- src/parser/parse_stream.cc | 2 +-
- src/search_engines/test/hyperscan_test.cc | 2 +-
- src/utils/stats.cc | 6 +-
- src/utils/stats.h | 6 +-
- src/utils/util.cc | 8 +-
- tools/snort2lua/config_states/config_api.cc | 12 +-
- .../config_states/config_no_option.cc | 14 +-
- .../config_states/config_one_int_option.cc | 24 +-
- tools/snort2lua/rule_states/CMakeLists.txt | 2 +-
- tools/snort2lua/rule_states/rule_api.cc | 4 +-
- .../{rule_pcre.cc => rule_pcre2.cc} | 40 +-
- .../snort2lua/rule_states/rule_sd_pattern.cc | 4 +-
- 31 files changed, 393 insertions(+), 404 deletions(-)
- delete mode 100644 cmake/FindPCRE.cmake
- create mode 100644 cmake/FindPCRE2.cmake
- rename tools/snort2lua/rule_states/{rule_pcre.cc => rule_pcre2.cc} (80%)
-
---- a/README.md
-+++ b/README.md
-@@ -8,13 +8,14 @@ topics:
-
- ---
-
--* [Overview](#overview)
--* [Dependencies](#dependencies)
--* [Download](#download)
--* [Build Snort](#build-snort)
--* [Run Snort](#run-snort)
--* [Documentation](#documentation)
--* [Squeal](#squeal)
-+- [Snort++](#snort)
-+- [OVERVIEW](#overview)
-+- [DEPENDENCIES](#dependencies)
-+- [DOWNLOAD](#download)
-+- [BUILD SNORT](#build-snort)
-+- [RUN SNORT](#run-snort)
-+- [DOCUMENTATION](#documentation)
-+- [SQUEAL](#squeal)
-
- # OVERVIEW
-
-@@ -61,7 +62,7 @@ the latest:
- * OpenSSL from https://www.openssl.org/source/ for SHA and MD5 file signatures,
- the protected_content rule option, and SSL service detection
- * pcap from http://www.tcpdump.org for tcpdump style logging
--* pcre from http://www.pcre.org for regular expression pattern matching
-+* pcre2 from http://www.pcre.org for regular expression pattern matching
- * pkgconfig from https://www.freedesktop.org/wiki/Software/pkg-config/ to locate build dependencies
- * zlib from http://www.zlib.net for decompression
-
---- a/cmake/FindPCRE.cmake
-+++ /dev/null
-@@ -1,32 +0,0 @@
--# - Find pcre
--# Find the native PCRE includes and library
--#
--# PCRE_INCLUDE_DIR - where to find pcre.h, etc.
--# PCRE_LIBRARIES - List of libraries when using pcre.
--# PCRE_FOUND - True if pcre found.
--
--set(ERROR_MESSAGE
-- "\n\tERROR! Libpcre library not found.
-- \tGet it from http://www.pcre.org\n"
--)
--
--find_package(PkgConfig)
--pkg_check_modules(PC_PCRE libpcre)
--
--# Use PCRE_INCLUDE_DIR_HINT and PCRE_LIBRARIES_DIR_HINT from configure_cmake.sh as primary hints
--# and then package config information after that.
--find_path(PCRE_INCLUDE_DIR pcre.h
-- HINTS ${PCRE_INCLUDE_DIR_HINT} ${PC_PCRE_INCLUDEDIR} ${PC_PCRE_INCLUDE_DIRS})
--find_library(PCRE_LIBRARIES NAMES pcre
-- HINTS ${PCRE_LIBRARIES_DIR_HINT} ${PC_PCRE_LIBDIR} ${PC_PCRE_LIBRARY_DIRS})
--
--include(FindPackageHandleStandardArgs)
--find_package_handle_standard_args(PCRE
-- REQUIRED_VARS PCRE_INCLUDE_DIR PCRE_LIBRARIES
-- FAIL_MESSAGE "${ERROR_MESSAGE}"
--)
--
--mark_as_advanced(
-- PCRE_LIBRARIES
-- PCRE_INCLUDE_DIR
--)
---- /dev/null
-+++ b/cmake/FindPCRE2.cmake
-@@ -0,0 +1,32 @@
-+# - Find pcre2
-+# Find the native PCRE2 includes and library
-+#
-+# PCRE2_INCLUDE_DIR - where to find pcre2.h, etc.
-+# PCRE2_LIBRARIES - List of libraries when using pcre2.
-+# PCRE2_FOUND - True if pcre2 found.
-+
-+set(ERROR_MESSAGE
-+ "\n\tERROR! Libpcre2 library not found.
-+ \tGet it from http://www.pcre.org\n"
-+)
-+
-+find_package(PkgConfig)
-+pkg_check_modules(PC_PCRE2 libpcre2-8)
-+
-+# Use PCRE2_INCLUDE_DIR_HINT and PCRE_LIBRARIES_DIR_HINT from configure_cmake.sh as primary hints
-+# and then package config information after that.
-+find_path(PCRE2_INCLUDE_DIR pcre2.h
-+ HINTS ${PCRE2_INCLUDE_DIR_HINT} ${PC_PCRE2_INCLUDEDIR} ${PC_PCRE2_INCLUDE_DIRS})
-+find_library(PCRE2_LIBRARIES NAMES pcre2-8
-+ HINTS ${PCRE2_LIBRARIES_DIR_HINT} ${PC_PCRE2_LIBDIR} ${PC_PCRE2_LIBRARY_DIRS})
-+
-+include(FindPackageHandleStandardArgs)
-+find_package_handle_standard_args(PCRE2-8
-+ REQUIRED_VARS PCRE2_INCLUDE_DIR PCRE2_LIBRARIES
-+ FAIL_MESSAGE "${ERROR_MESSAGE}"
-+)
-+
-+mark_as_advanced(
-+ PCRE2_LIBRARIES
-+ PCRE2_INCLUDE_DIR
-+)
---- a/cmake/create_pkg_config.cmake
-+++ b/cmake/create_pkg_config.cmake
-@@ -72,8 +72,8 @@ if(PCAP_INCLUDE_DIR)
- set(PCAP_CPPFLAGS "-I${PCAP_INCLUDE_DIR}")
- endif()
-
--if(PCRE_INCLUDE_DIR)
-- set(PCRE_CPPFLAGS "-I${PCRE_INCLUDE_DIR}")
-+if(PCRE2_INCLUDE_DIR)
-+ set(PCRE2_CPPFLAGS "-I${PCRE2_INCLUDE_DIR}")
- endif()
-
- if(UUID_INCLUDE_DIR)
---- a/cmake/include_libraries.cmake
-+++ b/cmake/include_libraries.cmake
-@@ -8,7 +8,7 @@ find_package(HWLOC REQUIRED)
- find_package(LuaJIT REQUIRED)
- find_package(OpenSSL 1.1.1 REQUIRED)
- find_package(PCAP REQUIRED)
--find_package(PCRE REQUIRED)
-+find_package(PCRE2 REQUIRED)
- find_package(ZLIB REQUIRED)
- if (ENABLE_UNIT_TESTS)
- find_package(CppUTest REQUIRED)
---- a/configure_cmake.sh
-+++ b/configure_cmake.sh
-@@ -90,10 +90,10 @@ Optional Packages:
- luajit include directory
- --with-luajit-libraries=DIR
- luajit library directory
-- --with-pcre-includes=DIR
-- libpcre include directory
-- --with-pcre-libraries=DIR
-- libpcre library directory
-+ --with-pcre2-includes=DIR
-+ libpcre2 include directory
-+ --with-pcre2-libraries=DIR
-+ libpcre2 library directory
- --with-dnet-includes=DIR
- libdnet include directory
- --with-dnet-libraries=DIR
-@@ -417,11 +417,11 @@ while [ $# -ne 0 ]; do
- --with-luajit-libraries=*)
- append_cache_entry LUAJIT_LIBRARIES_DIR_HINT PATH $optarg
- ;;
-- --with-pcre-includes=*)
-- append_cache_entry PCRE_INCLUDE_DIR_HINT PATH $optarg
-+ --with-pcre2-includes=*)
-+ append_cache_entry PCRE2_INCLUDE_DIR_HINT PATH $optarg
- ;;
-- --with-pcre-libraries=*)
-- append_cache_entry PCRE_LIBRARIES_DIR_HINT PATH $optarg
-+ --with-pcre2-libraries=*)
-+ append_cache_entry PCRE2_LIBRARIES_DIR_HINT PATH $optarg
- ;;
- --with-dnet-includes=*)
- append_cache_entry DNET_INCLUDE_DIR_HINT PATH $optarg
---- a/lua/balanced.lua
-+++ b/lua/balanced.lua
-@@ -5,7 +5,7 @@
-
- arp_spoof = nil
-
--detection = { pcre_override = false }
-+detection = { pcre2_override = false }
-
- http_inspect.request_depth = 300
- http_inspect.response_depth = 500
---- a/lua/max_detect.lua
-+++ b/lua/max_detect.lua
-@@ -10,13 +10,13 @@ ftp_server.check_encrypted = true
