Comments (4)
jviiret
commented on May 23, 2024
2
Hi Tidy,
I believe that Hyperscan's existing prefiltering support should allow you to do what you're describing here. The implementation would likely look quite similar to the Hyperscan integration used by the rspamd project.
In prefiltering mode, Hyperscan accepts many pattern forms that it cannot implement in normal operation, such as lookahead/lookbehind assertions, and replaces them internally with broader constructs that may match more often.
For your application, in broad strokes:
At pattern compile time, take your list of PCRE patterns and compile them all into a Hyperscan database, with each pattern marked with the HS_FLAG_PREFILTER and HS_FLAG_SINGLEMATCH flags. Each pattern would also need to be compiled with PCRE.
At scan time, for a given block, you would first scan it with the Hyperscan prefiltering database and collect the list of patterns that match. For each pattern that produced a match with Hyperscan, call pcre_exec on the block to confirm the match with PCRE.
Assuming that your patterns are fairly specific (and unlikely to all match on every block), this will allow you to considerably reduce the number of PCRE scans you need to perform.
from hyperscan.
mdb256
commented on May 23, 2024
Chimera was a separate project to Hyperscan, and never shipped as a product. Chimera was a hybrid of Hyperscan and libpcre - it performed first stage matching with Hyperscan and then used libpcre to calculate the full match and capturing groups.
These features will not be introduced to Hyperscan as they aren't compatible with Hyperscan's streaming support and match semantics. We are considering introducing a project that provides these features, but it is still in the design phase.
Is there anything you can tell us about your use case for these features?
from hyperscan.
TidyHuang
commented on May 23, 2024
Thanks Matt for your kind response!
What's the name of the new project, will we be allowed to participate in the new project?
Here is my use case:
I need search certain pattern using pcre signature from network-based binary traffic and capture these information from it using block mode.
The issues I am facing:
Lookahead and Lookbehind Zero-Length Assertions not supported well , so we can't capture the exact matching string. Not sure if this issue can be resolved by Prefiltering Mode or not.
Thanks,
Tidy
from hyperscan.
TidyHuang
commented on May 23, 2024
@jviiret , Got it. Thanks you very much for your detail explanation!
So, we can close the thread.
from hyperscan.
Related Issues (20)
- Regarding hs_multi_compile and hs_scan functionality HOT 1
- Approximate match (edit distance and hamming distance)
- unit-test failed with '-march=core2' HOT 1
- Question: Would hyperscan benefit from stacked SRAM cache ?
- The issue concerning the presence of "NOT" in logical combinations. HOT 1
- Tjv
- Windows binaries HOT 1
- 'From' parameter on match callback when 'HS_MODE_STREAM' mode always as zero HOT 1
- Numbered repeat doesn't work if the lower number is omitted HOT 1
- mutiple databases use one scratch ,if a delete a database,what can i do for scratch? HOT 1
- is hyperscan abandoned? HOT 4
- encountering problems of "multiple definition of XXX" when compiling hyperscan in centos with x86_64 HOT 1
- QUEDAS_FRIAEscaneo🐧
- Hyperscan panics if bounded repeat is exactly 32767
- memory leak occurs when calling hs_compile
- giving pattern with null to hs_compile_lit_multi HOT 1
- Chimera share Library
- Can parameters limitPatternLength and limitLiteralCount be increased? HOT 1
- Combo pattern fails when operands set singlematch flag and/or max_offset HOT 1
- CMake tests failing when compiling on OpenWrt with external toolchain HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hyperscan.