计算的包长为payload长度，忽略payload长度为0的包HEADmain

7 files changed, 34 insertions, 26 deletions

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..650711e
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,5 @@
+# Vscode
+.vscode/*
+
+# build
+build/*
\ No newline at end of file
diff --git a/src/pkt_seq_matcher_plugin.cpp b/src/pkt_seq_matcher_plugin.cpp
index cde629d..1911483 100644
--- a/src/pkt_seq_matcher_plugin.cpp
+++ b/src/pkt_seq_matcher_plugin.cpp
@@ -60,12 +60,12 @@ static int pkt_seq_matcher_hyperscan_init(struct pkt_seq_matcher_plugin_info *ps
 {
 	hs_error_t err;
 	hs_compile_error_t *compile_err;
-	const char *expression[6] = {"^[\u00C9-\u03E8][\u099C-\u0B68]{3}[\u0001-\u05B4]{0,3}[\u0001-\u0258][\u067D-\u080C][\u0001-\u05B4]$",
-								"^[\u00C9-\u03E8][\u099C-\u0B68]{3}[\u0001-\u05B4]{0,3}[\u0001-\u00C8][\u05B5-\u067C][\u0001-\u05B4]$",
-								"^[\u00C9-\u03E8][\u099C-\u0B68]{2}[\u067D-\u099C][\u0001-\u0258][\u067D-\u080C][\u0001-\u05B4]$",
-								"^[\u00C9-\u03E8][\u099C-\u0B68]{2}[\u067D-\u099C][\u0001-\u00C8][\u05B5-\u067C][\u0001-\u05B4]$",
-								"^[\u0259-\u03E8][\u05B5-\u067C][\u0001-\u05B4]$",
-								"^[\u0259-\u03E8][\u067D-\u080C][\u0001-\u05B4]$"};
+	const char *expression[6] = {"[\u00C9-\u03E8][\u099C-\u0B68]{3}[\u05B5-\u067C][\u0001-\u05B4]{0,3}[\u0001-\u0258][\u067D-\u080C][\u0001-\u05B4]",
+								"[\u00C9-\u03E8][\u099C-\u0B68]{3}[\u0001-\u05B4]{0,3}[\u0001-\u00C8][\u05B5-\u067C][\u0001-\u05B4]",
+								"[\u00C9-\u03E8][\u099C-\u0B68]{2}[\u067D-\u099C][\u0001-\u0258][\u067D-\u080C][\u0001-\u05B4]",
+								"[\u00C9-\u03E8][\u099C-\u0B68]{2}[\u067D-\u099C][\u0001-\u00C8][\u05B5-\u067C][\u0001-\u05B4]",
+								"[\u0259-\u03E8][\u05B5-\u067C][\u0001-\u05B4]",
+								"[\u0259-\u03E8][\u067D-\u080C][\u0001-\u05B4]"};
 	unsigned int flags[6] = {HS_FLAG_DOTALL | HS_FLAG_UTF8, HS_FLAG_DOTALL | HS_FLAG_UTF8, HS_FLAG_DOTALL | HS_FLAG_UTF8, HS_FLAG_DOTALL | HS_FLAG_UTF8, HS_FLAG_DOTALL | HS_FLAG_UTF8, HS_FLAG_DOTALL | HS_FLAG_UTF8};
 	unsigned int ids[6] = {0, 1, 2, 3, 4, 5};
 	hs_database_t *db = NULL;
@@ -110,7 +110,7 @@ int pkt_seq_matcher_entry(struct session *session, int events, const struct pack
 
 	struct pkt_seq_matcher_plugin_info *psm_plugin_info = (struct pkt_seq_matcher_plugin_info *)cb_arg;
 	struct pkt_seq_matcher_ctx *ctx = (struct pkt_seq_matcher_ctx *)session_get_ex_data(session, psm_plugin_info->sess_ctx_exdata_idx);
-	size_t pktlen = 0;
+	size_t payload_len = 0;
 	int pkt_direction;
 
 	if (ctx == NULL)
@@ -123,44 +123,47 @@ int pkt_seq_matcher_entry(struct session *session, int events, const struct pack
 			hs_error_t err = hs_alloc_scratch(psm_plugin_info->hs_database, &hs_scratch);
 			if (err != HS_SUCCESS) {
 				MESA_handle_runtime_log(g_logger_handle, RLOG_LV_FATAL, "PKT_SEQ_MATCHER", "alloc for scratch failed");
-				goto ERROR;
+				goto DETACH_SESSION;
 			}
 		}
 
 		hs_error_t err = hs_open_stream(psm_plugin_info->hs_database, 0, &ctx->hs_stream);
 		if (err != HS_SUCCESS) {
 			MESA_handle_runtime_log(g_logger_handle, RLOG_LV_FATAL, "PKT_SEQ_MATCHER", "%s: open stream failed", session_get0_readable_addr(session));
-			goto ERROR;
+			goto DETACH_SESSION;
 		}
 	}
 