-
- detection =
- {
-- pcre_match_limit = 3500,
-- pcre_match_limit_recursion = 3500,
-+ pcre2_match_limit = 3500,
-+ pcre2_match_limit_recursion = 3500,
-
- -- enable for hyperscan for best throughput
- -- use multiple packet threads for fast startup
- --hyperscan_literals = true,
-- --pcre_to_regex = true
-+ --pcre2_to_regex = true
- }
-
- http_inspect.decompress_pdf = true
---- a/lua/security.lua
-+++ b/lua/security.lua
-@@ -9,8 +9,8 @@ ftp_server.check_encrypted = true
-
- detection =
- {
-- pcre_match_limit = 3500,
-- pcre_match_limit_recursion = 3500
-+ pcre2_match_limit = 3500,
-+ pcre2_match_limit_recursion = 3500
- }
-
- http_inspect.decompress_pdf = true
---- a/snort.pc.in
-+++ b/snort.pc.in
-@@ -9,7 +9,7 @@ mandir=@mandir@
- infodir=@infodir@
-
- cpp_opts=DAQ LUAJIT
--cpp_opts_other=DNET HWLOC HYPERSCAN LZMA OPENSSL PCAP PCRE UUID
-+cpp_opts_other=DNET HWLOC HYPERSCAN LZMA OPENSSL PCAP PCRE2 UUID
-
- PCAP_CPPFLAGS=@PCAP_CPPFLAGS@
- LUAJIT_CPPFLAGS=@LUAJIT_CPPFLAGS@
-@@ -18,7 +18,7 @@ DAQ_CPPFLAGS=@DAQ_CPPFLAGS@
- FLEX_CPPFLAGS=@FLEX_CPPFLAGS@
- OPENSSL_CPPFLAGS=@OPENSSL_CPPFLAGS@
- HWLOC_CPPFLAGS=@HWLOC_CPPFLAGS@
--PCRE_CPPFLAGS=@PCRE_CPPFLAGS@
-+PCRE2_CPPFLAGS=@PCRE2_CPPFLAGS@
- LZMA_CPPFLAGS=@LZMA_CPPFLAGS@
- HYPERSCAN_CPPFLAGS=@HYPERSCAN_CPPFLAGS@
- UUID_CPPFLAGS=@UUID_CPPFLAGS@
---- a/src/CMakeLists.txt
-+++ b/src/CMakeLists.txt
-@@ -10,7 +10,7 @@ set(EXTERNAL_LIBRARIES
- ${LUAJIT_LIBRARIES}
- ${OPENSSL_CRYPTO_LIBRARY}
- ${PCAP_LIBRARIES}
-- ${PCRE_LIBRARIES}
-+ ${PCRE2_LIBRARIES}
- ${ZLIB_LIBRARIES}
- )
-
-@@ -21,7 +21,7 @@ set(EXTERNAL_INCLUDES
- ${HWLOC_INCLUDE_DIRS}
- ${OPENSSL_INCLUDE_DIR}
- ${PCAP_INCLUDE_DIR}
-- ${PCRE_INCLUDE_DIR}
-+ ${PCRE2_INCLUDE_DIR}
- ${ZLIB_INCLUDE_DIRS}
- )
-
---- a/src/detection/detection_module.cc
-+++ b/src/detection/detection_module.cc
-@@ -96,21 +96,21 @@ static const Parameter detection_params[
- { "offload_threads", Parameter::PT_INT, "0:max32", "0",
- "maximum number of simultaneous offloads (defaults to disabled)" },
-
-- { "pcre_enable", Parameter::PT_BOOL, nullptr, "true",
-- "enable pcre pattern matching" },
-+ { "pcre2_enable", Parameter::PT_BOOL, nullptr, "true",
-+ "enable pcre2 pattern matching" },
-
-- { "pcre_match_limit", Parameter::PT_INT, "0:max32", "1500",
-- "limit pcre backtracking, 0 = off" },
-+ { "pcre2_match_limit", Parameter::PT_INT, "0:max32", "1500",
-+ "limit pcre2 backtracking, 0 = off" },
-
-- { "pcre_match_limit_recursion", Parameter::PT_INT, "0:max32", "1500",
-- "limit pcre stack consumption, 0 = off" },
-+ { "pcre2_match_limit_recursion", Parameter::PT_INT, "0:max32", "1500",
-+ "limit pcre2 stack consumption, 0 = off" },
-
-- { "pcre_override", Parameter::PT_BOOL, nullptr, "true",
-- "enable pcre match limit overrides when pattern matching (ie ignore /O)" },
-+ { "pcre2_override", Parameter::PT_BOOL, nullptr, "true",
-+ "enable pcre2 match limit overrides when pattern matching (ie ignore /O)" },
-
- #ifdef HAVE_HYPERSCAN
-- { "pcre_to_regex", Parameter::PT_BOOL, nullptr, "false",
-- "enable the use of regex instead of pcre for compatible expressions" },
-+ { "pcre2_to_regex", Parameter::PT_BOOL, nullptr, "false",
-+ "enable the use of regex instead of pcre2 for compatible expressions" },
- #endif
-
- { "enable_address_anomaly_checks", Parameter::PT_BOOL, nullptr, "false",
-@@ -221,13 +221,13 @@ bool DetectionModule::set(const char*, V
- else if ( v.is("offload_threads") )
- sc->offload_threads = v.get_uint32();
-
-- else if ( v.is("pcre_enable") )
-- v.update_mask(sc->run_flags, RUN_FLAG__NO_PCRE, true);
-+ else if ( v.is("pcre2_enable") )
-+ v.update_mask(sc->run_flags, RUN_FLAG__NO_PCRE2, true);
-
-- else if ( v.is("pcre_match_limit") )
-- sc->pcre_match_limit = v.get_uint32();
-+ else if ( v.is("pcre2_match_limit") )
-+ sc->pcre2_match_limit = v.get_uint32();
-
-- else if ( v.is("pcre_match_limit_recursion") )
-+ else if ( v.is("pcre2_match_limit_recursion") )
- {
- // Cap the pcre recursion limit to not exceed the stack size.
- //
-@@ -252,21 +252,21 @@ bool DetectionModule::set(const char*, V
- if (max_rec < 0)
- max_rec = 0;
-
-- sc->pcre_match_limit_recursion = v.get_uint32();
-- if (sc->pcre_match_limit_recursion > max_rec)
-+ sc->pcre2_match_limit_recursion = v.get_uint32();
-+ if (sc->pcre2_match_limit_recursion > max_rec)
- {
-- sc->pcre_match_limit_recursion = max_rec;
-- LogMessage("Capping pcre_match_limit_recursion to %ld, thread stack_size %ld.\n",
-- sc->pcre_match_limit_recursion, thread_stack_size);
-+ sc->pcre2_match_limit_recursion = max_rec;
-+ LogMessage("Capping pcre2_match_limit_recursion to %ld, thread stack_size %llu.\n",
-+ sc->pcre2_match_limit_recursion, thread_stack_size);
- }
- }
-
-- else if ( v.is("pcre_override") )
-- sc->pcre_override = v.get_bool();
-+ else if ( v.is("pcre2_override") )
-+ sc->pcre2_override = v.get_bool();
-
- #ifdef HAVE_HYPERSCAN
-- else if ( v.is("pcre_to_regex") )
-- sc->pcre_to_regex = v.get_bool();
-+ else if ( v.is("pcre2_to_regex") )
-+ sc->pcre2_to_regex = v.get_bool();
- #endif
-
- else if ( v.is("enable_address_anomaly_checks") )
---- a/src/detection/detection_options.cc
-+++ b/src/detection/detection_options.cc
-@@ -595,7 +595,7 @@ int detection_option_node_evaluate(
- {
- if ( !child_node->is_relative )
- {
-- // If it's a non-relative content or pcre, no reason
-+ // If it's a non-relative content or pcre2, no reason
- // to check again. Only increment result once.
- // Should hit this condition on first loop iteration.
- if ( loop_count == 1 )
-@@ -661,10 +661,10 @@ int detection_option_node_evaluate(
- }
-
- // If all children branches matched, we don't need to reeval any of
-- // the children so don't need to reeval this content/pcre rule
-+ // the children so don't need to reeval this content/pcre2 rule
- // option at a new offset.
- // Else, reset the DOE ptr to last eval for offset/depth,
-- // distance/within adjustments for this same content/pcre rule option.
-+ // distance/within adjustments for this same content/pcre2 rule option.
- // If the node and its sub-tree propagate MATCH back,
- // then all its continuations are recalled.
- if ( result == node->num_children )
---- a/src/ips_options/ips_options.cc
-+++ b/src/ips_options/ips_options.cc
-@@ -72,7 +72,7 @@ extern const BaseApi* ips_ip_proto[];
- extern const BaseApi* ips_isdataat[];
- extern const BaseApi* ips_itype[];
- extern const BaseApi* ips_msg[];
--extern const BaseApi* ips_pcre[];
-+extern const BaseApi* ips_pcre2[];
- extern const BaseApi* ips_priority[];
- extern const BaseApi* ips_raw_data[];
- extern const BaseApi* ips_rem[];
-@@ -146,7 +146,7 @@ void load_ips_options()
- PluginManager::load_plugins(ips_isdataat);
- PluginManager::load_plugins(ips_itype);
- PluginManager::load_plugins(ips_msg);
-- PluginManager::load_plugins(ips_pcre);
-+ PluginManager::load_plugins(ips_pcre2);
- PluginManager::load_plugins(ips_priority);
- PluginManager::load_plugins(ips_raw_data);
- PluginManager::load_plugins(ips_rem);
---- a/src/ips_options/ips_pcre.cc
-+++ b/src/ips_options/ips_pcre.cc
-@@ -23,7 +23,8 @@
- #include "config.h"
- #endif
-
--#include <pcre.h>
-+#define PCRE2_CODE_UNIT_WIDTH 8
-+#include <pcre2.h>
-
- #include <cassert>
-
-@@ -43,33 +44,31 @@
-
- using namespace snort;
-
--#ifndef PCRE_STUDY_JIT_COMPILE
--#define PCRE_STUDY_JIT_COMPILE 0
-+#ifndef PCRE2_STUDY_JIT_COMPILE
-+#define PCRE2_STUDY_JIT_COMPILE 0
- #endif
-
- //#define NO_JIT // uncomment to disable JIT for Xcode
-
- #ifdef NO_JIT
--#define PCRE_STUDY_FLAGS 0
--#define pcre_release(x) pcre_free(x)
-+#define PCRE2_JIT 0
- #else
--#define PCRE_STUDY_FLAGS PCRE_STUDY_JIT_COMPILE
--#define pcre_release(x) pcre_free_study(x)
-+#define PCRE2_JIT PCRE2_STUDY_JIT_COMPILE
- #endif
-+#define pcre2_release(x) pcre2_code_free(x)
-
- #define SNORT_PCRE_RELATIVE 0x00010 // relative to the end of the last match
- #define SNORT_PCRE_INVERT 0x00020 // invert detect
- #define SNORT_PCRE_ANCHORED 0x00040
- #define SNORT_OVERRIDE_MATCH_LIMIT 0x00080 // Override default limits on match & match recursion
-
--#define s_name "pcre"
-+#define s_name "pcre2"
- #define mod_regex_name "regex"
-
--struct PcreData
-+struct Pcre2Data
- {
-- pcre* re; /* compiled regex */
-- pcre_extra* pe; /* studied regex foo */
-- bool free_pe;
-+ pcre2_code* re; /* compiled regex */
-+ pcre2_match_context* match_context; /* match_context for limits */
- int options; /* sp_pcre specific options (relative & inverse) */
- char* expression;
- };
-@@ -83,36 +82,32 @@ struct PcreData
- // by verify; search uses the value in snort conf
- static int s_ovector_max = -1;
-
--static unsigned scratch_index;
--static ScratchAllocator* scratcher = nullptr;
--
--static THREAD_LOCAL ProfileStats pcrePerfStats;
-+static THREAD_LOCAL ProfileStats pcre2PerfStats;
-
- //-------------------------------------------------------------------------
- // implementation foo
- //-------------------------------------------------------------------------
-
--static void pcre_capture(
-- const void* code, const void* extra)
-+static void pcre2_capture(const void* code)
- {
- int tmp_ovector_size = 0;
-
-- pcre_fullinfo((const pcre*)code, (const pcre_extra*)extra,
-- PCRE_INFO_CAPTURECOUNT, &tmp_ovector_size);
-+ pcre2_pattern_info((const pcre2_code *)code,
-+ PCRE2_INFO_CAPTURECOUNT, &tmp_ovector_size);
-
- if (tmp_ovector_size > s_ovector_max)
- s_ovector_max = tmp_ovector_size;
- }
-
--static void pcre_check_anchored(PcreData* pcre_data)
-+static void pcre2_check_anchored(Pcre2Data* pcre2_data)
- {
- int rc;
- unsigned long int options = 0;
-
-- if ((pcre_data == nullptr) || (pcre_data->re == nullptr) || (pcre_data->pe == nullptr))
-+ if ((pcre2_data == nullptr) || (pcre2_data->re == nullptr))
- return;
-
-- rc = pcre_fullinfo(pcre_data->re, pcre_data->pe, PCRE_INFO_OPTIONS, (void*)&options);
-+ rc = pcre2_pattern_info(pcre2_data->re, PCRE2_INFO_ARGOPTIONS, (void*)&options);
- switch (rc)
- {
- /* pcre_fullinfo fails for the following:
-@@ -127,40 +122,41 @@ static void pcre_check_anchored(PcreData
- /* This is the success code */
- break;
-
-- case PCRE_ERROR_NULL:
-- ParseError("pcre_fullinfo: code and/or where were null.");
-+ case PCRE2_ERROR_NULL:
-+ ParseError("pcre2_fullinfo: code and/or where were null.");
- return;
-
-- case PCRE_ERROR_BADMAGIC:
-- ParseError("pcre_fullinfo: compiled code didn't have correct magic.");
-+ case PCRE2_ERROR_BADMAGIC:
-+ ParseError("pcre2_fullinfo: compiled code didn't have correct magic.");
- return;
-
-- case PCRE_ERROR_BADOPTION:
-- ParseError("pcre_fullinfo: option type is invalid.");
-+ case PCRE2_ERROR_BADOPTION:
-+ ParseError("pcre2_fullinfo: option type is invalid.");
- return;
-
- default:
-- ParseError("pcre_fullinfo: Unknown error code.");
-+ ParseError("pcre2_fullinfo: Unknown error code.");
- return;
- }
-
-- if ((options & PCRE_ANCHORED) && !(options & PCRE_MULTILINE))
-+ if ((options & PCRE2_ANCHORED) && !(options & PCRE2_MULTILINE))
- {
- /* This means that this pcre rule option shouldn't be EvalStatus
- * even if any of it's relative children should fail to match.
- * It is anchored to the cursor set by the previous cursor setting
- * rule option */
-- pcre_data->options |= SNORT_PCRE_ANCHORED;
-+ pcre2_data->options |= SNORT_PCRE_ANCHORED;
- }
- }
-
--static void pcre_parse(const SnortConfig* sc, const char* data, PcreData* pcre_data)
-+static void pcre2_parse(const SnortConfig* sc, const char* data, Pcre2Data* pcre2_data)
- {
-- const char* error;
-+ PCRE2_UCHAR error[128];
- char* re, * free_me;
- char* opts;
- char delimit = '/';
-- int erroffset;
-+ int errorcode;
-+ PCRE2_SIZE erroffset;
- int compile_flags = 0;
-
- if (data == nullptr)
-@@ -180,7 +176,7 @@ static void pcre_parse(const SnortConfig
-
- if (*re == '!')
- {
-- pcre_data->options |= SNORT_PCRE_INVERT;
-+ pcre2_data->options |= SNORT_PCRE_INVERT;
- re++;
- while (isspace((int)*re))
- re++;
-@@ -212,7 +208,7 @@ static void pcre_parse(const SnortConfig
- else if (*re != delimit)
- goto syntax;
-
-- pcre_data->expression = snort_strdup(re);
-+ pcre2_data->expression = snort_strdup(re);
-
- /* find ending delimiter, trim delimit chars */
- opts = strrchr(re, delimit);
-@@ -230,25 +226,25 @@ static void pcre_parse(const SnortConfig
- {
- switch (*opts)
- {
-- case 'i': compile_flags |= PCRE_CASELESS; break;
-- case 's': compile_flags |= PCRE_DOTALL; break;
-- case 'm': compile_flags |= PCRE_MULTILINE; break;
-- case 'x': compile_flags |= PCRE_EXTENDED; break;
-+ case 'i': compile_flags |= PCRE2_CASELESS; break;
-+ case 's': compile_flags |= PCRE2_DOTALL; break;
-+ case 'm': compile_flags |= PCRE2_MULTILINE; break;
-+ case 'x': compile_flags |= PCRE2_EXTENDED; break;
-
- /*
- * these are pcre specific... don't work with perl
- */
-- case 'A': compile_flags |= PCRE_ANCHORED; break;
-- case 'E': compile_flags |= PCRE_DOLLAR_ENDONLY; break;
-- case 'G': compile_flags |= PCRE_UNGREEDY; break;
-+ case 'A': compile_flags |= PCRE2_ANCHORED; break;
-+ case 'E': compile_flags |= PCRE2_DOLLAR_ENDONLY; break;
-+ case 'G': compile_flags |= PCRE2_UNGREEDY; break;
-
- /*
-- * these are snort specific don't work with pcre or perl
-+ * these are snort specific don't work with pcre2 or perl
- */
-- case 'R': pcre_data->options |= SNORT_PCRE_RELATIVE; break;
-+ case 'R': pcre2_data->options |= SNORT_PCRE_RELATIVE; break;
- case 'O':
-- if ( sc->pcre_override )
-- pcre_data->options |= SNORT_OVERRIDE_MATCH_LIMIT;
-+ if ( sc->pcre2_override )
-+ pcre2_data->options |= SNORT_OVERRIDE_MATCH_LIMIT;
- break;
-
- default:
-@@ -259,71 +255,68 @@ static void pcre_parse(const SnortConfig
- }
-
- /* now compile the re */
-- pcre_data->re = pcre_compile(re, compile_flags, &error, &erroffset, nullptr);
-+ pcre2_data->re = pcre2_compile((PCRE2_SPTR)re, PCRE2_ZERO_TERMINATED, compile_flags, &errorcode, &erroffset, nullptr);
-+
-+ if (pcre2_data->re == nullptr)
-+ {
-+ pcre2_get_error_message(errorcode, error, 128);
-+ ParseError(": pcre2 compile of '%s' failed at offset "
-+ "%zu : %s", re, erroffset, error);
-+ return;
-+ }
-
-- if (pcre_data->re == nullptr)
-+ /* now create match context */
-+ pcre2_data->match_context = pcre2_match_context_create(NULL);
-+ if(pcre2_data->match_context == NULL)
- {
-- ParseError(": pcre compile of '%s' failed at offset "
-- "%d : %s", re, erroffset, error);
-+ ParseError(": failed to allocate memory for match context");
- return;
- }
-
- /* now study it... */
-- pcre_data->pe = pcre_study(pcre_data->re, PCRE_STUDY_FLAGS, &error);
-+ if (PCRE2_JIT)
-+ errorcode = pcre2_jit_compile(pcre2_data->re, PCRE2_JIT_COMPLETE);
-
-- if (pcre_data->pe)
-+ if (PCRE2_JIT || errorcode)
- {
-- if ((sc->get_pcre_match_limit() != 0) &&
-- !(pcre_data->options & SNORT_OVERRIDE_MATCH_LIMIT))
-+ if ((sc->get_pcre2_match_limit() != 0) &&
-+ !(pcre2_data->options & SNORT_OVERRIDE_MATCH_LIMIT))
- {
-- if ( !(pcre_data->pe->flags & PCRE_EXTRA_MATCH_LIMIT) )
-- pcre_data->pe->flags |= PCRE_EXTRA_MATCH_LIMIT;
--
-- pcre_data->pe->match_limit = sc->get_pcre_match_limit();
-+ pcre2_set_match_limit(pcre2_data->match_context, sc->get_pcre2_match_limit());
- }
-
-- if ((sc->get_pcre_match_limit_recursion() != 0) &&
-- !(pcre_data->options & SNORT_OVERRIDE_MATCH_LIMIT))
-+ if ((sc->get_pcre2_match_limit_recursion() != 0) &&
-+ !(pcre2_data->options & SNORT_OVERRIDE_MATCH_LIMIT))
- {
-- if ( !(pcre_data->pe->flags & PCRE_EXTRA_MATCH_LIMIT_RECURSION) )
-- pcre_data->pe->flags |= PCRE_EXTRA_MATCH_LIMIT_RECURSION;
--
-- pcre_data->pe->match_limit_recursion =
-- sc->get_pcre_match_limit_recursion();
-+ pcre2_set_match_limit(pcre2_data->match_context, sc->get_pcre2_match_limit_recursion());
- }
- }
- else
- {
-- if (!(pcre_data->options & SNORT_OVERRIDE_MATCH_LIMIT) &&
-- ((sc->get_pcre_match_limit() != 0) ||
-- (sc->get_pcre_match_limit_recursion() != 0)))
-+ if (!(pcre2_data->options & SNORT_OVERRIDE_MATCH_LIMIT) &&
-+ ((sc->get_pcre2_match_limit() != 0) ||
-+ (sc->get_pcre2_match_limit_recursion() != 0)))
- {
-- pcre_data->pe = (pcre_extra*)snort_calloc(sizeof(pcre_extra));
-- pcre_data->free_pe = true;
--
-- if (sc->get_pcre_match_limit() != 0)
-+ if (sc->get_pcre2_match_limit() != 0)
- {
-- pcre_data->pe->flags |= PCRE_EXTRA_MATCH_LIMIT;
-- pcre_data->pe->match_limit = sc->get_pcre_match_limit();
-+ pcre2_set_match_limit(pcre2_data->match_context, sc->get_pcre2_match_limit());
- }
-
-- if (sc->get_pcre_match_limit_recursion() != 0)
-+ if (sc->get_pcre2_match_limit_recursion() != 0)
- {
-- pcre_data->pe->flags |= PCRE_EXTRA_MATCH_LIMIT_RECURSION;
-- pcre_data->pe->match_limit_recursion =
-- sc->get_pcre_match_limit_recursion();
-+ pcre2_set_match_limit(pcre2_data->match_context, sc->get_pcre2_match_limit_recursion());
- }
- }
- }
-
-- if (error != nullptr)
-+ if (PCRE2_JIT && errorcode)
- {
-- ParseError("pcre study failed : %s", error);
-+ ParseError("pcre2 JIT failed : %s", error);
- return;
- }
-
-- pcre_capture(pcre_data->re, pcre_data->pe);
-- pcre_check_anchored(pcre_data);
-+ pcre2_capture(pcre2_data->re);
-+ pcre2_check_anchored(pcre2_data);
-
- snort_free(free_me);
- return;
-@@ -332,40 +325,44 @@ syntax:
- snort_free(free_me);
-
- // ensure integrity from parse error to fatal error
-- if ( !pcre_data->expression )
-- pcre_data->expression = snort_strdup("");
-+ if ( !pcre2_data->expression )
-+ pcre2_data->expression = snort_strdup("");
-
-- ParseError("unable to parse pcre %s", data);
-+ ParseError("unable to parse pcre2 %s", data);
- }
-
- /*
-- * Perform a search of the PCRE data.
-+ * Perform a search of the PCRE2 data.
- * found_offset will be set to -1 when the find is unsuccessful OR the routine is inverted
- */
--static bool pcre_search(
-+static bool pcre2_search(
- Packet* p,
-- const PcreData* pcre_data,
-+ const Pcre2Data* pcre2_data,
- const uint8_t* buf,
- unsigned len,
- unsigned start_offset,
- int& found_offset)
- {
-+ pcre2_match_data *match_data;
-+ PCRE2_SIZE *ovector;
- bool matched;
-
- found_offset = -1;
-
-- std::vector<void *> ss = p->context->conf->state[get_instance_id()];
-- assert(ss[scratch_index]);
-+ match_data = pcre2_match_data_create(p->context->conf->pcre2_ovector_size, NULL);
-+ if (match_data == nullptr) {
-+ pc.pcre2_error++;
-+ return false;
-+ }
-
-- int result = pcre_exec(
-- pcre_data->re, /* result of pcre_compile() */
-- pcre_data->pe, /* result of pcre_study() */
-- (const char*)buf, /* the subject string */
-- len, /* the length of the subject string */
-- start_offset, /* start at offset 0 in the subject */
-- 0, /* options(handled at compile time */
-- (int*)ss[scratch_index], /* vector for substring information */
-- p->context->conf->pcre_ovector_size); /* number of elements in the vector */
-+ int result = pcre2_match(
-+ pcre2_data->re, /* result of pcre_compile() */
-+ (PCRE2_SPTR)buf, /* the subject string */
-+ (PCRE2_SIZE)len, /* the length of the subject string */
-+ (PCRE2_SIZE)start_offset, /* start at offset 0 in the subject */
-+ 0, /* options(handled at compile time */
-+ match_data, /* match data to store the match results */
-+ pcre2_data->match_context); /* match context for limits */
-
- if (result >= 0)
- {
-@@ -390,34 +387,37 @@ static bool pcre_search(
- * and a single int for scratch space.
- */
-
-- found_offset = ((int*)ss[scratch_index])[1];
-+ ovector = pcre2_get_ovector_pointer(match_data);
-+ found_offset = ovector[1];
- }
-- else if (result == PCRE_ERROR_NOMATCH)
-+ else if (result == PCRE2_ERROR_NOMATCH)
- {
- matched = false;
- }
-- else if (result == PCRE_ERROR_MATCHLIMIT)
-+ else if (result == PCRE2_ERROR_MATCHLIMIT)
- {
-- pc.pcre_match_limit++;
-+ pc.pcre2_match_limit++;
- matched = false;
- }
-- else if (result == PCRE_ERROR_RECURSIONLIMIT)
-+ else if (result == PCRE2_ERROR_RECURSIONLIMIT)
- {
-- pc.pcre_recursion_limit++;
-+ pc.pcre2_recursion_limit++;
- matched = false;
- }
- else
- {
-- pc.pcre_error++;
-+ pc.pcre2_error++;
- return false;
- }
-
- /* invert sense of match */
-- if (pcre_data->options & SNORT_PCRE_INVERT)
-+ if (pcre2_data->options & SNORT_PCRE_INVERT)
- {
- matched = !matched;
- }
-
-+ pcre2_match_data_free(match_data);
-+
- return matched;
- }
-
-@@ -425,14 +425,14 @@ static bool pcre_search(
- // class methods
- //-------------------------------------------------------------------------
-
--class PcreOption : public IpsOption
-+class Pcre2Option : public IpsOption
- {
- public:
-- PcreOption(PcreData* c) :
-+ Pcre2Option(Pcre2Data* c) :
- IpsOption(s_name, RULE_OPTION_TYPE_CONTENT)
- { config = c; }
-
-- ~PcreOption() override;
-+ ~Pcre2Option() override;
-
- uint32_t hash() const override;
- bool operator==(const IpsOption&) const override;
-@@ -446,17 +446,17 @@ public:
- EvalStatus eval(Cursor&, Packet*) override;
- bool retry(Cursor&, const Cursor&) override;
-
-- PcreData* get_data()
-+ Pcre2Data* get_data()
- { return config; }
-
-- void set_data(PcreData* pcre)
-+ void set_data(Pcre2Data* pcre)
- { config = pcre; }
-
- private:
-- PcreData* config;
-+ Pcre2Data* config;
- };
-
--PcreOption::~PcreOption()
-+Pcre2Option::~Pcre2Option()
- {
- if ( !config )
- return;
-@@ -464,21 +464,16 @@ PcreOption::~PcreOption()
- if ( config->expression )
- snort_free(config->expression);
-
-- if ( config->pe )
-- {
-- if ( config->free_pe )
-- snort_free(config->pe);
-- else
-- pcre_release(config->pe);
-- }
-+ if ( config->match_context )
-+ pcre2_match_context_free(config->match_context);
-
- if ( config->re )
-- free(config->re); // external allocation
-+ pcre2_code_free(config->re); // external allocation
-
- snort_free(config);
- }
-
--uint32_t PcreOption::hash() const
-+uint32_t Pcre2Option::hash() const
- {
- uint32_t a = 0, b = 0, c = 0;
- int expression_len = strlen(config->expression);
-@@ -532,14 +527,14 @@ uint32_t PcreOption::hash() const
- return c;
- }
-
--bool PcreOption::operator==(const IpsOption& ips) const
-+bool Pcre2Option::operator==(const IpsOption& ips) const
- {
- if ( !IpsOption::operator==(ips) )
- return false;
-
-- const PcreOption& rhs = (const PcreOption&)ips;
-- PcreData* left = config;
-- PcreData* right = rhs.config;
-+ const Pcre2Option& rhs = (const Pcre2Option&)ips;
-+ Pcre2Data* left = config;
-+ Pcre2Data* right = rhs.config;
-
- if (( strcmp(left->expression, right->expression) == 0) &&
- ( left->options == right->options))
-@@ -550,13 +545,13 @@ bool PcreOption::operator==(const IpsOpt
- return false;
- }
-
--IpsOption::EvalStatus PcreOption::eval(Cursor& c, Packet* p)
-+IpsOption::EvalStatus Pcre2Option::eval(Cursor& c, Packet* p)
- {
- // cppcheck-suppress unreadVariable
-- RuleProfile profile(pcrePerfStats);
-+ RuleProfile profile(pcre2PerfStats);
-
-- // short circuit this for testing pcre performance impact
-- if ( p->context->conf->no_pcre() )
-+ // short circuit this for testing pcre2 performance impact
-+ if ( p->context->conf->no_pcre2() )
- return NO_MATCH;
-
- unsigned pos = c.get_delta();
-@@ -570,7 +565,7 @@ IpsOption::EvalStatus PcreOption::eval(C
-
- int found_offset = -1; // where is the ending location of the pattern
-
-- if ( pcre_search(p, config, c.buffer()+adj, c.size()-adj, pos, found_offset) )
-+ if ( pcre2_search(p, config, c.buffer()+adj, c.size()-adj, pos, found_offset) )
- {
- if ( found_offset > 0 )
- {
-@@ -585,17 +580,17 @@ IpsOption::EvalStatus PcreOption::eval(C
- }
-
- // we always advance by found_offset so no adjustments to cursor are done
--// here; note also that this means relative pcre matches on overlapping
-+// here; note also that this means relative pcre2 matches on overlapping
- // patterns won't work. given the test pattern "ABABACD":
- //
- // ( sid:1; content:"ABA"; content:"C"; within:1; )
--// ( sid:2; pcre:"/ABA/"; content:"C"; within:1; )
-+// ( sid:2; pcre2:"/ABA/"; content:"C"; within:1; )
- //
- // sid 1 will fire but sid 2 will NOT. this example is easily fixed by
--// using content, but more advanced pcre won't work for the relative /
-+// using content, but more advanced pcre2 won't work for the relative /
- // overlap case.
-
--bool PcreOption::retry(Cursor&, const Cursor&)
-+bool Pcre2Option::retry(Cursor&, const Cursor&)
- {
- if ((config->options & (SNORT_PCRE_INVERT | SNORT_PCRE_ANCHORED)))
- {
-@@ -616,46 +611,43 @@ static const Parameter s_params[] =
- { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
- };
-
--struct PcreStats
-+struct Pcre2Stats
- {
-- PegCount pcre_rules;
-+ PegCount pcre2_rules;
- #ifdef HAVE_HYPERSCAN
-- PegCount pcre_to_hyper;
-+ PegCount pcre2_to_hyper;
- #endif
-- PegCount pcre_native;
-- PegCount pcre_negated;
-+ PegCount pcre2_native;
-+ PegCount pcre2_negated;
- };
-
- const PegInfo pcre_pegs[] =
- {
-- { CountType::SUM, "pcre_rules", "total rules processed with pcre option" },
-+ { CountType::SUM, "pcre2_rules", "total rules processed with pcre2 option" },
- #ifdef HAVE_HYPERSCAN
-- { CountType::SUM, "pcre_to_hyper", "total pcre rules by hyperscan engine" },
-+ { CountType::SUM, "pcre2_to_hyper", "total pcre2 rules by hyperscan engine" },
- #endif
-- { CountType::SUM, "pcre_native", "total pcre rules compiled by pcre engine" },
-- { CountType::SUM, "pcre_negated", "total pcre rules using negation syntax" },
-+ { CountType::SUM, "pcre2_native", "total pcre2 rules compiled by pcre engine" },
-+ { CountType::SUM, "pcre2_negated", "total pcre2 rules using negation syntax" },
- { CountType::END, nullptr, nullptr }
- };
-
--PcreStats pcre_stats;
-+Pcre2Stats pcre2_stats;
-
- #define s_help \
-- "rule option for matching payload data with pcre"
-+ "rule option for matching payload data with pcre2"
-
--class PcreModule : public Module
-+class Pcre2Module : public Module
- {
- public:
-- PcreModule() : Module(s_name, s_help, s_params)
-+ Pcre2Module() : Module(s_name, s_help, s_params)
- {
- data = nullptr;
-- scratcher = new SimpleScratchAllocator(scratch_setup, scratch_cleanup);
-- scratch_index = scratcher->get_id();
- }
-
-- ~PcreModule() override
-+ ~Pcre2Module() override
- {
- delete data;
-- delete scratcher;
- }
-
- #ifdef HAVE_HYPERSCAN
-@@ -665,12 +657,12 @@ public:
- bool end(const char*, int, SnortConfig*) override;
-
- ProfileStats* get_profile() const override
-- { return &pcrePerfStats; }
-+ { return &pcre2PerfStats; }
-
- const PegInfo* get_pegs() const override;
- PegCount* get_counts() const override;
-
-- PcreData* get_data();
-+ Pcre2Data* get_data();
-
- bool global_stats() const override
- { return true; }
-@@ -682,31 +674,28 @@ public:
- { return mod_regex; }
-
- private:
-- PcreData* data;
-+ Pcre2Data* data;
- Module* mod_regex = nullptr;
- std::string re;
--
-- static bool scratch_setup(SnortConfig*);
-- static void scratch_cleanup(SnortConfig*);
- };
-
--PcreData* PcreModule::get_data()
-+Pcre2Data* Pcre2Module::get_data()
- {
-- PcreData* tmp = data;
-+ Pcre2Data* tmp = data;
- data = nullptr;
- return tmp;
- }
-
--const PegInfo* PcreModule::get_pegs() const
-+const PegInfo* Pcre2Module::get_pegs() const
- { return pcre_pegs; }
-
--PegCount* PcreModule::get_counts() const
--{ return (PegCount*)&pcre_stats; }
-+PegCount* Pcre2Module::get_counts() const
-+{ return (PegCount*)&pcre2_stats; }
-
- #ifdef HAVE_HYPERSCAN
--bool PcreModule::begin(const char* name, int v, SnortConfig* sc)
-+bool Pcre2Module::begin(const char* name, int v, SnortConfig* sc)
- {
-- if ( sc->pcre_to_regex )
-+ if ( sc->pcre2_to_regex )
- {
- if ( !mod_regex )
- mod_regex = ModuleManager::get_module(mod_regex_name);
-@@ -718,7 +707,7 @@ bool PcreModule::begin(const char* name,
- }
- #endif
-
--bool PcreModule::set(const char* name, Value& v, SnortConfig* sc)
-+bool Pcre2Module::set(const char* name, Value& v, SnortConfig* sc)
- {
- assert(v.is("~re"));
- re = v.get_string();
-@@ -729,50 +718,28 @@ bool PcreModule::set(const char* name, V
- return true;
- }
-
--bool PcreModule::end(const char* name, int v, SnortConfig* sc)
-+bool Pcre2Module::end(const char* name, int v, SnortConfig* sc)
- {
- if( mod_regex )
- mod_regex = mod_regex->end(name, v, sc) ? mod_regex : nullptr;
-
- if ( !mod_regex )
- {
-- data = (PcreData*)snort_calloc(sizeof(*data));
-- pcre_parse(sc, re.c_str(), data);
-+ data = (Pcre2Data*)snort_calloc(sizeof(*data));
-+ pcre2_parse(sc, re.c_str(), data);
- }
-
-- return true;
--}
--
--bool PcreModule::scratch_setup(SnortConfig* sc)
--{
-- if ( s_ovector_max < 0 )
-- return false;
--
- // The pcre_fullinfo() function can be used to find out how many
- // capturing subpatterns there are in a compiled pattern. The
- // smallest size for ovector that will allow for n captured
- // substrings, in addition to the offsets of the substring matched
- // by the whole pattern is 3(n+1).
--
-- sc->pcre_ovector_size = 3 * (s_ovector_max + 1);
-- s_ovector_max = -1;
--
-- for ( unsigned i = 0; i < sc->num_slots; ++i )
-- {
-- std::vector<void *>& ss = sc->state[i];
-- ss[scratch_index] = snort_calloc(sc->pcre_ovector_size, sizeof(int));
-+ if ( s_ovector_max >= 0 ) {
-+ sc->pcre2_ovector_size = 3 * (s_ovector_max + 1);
-+ s_ovector_max = -1;
- }
-- return true;
--}
-
--void PcreModule::scratch_cleanup(SnortConfig* sc)
--{
-- for ( unsigned i = 0; i < sc->num_slots; ++i )
-- {
-- std::vector<void *>& ss = sc->state[i];
-- snort_free(ss[scratch_index]);
-- ss[scratch_index] = nullptr;
-- }
-+ return true;
- }
-
- //-------------------------------------------------------------------------
-@@ -780,21 +747,21 @@ void PcreModule::scratch_cleanup(SnortCo
- //-------------------------------------------------------------------------
-
- static Module* mod_ctor()
--{ return new PcreModule; }
-+{ return new Pcre2Module; }
-
- static void mod_dtor(Module* m)
- { delete m; }
-
--static IpsOption* pcre_ctor(Module* p, OptTreeNode* otn)
-+static IpsOption* pcre2_ctor(Module* p, OptTreeNode* otn)
- {
-- pcre_stats.pcre_rules++;
-- PcreModule* m = (PcreModule*)p;
-+ pcre2_stats.pcre2_rules++;
-+ Pcre2Module* m = (Pcre2Module*)p;
-
- #ifdef HAVE_HYPERSCAN
- Module* mod_regex = m->get_mod_regex();
- if ( mod_regex )
- {
-- pcre_stats.pcre_to_hyper++;
-+ pcre2_stats.pcre2_to_hyper++;
- const IpsApi* opt_api = IpsManager::get_option_api(mod_regex_name);
- return opt_api->ctor(mod_regex, otn);
- }
-@@ -803,16 +770,16 @@ static IpsOption* pcre_ctor(Module* p, O
- UNUSED(otn);
- #endif
- {
-- pcre_stats.pcre_native++;
-- PcreData* d = m->get_data();
-- return new PcreOption(d);
-+ pcre2_stats.pcre2_native++;
-+ Pcre2Data* d = m->get_data();
-+ return new Pcre2Option(d);
- }
- }
-
--static void pcre_dtor(IpsOption* p)
-+static void pcre2_dtor(IpsOption* p)
- { delete p; }
-
--static const IpsApi pcre_api =
-+static const IpsApi pcre2_api =
- {
- {
- PT_IPS_OPTION,
-@@ -832,17 +799,17 @@ static const IpsApi pcre_api =
- nullptr,
- nullptr,
- nullptr,
-- pcre_ctor,
-- pcre_dtor,
-+ pcre2_ctor,
-+ pcre2_dtor,
- nullptr
- };
-
- #ifdef BUILDING_SO
- SO_PUBLIC const BaseApi* snort_plugins[] =
- #else
--const BaseApi* ips_pcre[] =
-+const BaseApi* ips_pcre2[] =
- #endif
- {
-- &pcre_api.base,
-+ &pcre2_api.base,
- nullptr
- };
---- a/src/main/shell.cc
-+++ b/src/main/shell.cc
-@@ -29,7 +29,8 @@
- #include <fstream>
- #include <openssl/crypto.h>
- #include <pcap.h>
--#include <pcre.h>
-+#define PCRE2_CODE_UNIT_WIDTH 8
-+#include <pcre2.h>
- #include <stdexcept>
- #include <vector>
- #include <zlib.h>
-@@ -138,13 +139,17 @@ static void install_version_strings(lua_
-
- static void install_dependencies_strings(Shell* sh, lua_State* L)
- {
-+
- assert(dep_versions[0]);
-
-+ const char pcre2_version[32] = { 0 };
- std::vector<const char*> vs;
- const char* ljv = LUAJIT_VERSION;
- const char* osv = OpenSSL_version(SSLEAY_VERSION);
- const char* lpv = pcap_lib_version();
-
-+ pcre2_config(PCRE2_CONFIG_VERSION, (PCRE2_UCHAR8 *)pcre2_version);
-+
- while (*ljv and !isdigit(*ljv))
- ++ljv;
- while (*osv and !isdigit(*osv))
-@@ -156,7 +161,7 @@ static void install_dependencies_strings
- vs.push_back(ljv);
- vs.push_back(osv);
- vs.push_back(lpv);
-- vs.push_back(pcre_version());
-+ vs.push_back(pcre2_version);
- vs.push_back(zlib_version);
- #ifdef HAVE_HYPERSCAN
- vs.push_back(hs_version());
---- a/src/main/snort_config.h
-+++ b/src/main/snort_config.h
-@@ -60,7 +60,7 @@ enum RunFlag
- RUN_FLAG__PCAP_SHOW = 0x00001000,
- RUN_FLAG__SHOW_FILE_CODES = 0x00002000,
- RUN_FLAG__PAUSE = 0x00004000,
-- RUN_FLAG__NO_PCRE = 0x00008000,
-+ RUN_FLAG__NO_PCRE2 = 0x00008000,
-
- RUN_FLAG__DUMP_RULE_STATE = 0x00010000,
- RUN_FLAG__DUMP_RULE_DEPS = 0x00020000,
-@@ -214,13 +214,13 @@ public:
-
- //------------------------------------------------------
- // detection module stuff
-- // FIXIT-L pcre_match_limit* are interdependent
-+ // FIXIT-L pcre2_match_limit* are interdependent
- // somehow a packet thread needs a much lower setting
-- long int pcre_match_limit = 1500;
-- long int pcre_match_limit_recursion = 1500;
-+ long int pcre2_match_limit = 1500;
-+ long int pcre2_match_limit_recursion = 1500;
-
-- int pcre_ovector_size = 0;
-- bool pcre_override = true;
-+ int pcre2_ovector_size = 0;
-+ bool pcre2_override = true;
-
- uint32_t run_flags = 0;
-
-@@ -228,7 +228,7 @@ public:
- unsigned offload_threads = 0; // disabled
-
- bool hyperscan_literals = false;
-- bool pcre_to_regex = false;
-+ bool pcre2_to_regex = false;
-
- bool global_rule_state = false;
- bool global_default_rule_state = true;
-@@ -600,8 +600,8 @@ public:
- bool alert_before_pass() const
- { return run_flags & RUN_FLAG__ALERT_BEFORE_PASS; }
-
-- bool no_pcre() const
-- { return run_flags & RUN_FLAG__NO_PCRE; }
-+ bool no_pcre2() const
-+ { return run_flags & RUN_FLAG__NO_PCRE2; }
-
- bool conf_error_out() const
- { return run_flags & RUN_FLAG__CONF_ERROR_OUT; }
-@@ -616,11 +616,11 @@ public:
- uint8_t new_ttl() const
- { return get_network_policy()->new_ttl; }
-
-- long int get_pcre_match_limit() const
-- { return pcre_match_limit; }
-+ long int get_pcre2_match_limit() const
-+ { return pcre2_match_limit; }
-
-- long int get_pcre_match_limit_recursion() const
-- { return pcre_match_limit_recursion; }
-+ long int get_pcre2_match_limit_recursion() const
-+ { return pcre2_match_limit_recursion; }
-
- const ProfilerConfig* get_profiler() const
- { return profiler; }
---- a/src/network_inspectors/appid/lua_detector_api.cc
-+++ b/src/network_inspectors/appid/lua_detector_api.cc
-@@ -25,7 +25,8 @@
-
- #include "lua_detector_api.h"
- #include <lua.hpp>
--#include <pcre.h>
-+#define PCRE2_CODE_UNIT_WIDTH 8
-+#include <pcre2.h>
- #include <unordered_map>
-
- #include "detection/fp_config.h"
-@@ -714,7 +715,7 @@ static int detector_get_packet_direction
- return 1;
- }
-
--/**Perform a pcre match with grouping. A simple regular expression match with no grouping
-+/**Perform a pcre2 match with grouping. A simple regular expression match with no grouping
- * can also be performed.
- *
- * @param Lua_State* - Lua state variable.
-@@ -723,41 +724,50 @@ static int detector_get_packet_direction
- * @return matchedStrings/stack - matched strings are pushed on stack starting with group 0.
- * There may be 0 or more strings.
- */
--static int detector_get_pcre_groups(lua_State* L)
-+static int detector_get_pcre2_groups(lua_State* L)
- {
- auto& ud = *UserData<LuaObject>::check(L, DETECTOR, 1);
- // Verify detector user data and that we are in packet context
- LuaStateDescriptor* lsd = ud->validate_lua_state(true);
-
-- int ovector[OVECCOUNT];
-- const char* error;
-- int erroffset;
-+ PCRE2_SIZE* ovector;
-+ pcre2_match_data* match_data;
-+ PCRE2_UCHAR error[128];
-+ PCRE2_SIZE erroffset;
-+ int errorcode;
-
- const char* pattern = lua_tostring(L, 2);
- unsigned int offset = lua_tonumber(L, 3); /*offset can be zero, no check necessary. */
-
- /*compile the regular expression pattern, and handle errors */
-- pcre* re = pcre_compile(pattern, // the pattern
-- PCRE_DOTALL, // default options - dot matches all inc \n
-- &error, // for error message
-- &erroffset, // for error offset
-- nullptr); // use default character tables
-+ pcre2_code* re = pcre2_compile((PCRE2_SPTR)pattern, // the pattern
-+ PCRE2_ZERO_TERMINATED, // assume zero terminated strings
-+ PCRE2_DOTALL, // default options - dot matches all inc \n
-+ &errorcode, // for error message
-+ &erroffset, // for error offset
-+ nullptr); // use default character tables
-
- if (re == nullptr)
- {
-- appid_log(lsd->ldp.pkt, TRACE_ERROR_LEVEL, "PCRE compilation failed at offset %d: %s\n", erroffset, error);
-+ pcre2_get_error_message(errorcode, error, 128);
-+ appid_log(lsd->ldp.pkt, TRACE_ERROR_LEVEL, "PCRE2 compilation failed at offset %d: %s\n", erroffset, error);
-+ return 0;
-+ }
-+
-+ match_data = pcre2_match_data_create(OVECCOUNT, NULL);
-+ if (match_data == nullptr) {
-+ appid_log(lsd->ldp.pkt, TRACE_ERROR_LEVEL, "PCRE2 failed to allocate mem for match_data\n");
- return 0;
- }
-
- /*pattern match against the subject string. */
-- int rc = pcre_exec(re, // compiled pattern
-- nullptr, // no extra data
-- (const char*)lsd->ldp.data, // subject string
-- lsd->ldp.size, // length of the subject
-- offset, // offset 0
-- 0, // default options
-- ovector, // output vector for substring information
-- OVECCOUNT); // number of elements in the output vector
-+ int rc = pcre2_match(re, // compiled pattern
-+ (PCRE2_SPTR)lsd->ldp.data, // subject string
-+ (PCRE2_SIZE)lsd->ldp.size, // length of the subject
-+ (PCRE2_SIZE)offset, // offset 0
-+ 0, // default options
-+ match_data, // match data for match results
-+ NULL); // no match context
-
- if (rc >= 0)
- {
-@@ -771,10 +781,11 @@ static int detector_get_pcre_groups(lua_
- if (!lua_checkstack(L, rc))
- {
- appid_log(lsd->ldp.pkt, TRACE_WARNING_LEVEL, "Cannot grow Lua stack by %d slots to hold "
-- "PCRE matches\n", rc);
-+ "PCRE2 matches\n", rc);
- return 0;
- }
-
-+ ovector = pcre2_get_ovector_pointer(match_data);
- for (int i = 0; i < rc; i++)
- {
- lua_pushlstring(L, (const char*)lsd->ldp.data + ovector[2*i], ovector[2*i+1] -
-@@ -784,12 +795,13 @@ static int detector_get_pcre_groups(lua_
- else
- {
- // log errors except no matches
-- if (rc != PCRE_ERROR_NOMATCH)
-- appid_log(lsd->ldp.pkt, TRACE_WARNING_LEVEL, "PCRE regular expression group match failed. rc: %d\n", rc);
-+ if (rc != PCRE2_ERROR_NOMATCH)
-+ appid_log(lsd->ldp.pkt, TRACE_WARNING_LEVEL, "PCRE2 regular expression group match failed. rc: %d\n", rc);
- rc = 0;
- }
-
-- pcre_free(re);
-+ pcre2_match_data_free(match_data);
-+ pcre2_code_free(re);
- return rc;
- }
-
-@@ -3229,7 +3241,7 @@ static const luaL_Reg detector_methods[]
- { "getPacketSize", detector_get_packet_size },
- { "getPacketDir", detector_get_packet_direction },
- { "matchSimplePattern", detector_memcmp },
-- { "getPcreGroups", detector_get_pcre_groups },
-+ { "getPcreGroups", detector_get_pcre2_groups },
- { "getL4Protocol", detector_get_protocol_type },
- { "getPktSrcAddr", detector_get_packet_src_addr },
- { "getPktDstAddr", detector_get_packet_dst_addr },
---- a/src/parser/parse_rule.cc
-+++ b/src/parser/parse_rule.cc
-@@ -911,10 +911,10 @@ void parse_rule_dir(SnortConfig*, const
- ParseError("illegal direction specifier: %s", s);
- }
-
--// Values of the rule options "pcre", "regex" and "sd_pattern" are already escaped
-+// Values of the rule options "pcre2", "regex" and "sd_pattern" are already escaped
- // They are not unescaped during the rule parsing
- static bool is_already_escaped(const std::string& opt_key)
--{ return opt_key == "pcre" or opt_key == "regex" or opt_key == "sd_pattern"; }
-+{ return opt_key == "pcre2" or opt_key == "regex" or opt_key == "sd_pattern"; }
-
- static std::string escape(const std::string& s)
- {
---- a/src/parser/parse_stream.cc
-+++ b/src/parser/parse_stream.cc
-@@ -603,7 +603,7 @@ static bool exec(
- // that individual rule options can do whatever
- static int get_escape(const string& s)
- {
-- if ( s == "pcre" )
-+ if ( s == "pcre2" )
- return 0; // no escape, option goes to ;
-
- else if ( s == "regex" || s == "sd_pattern" )
---- a/src/search_engines/test/hyperscan_test.cc
-+++ b/src/search_engines/test/hyperscan_test.cc
-@@ -223,7 +223,7 @@ TEST(mpse_hs_match, regex)
- CHECK(hits == 3);
- }
-
--TEST(mpse_hs_match, pcre)
-+TEST(mpse_hs_match, pcre2)
- {
- Mpse::PatternDescriptor desc;
-
---- a/src/utils/stats.cc
-+++ b/src/utils/stats.cc
-@@ -227,9 +227,9 @@ const PegInfo pc_names[] =
- { CountType::SUM, "offload_fallback", "fast pattern offload search fallback attempts" },
- { CountType::SUM, "offload_failures", "fast pattern offload search failures" },
- { CountType::SUM, "offload_suspends", "fast pattern search suspends due to offload context chains" },
-- { CountType::SUM, "pcre_match_limit", "total number of times pcre hit the match limit" },
-- { CountType::SUM, "pcre_recursion_limit", "total number of times pcre hit the recursion limit" },
-- { CountType::SUM, "pcre_error", "total number of times pcre returns error" },
-+ { CountType::SUM, "pcre2_match_limit", "total number of times pcre2 hit the match limit" },
-+ { CountType::SUM, "pcre2_recursion_limit", "total number of times pcre2 hit the recursion limit" },
-+ { CountType::SUM, "pcre2_error", "total number of times pcre2 returns error" },
- { CountType::SUM, "cont_creations", "total number of continuations created" },
- { CountType::SUM, "cont_recalls", "total number of continuations recalled" },
- { CountType::SUM, "cont_flows", "total number of flows using continuation" },
---- a/src/utils/stats.h
-+++ b/src/utils/stats.h
-@@ -60,9 +60,9 @@ struct PacketCount
- PegCount offload_fallback;
- PegCount offload_failures;
- PegCount offload_suspends;
-- PegCount pcre_match_limit;
-- PegCount pcre_recursion_limit;
-- PegCount pcre_error;
-+ PegCount pcre2_match_limit;
-+ PegCount pcre2_recursion_limit;
-+ PegCount pcre2_error;
- PegCount cont_creations;
- PegCount cont_recalls;
- PegCount cont_flows;
---- a/src/utils/util.cc
-+++ b/src/utils/util.cc
-@@ -30,7 +30,8 @@
- #include <netdb.h>
- #include <openssl/crypto.h>
- #include <pcap.h>
--#include <pcre.h>
-+#define PCRE2_CODE_UNIT_WIDTH 8
-+#include <pcre2.h>
- #include <pwd.h>
- #include <sys/file.h>
- #include <sys/resource.h>
-@@ -105,10 +106,13 @@ void StoreSnortInfoStrings()
-
- int DisplayBanner()
- {
-+ PCRE2_UCHAR pcre2_version[32];
- const char* ljv = LUAJIT_VERSION;
- while ( *ljv && !isdigit(*ljv) )
- ++ljv;
-
-+ pcre2_config(PCRE2_CONFIG_VERSION, pcre2_version);
-+
- LogMessage("\n");
- LogMessage(" ,,_ -*> Snort++ <*-\n");
- #ifdef BUILD
-@@ -125,7 +129,7 @@ int DisplayBanner()
- LogMessage(" Using LuaJIT version %s\n", ljv);
- LogMessage(" Using %s\n", OpenSSL_version(SSLEAY_VERSION));
- LogMessage(" Using %s\n", pcap_lib_version());
-- LogMessage(" Using PCRE version %s\n", pcre_version());
-+ LogMessage(" Using PCRE version %s\n", pcre2_version);
- LogMessage(" Using ZLIB version %s\n", zlib_version);
- #ifdef HAVE_HYPERSCAN
- LogMessage(" Using Hyperscan version %s\n", hs_version());
---- a/tools/snort2lua/config_states/config_api.cc
-+++ b/tools/snort2lua/config_states/config_api.cc
-@@ -105,13 +105,13 @@ extern const ConvertMap* min_ttl_map;
- extern const ConvertMap* na_policy_mode_map;
- extern const ConvertMap* new_ttl_map;
- extern const ConvertMap* nolog_map;
--extern const ConvertMap* nopcre_map;
-+extern const ConvertMap* nopcre2_map;
- extern const ConvertMap* no_promisc_map;
- extern const ConvertMap* obfuscate_map;
- extern const ConvertMap* order_map;
- extern const ConvertMap* paf_max_map;
--extern const ConvertMap* pcre_match_limit_map;
--extern const ConvertMap* pcre_match_limit_recursion_map;
-+extern const ConvertMap* pcre2_match_limit_map;
-+extern const ConvertMap* pcre2_match_limit_recursion_map;
- extern const ConvertMap* pkt_count_map;
- extern const ConvertMap* ppm_map;
- extern const ConvertMap* policy_id_map;
-@@ -224,13 +224,13 @@ const std::vector<const ConvertMap*> con
- na_policy_mode_map,
- new_ttl_map,
- nolog_map,
-- nopcre_map,
-+ nopcre2_map,
- no_promisc_map,
- obfuscate_map,
- order_map,
- paf_max_map,
-- pcre_match_limit_map,
-- pcre_match_limit_recursion_map,
-+ pcre2_match_limit_map,
-+ pcre2_match_limit_recursion_map,
- pkt_count_map,
- ppm_map,
- policy_id_map,
---- a/tools/snort2lua/config_states/config_no_option.cc
-+++ b/tools/snort2lua/config_states/config_no_option.cc
-@@ -250,18 +250,18 @@ static const ConvertMap enable_mpls_over
- const ConvertMap* enable_mpls_overlapping_ip_map = &enable_mpls_overlapping_ip_api;
-
- /*************************************************
-- ******************** nopcre *******************
-+ ******************** nopcre2 *******************
- *************************************************/
-
--static const std::string nopcre = "nopcre";
--static const std::string pcre_enable = "pcre_enable";
--static const ConvertMap nopcre_api =
-+static const std::string nopcre2 = "nopcre2";
-+static const std::string pcre2_enable = "pcre2_enable";
-+static const ConvertMap nopcre2_api =
- {
-- nopcre,
-- config_false_no_opt_ctor<& nopcre, & detection, & pcre_enable>
-+ nopcre2,
-+ config_false_no_opt_ctor<& nopcre2, & detection, & pcre2_enable>
- };
-
--const ConvertMap* nopcre_map = &nopcre_api;
-+const ConvertMap* nopcre2_map = &nopcre2_api;
-
- /*************************************************
- ****************** obfuscate ******************
---- a/tools/snort2lua/config_states/config_one_int_option.cc
-+++ b/tools/snort2lua/config_states/config_one_int_option.cc
-@@ -217,30 +217,30 @@ static const ConvertMap new_ttl_api =
- const ConvertMap* new_ttl_map = &new_ttl_api;
-
- /*************************************************
-- ************** pcre_match_limit **************
-+ ************** pcre2_match_limit **************
- *************************************************/
-
--static const std::string pcre_match_limit = "pcre_match_limit";
--static const ConvertMap pcre_match_limit_api =
-+static const std::string pcre2_match_limit = "pcre2_match_limit";
-+static const ConvertMap pcre2_match_limit_api =
- {
-- pcre_match_limit,
-- config_int_ctor<& pcre_match_limit, & detection>,
-+ pcre2_match_limit,
-+ config_int_ctor<& pcre2_match_limit, & detection>,
- };
-
--const ConvertMap* pcre_match_limit_map = &pcre_match_limit_api;
-+const ConvertMap* pcre2_match_limit_map = &pcre2_match_limit_api;
-
- /**************************************************
-- ********** pcre_match_limit_recursion **********
-+ ********** pcre2_match_limit_recursion **********
- **************************************************/
-
--static const std::string pcre_match_limit_recursion = "pcre_match_limit_recursion";
--static const ConvertMap pcre_match_limit_recursion_api =
-+static const std::string pcre2_match_limit_recursion = "pcre_match_limit_recursion";
-+static const ConvertMap pcre2_match_limit_recursion_api =
- {
-- pcre_match_limit_recursion,
-- config_int_ctor<& pcre_match_limit_recursion, & detection>,
-+ pcre2_match_limit_recursion,
-+ config_int_ctor<& pcre2_match_limit_recursion, & detection>,
- };
-
--const ConvertMap* pcre_match_limit_recursion_map = &pcre_match_limit_recursion_api;
-+const ConvertMap* pcre2_match_limit_recursion_map = &pcre2_match_limit_recursion_api;
-
- /*************************************************
- ****************** pkt_count *****************
---- a/tools/snort2lua/rule_states/CMakeLists.txt
-+++ b/tools/snort2lua/rule_states/CMakeLists.txt
-@@ -12,7 +12,7 @@ add_library( rule_states OBJECT
- rule_http_encode.cc
- rule_isdataat.cc
- rule_metadata.cc
-- rule_pcre.cc
-+ rule_pcre2.cc
- rule_react.cc
- rule_reference.cc
- rule_replace.cc
---- a/tools/snort2lua/rule_states/rule_api.cc
-+++ b/tools/snort2lua/rule_states/rule_api.cc
-@@ -75,7 +75,7 @@ extern const ConvertMap* modbus_data_map
- extern const ConvertMap* modbus_func_map;
- extern const ConvertMap* modbus_unit_map;
- extern const ConvertMap* msg_map;
--extern const ConvertMap* pcre_map;
-+extern const ConvertMap* pcre2_map;
- extern const ConvertMap* pkt_data_map;
- extern const ConvertMap* priority_map;
- extern const ConvertMap* protected_content_map;
-@@ -159,7 +159,7 @@ const std::vector<const ConvertMap*> rul
- modbus_func_map,
- modbus_unit_map,
- msg_map,
-- pcre_map,
-+ pcre2_map,
- pkt_data_map,
- priority_map,
- protected_content_map,
---- a/tools/snort2lua/rule_states/rule_pcre.cc
-+++ /dev/null
-@@ -1,159 +0,0 @@
--//--------------------------------------------------------------------------
--// Copyright (C) 2014-2024 Cisco and/or its affiliates. All rights reserved.
--//
--// This program is free software; you can redistribute it and/or modify it
--// under the terms of the GNU General Public License Version 2 as published
--// by the Free Software Foundation. You may not use, modify or distribute
--// this program under any other version of the GNU General Public License.
--//
--// This program is distributed in the hope that it will be useful, but
--// WITHOUT ANY WARRANTY; without even the implied warranty of
--// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
--// General Public License for more details.
--//
--// You should have received a copy of the GNU General Public License along
--// with this program; if not, write to the Free Software Foundation, Inc.,
--// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
--//--------------------------------------------------------------------------
--// rule_pcre.cc author Josh Rosenbaum <jrosenba@cisco.com>
--
--#include <sstream>
--#include <vector>
--
--#include "conversion_state.h"
--#include "helpers/converter.h"
--#include "helpers/s2l_util.h"
--#include "rule_api.h"
--
--namespace rules
--{
--namespace
--{
--class Pcre : public ConversionState
--{
--public:
-- Pcre(Converter& c) : ConversionState(c) { }
-- bool convert(std::istringstream& data) override;
--};
--} // namespace
--
--bool Pcre::convert(std::istringstream& data_stream)
--{
-- bool sticky_buffer_set = false;
-- std::string buffer = "pkt_data";
--
-- char delim = '/';
-- std::string pcre_str = util::get_rule_option_args(data_stream);
-- std::string pattern;
-- std::string new_opts;
-- std::string options;
--
-- if (pcre_str.front() == '!')
-- {
-- pattern += "!";
-- pcre_str.erase(pcre_str.begin());
-- }
--
-- if (pcre_str.front() != '"' || pcre_str.back() != '"')
-- {
-- rule_api.bad_rule(data_stream, "pattern must be enclosed in \"");
-- return set_next_rule_state(data_stream);
-- }
--
-- pcre_str.erase(pcre_str.begin());
-- pattern += '"';
--
-- if (pcre_str.front() == 'm')
-- {
-- pcre_str.erase(pcre_str.begin());
-- pattern += 'm';
-- delim = pcre_str.front();
-- }
--
-- const std::size_t pattern_end = pcre_str.rfind(delim);
-- if ((pcre_str.front() != delim) || (pattern_end == 0))
-- {
-- std::string tmp = "Regex must be enclosed in delim '";
-- tmp.append(delim, 1);
-- rule_api.bad_rule(data_stream, tmp + "'");
-- return set_next_rule_state(data_stream);
-- }
--
-- pattern += pcre_str.substr(0, pattern_end + 1);
-- options = pcre_str.substr(pattern_end + 1, std::string::npos);
-- new_opts = "";
--
-- for (char c : options )
-- {
-- std::string sticky_buffer = std::string(); // empty string
--
-- switch (c)
-- {
-- case 'B': sticky_buffer = "raw_data"; break;
-- case 'U': sticky_buffer = "http_uri"; break;
-- case 'P': sticky_buffer = "pcre_P_option_body"; break;
-- case 'H': sticky_buffer = "pcre_H_option_header"; break;
-- case 'M': sticky_buffer = "http_method"; break;
-- case 'C': sticky_buffer = "http_cookie"; break;
-- case 'I': sticky_buffer = "http_raw_uri"; break;
-- case 'D': sticky_buffer = "http_raw_header"; break;
-- case 'K': sticky_buffer = "http_raw_cookie"; break;
-- case 'S': sticky_buffer = "http_stat_code"; break;
-- case 'Y': sticky_buffer = "http_stat_msg"; break;
-- case 'i':
-- case 's':
-- case 'm':
-- case 'x':
-- case 'A':
-- case 'E':
-- case 'G':
-- case 'O':
-- case 'R':
-- case '"': // end of reg_ex
-- new_opts += c;
-- break;
-- default:
-- {
-- std::string dlt_opt = "unknown option - '";
-- dlt_opt.append(1, c);
-- dlt_opt += "'";
-- rule_api.bad_rule(data_stream, dlt_opt);
-- break;
-- }
-- }
--
-- if (!sticky_buffer.empty())
-- {
-- buffer = sticky_buffer;
--
-- if (sticky_buffer_set)
-- rule_api.bad_rule(data_stream,
-- "Two sticky buffers set for this regular expression!");
-- else
-- sticky_buffer_set = true;
-- }
-- }
--
-- rule_api.add_option("pcre", pattern + new_opts);
--
-- rule_api.set_curr_options_buffer(buffer);
--
-- return set_next_rule_state(data_stream);
--}
--
--/**************************
-- ******* A P I ***********
-- **************************/
--
--static ConversionState* ctor(Converter& c)
--{ return new Pcre(c); }
--
--static const ConvertMap pcre_api =
--{
-- "pcre",
-- ctor,
--};
--
--const ConvertMap* pcre_map = &pcre_api;
--} // namespace rules
--
---- /dev/null
-+++ b/tools/snort2lua/rule_states/rule_pcre2.cc
-@@ -0,0 +1,159 @@
-+//--------------------------------------------------------------------------
-+// Copyright (C) 2014-2024 Cisco and/or its affiliates. All rights reserved.
-+//
-+// This program is free software; you can redistribute it and/or modify it
-+// under the terms of the GNU General Public License Version 2 as published
-+// by the Free Software Foundation. You may not use, modify or distribute
-+// this program under any other version of the GNU General Public License.
-+//
-+// This program is distributed in the hope that it will be useful, but
-+// WITHOUT ANY WARRANTY; without even the implied warranty of
-+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+// General Public License for more details.
-+//
-+// You should have received a copy of the GNU General Public License along
-+// with this program; if not, write to the Free Software Foundation, Inc.,
-+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-+//--------------------------------------------------------------------------
-+// rule_pcre2.cc author Josh Rosenbaum <jrosenba@cisco.com>
-+
-+#include <sstream>
-+#include <vector>
-+
-+#include "conversion_state.h"
-+#include "helpers/converter.h"
-+#include "helpers/s2l_util.h"
-+#include "rule_api.h"
-+
-+namespace rules
-+{
-+namespace
-+{
-+class Pcre2 : public ConversionState
-+{
-+public:
-+ Pcre2(Converter& c) : ConversionState(c) { }
-+ bool convert(std::istringstream& data) override;
-+};
-+} // namespace
-+
-+bool Pcre2::convert(std::istringstream& data_stream)
-+{
-+ bool sticky_buffer_set = false;
-+ std::string buffer = "pkt_data";
-+
-+ char delim = '/';
-+ std::string pcre2_str = util::get_rule_option_args(data_stream);
-+ std::string pattern;
-+ std::string new_opts;
-+ std::string options;
-+
-+ if (pcre2_str.front() == '!')
-+ {
-+ pattern += "!";
-+ pcre2_str.erase(pcre2_str.begin());
-+ }
-+
-+ if (pcre2_str.front() != '"' || pcre2_str.back() != '"')
-+ {
-+ rule_api.bad_rule(data_stream, "pattern must be enclosed in \"");
-+ return set_next_rule_state(data_stream);
-+ }
-+
-+ pcre2_str.erase(pcre2_str.begin());
-+ pattern += '"';
-+
-+ if (pcre2_str.front() == 'm')
-+ {
-+ pcre2_str.erase(pcre2_str.begin());
-+ pattern += 'm';
-+ delim = pcre2_str.front();
-+ }
-+
-+ const std::size_t pattern_end = pcre2_str.rfind(delim);
-+ if ((pcre2_str.front() != delim) || (pattern_end == 0))
-+ {
-+ std::string tmp = "Regex must be enclosed in delim '";
-+ tmp.append(delim, 1);
-+ rule_api.bad_rule(data_stream, tmp + "'");
-+ return set_next_rule_state(data_stream);
-+ }
-+
-+ pattern += pcre2_str.substr(0, pattern_end + 1);
-+ options = pcre2_str.substr(pattern_end + 1, std::string::npos);
-+ new_opts = "";
-+
-+ for (char c : options )
-+ {
-+ std::string sticky_buffer = std::string(); // empty string
-+
-+ switch (c)
-+ {
-+ case 'B': sticky_buffer = "raw_data"; break;
-+ case 'U': sticky_buffer = "http_uri"; break;
-+ case 'P': sticky_buffer = "pcre_P_option_body"; break;
-+ case 'H': sticky_buffer = "pcre_H_option_header"; break;
-+ case 'M': sticky_buffer = "http_method"; break;
-+ case 'C': sticky_buffer = "http_cookie"; break;
-+ case 'I': sticky_buffer = "http_raw_uri"; break;
-+ case 'D': sticky_buffer = "http_raw_header"; break;
-+ case 'K': sticky_buffer = "http_raw_cookie"; break;
-+ case 'S': sticky_buffer = "http_stat_code"; break;
-+ case 'Y': sticky_buffer = "http_stat_msg"; break;
-+ case 'i':
-+ case 's':
-+ case 'm':
-+ case 'x':
-+ case 'A':
-+ case 'E':
-+ case 'G':
-+ case 'O':
-+ case 'R':
-+ case '"': // end of reg_ex
-+ new_opts += c;
-+ break;
-+ default:
-+ {
-+ std::string dlt_opt = "unknown option - '";
-+ dlt_opt.append(1, c);
-+ dlt_opt += "'";
-+ rule_api.bad_rule(data_stream, dlt_opt);
-+ break;
-+ }
-+ }
-+
-+ if (!sticky_buffer.empty())
-+ {
-+ buffer = sticky_buffer;
-+
-+ if (sticky_buffer_set)
-+ rule_api.bad_rule(data_stream,
-+ "Two sticky buffers set for this regular expression!");
-+ else
-+ sticky_buffer_set = true;
-+ }
-+ }
-+
-+ rule_api.add_option("pcre", pattern + new_opts);
-+
-+ rule_api.set_curr_options_buffer(buffer);
-+
-+ return set_next_rule_state(data_stream);
-+}
-+
-+/**************************
-+ ******* A P I ***********
-+ **************************/
-+
-+static ConversionState* ctor(Converter& c)
-+{ return new Pcre2(c); }
-+
-+static const ConvertMap pcre2_api =
-+{
-+ "pcre2",
-+ ctor,
-+};
-+
-+const ConvertMap* pcre2_map = &pcre2_api;
-+} // namespace rules
-+
---- a/tools/snort2lua/rule_states/rule_sd_pattern.cc
-+++ b/tools/snort2lua/rule_states/rule_sd_pattern.cc
-@@ -41,7 +41,7 @@ private:
-
- std::string SDPattern::convert_pattern(const std::string& pattern)
- {
-- const std::string unused_pcre_tokens("()[].+*^$|");
-+ const std::string unused_pcre2_tokens("()[].+*^$|");
-
- std::string s3_pattern;
-
-@@ -100,7 +100,7 @@ std::string SDPattern::convert_pattern(c
- break;
-
- default:
-- if (unused_pcre_tokens.find(sym) != std::string::npos)
-+ if (unused_pcre2_tokens.find(sym) != std::string::npos)
- s3_pattern.push_back('\\');
- s3_pattern.push_back(sym);
- break;
projects / feed / packages.git / commitdiff