-	packet_get0_data(pkt, &pktlen);
-	if (pktlen == 0)
+	session_get0_current_payload(session, &payload_len);
+	if (payload_len == 0)
 	{
 		return 0;
 	}
 
 	pkt_direction = packet_get_direction(pkt);
 
+	MESA_handle_runtime_log(g_logger_handle, RLOG_LV_DEBUG, "PKT_SEQ_MATCHER", "%s: payload_len: %d", pkt_direction == PACKET_DIRECTION_C2S ? "C2S" : "S2C", payload_len);
+
 	if (pkt_direction == PACKET_DIRECTION_S2C)
 	{
-		pktlen += 1460;
+		payload_len += 1460;
 	}
 
 	memset(unicode_charactor, 0, sizeof(unicode_charactor));
-	encode_utf8(pktlen, unicode_charactor);
+	encode_utf8(payload_len, unicode_charactor);
 	if (hs_scan_stream(ctx->hs_stream, (const char *)unicode_charactor, strlen(unicode_charactor), 0, hs_scratch, eventHandler, ctx) != HS_SUCCESS)
 	{
-		MESA_handle_runtime_log(g_logger_handle, RLOG_LV_FATAL, "PKT_SEQ_MATCHER", "%s: scan failed, pkt_len: %d", session_get0_readable_addr(session), pktlen);
+		MESA_handle_runtime_log(g_logger_handle, RLOG_LV_FATAL, "PKT_SEQ_MATCHER", "%s: scan failed, pkt_len: %d", session_get0_readable_addr(session), payload_len);
 	}
 	if (ctx->match_flag == 1)
 	{
 		MESA_handle_runtime_log(g_logger_handle, RLOG_LV_DEBUG, "PKT_SEQ_MATCHER", "%s: match success", session_get0_readable_addr(session));
+		goto DETACH_SESSION;
 	}
 
 	return 0;
 
-ERROR:
+DETACH_SESSION:
 	struct session_event *i_ev = session_get_intrinsic_event(session, psm_plugin_info->plugin_id);
 	session_event_assign(i_ev, psm_plugin_info->st, session, 0, pkt_seq_matcher_entry, psm_plugin_info);
 	return 0;
diff --git a/vendor/CMakeLists.txt b/vendor/CMakeLists.txt
index 333d84e..882268a 100644
--- a/vendor/CMakeLists.txt
+++ b/vendor/CMakeLists.txt
@@ -8,22 +8,22 @@ set(VENDOR_BUILD ${CMAKE_BINARY_DIR}/vendor/vbuild)
 set(CMAKE_C_FLAGS "-std=c99 -fPIC -Wall") 
 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fPIC -Wall")
 
-# colm-0.13.0.5
+# colm-0.14.7
 ExternalProject_Add(colm PREFIX colm 
-                    URL ${CMAKE_CURRENT_SOURCE_DIR}/colm-0.13.0.5.tar.gz
+                    URL ${CMAKE_CURRENT_SOURCE_DIR}/colm-0.14.7.tar.gz
 	                CONFIGURE_COMMAND ./autogen.sh && ./configure --prefix=${VENDOR_BUILD}
+	                BUILD_COMMAND make
+	                INSTALL_COMMAND make install 
+	                BUILD_IN_SOURCE 1)
+
+# ragel-7.0.4
+ExternalProject_Add(ragel PREFIX ragel
+                    URL ${CMAKE_CURRENT_SOURCE_DIR}/ragel-7.0.4.tar.gz
+	                CONFIGURE_COMMAND ./autogen.sh && ./configure --disable-manual --prefix=${VENDOR_BUILD} --with-colm=${VENDOR_BUILD}
+	                DEPENDS colm
 	                BUILD_COMMAND make	
 	                INSTALL_COMMAND make install
 	                BUILD_IN_SOURCE 1)
-                    
-# ragel-6.10
-ExternalProject_Add(ragel PREFIX ragel
-  URL ${CMAKE_CURRENT_SOURCE_DIR}/ragel-6.10.tar.gz
-  CONFIGURE_COMMAND <SOURCE_DIR>/configure --prefix=${VENDOR_BUILD} --with-colm=${VENDOR_BUILD}
-  BUILD_COMMAND $(MAKE)
-  INSTALL_COMMAND $(MAKE) install
-  BUILD_IN_SOURCE 1
-)
 
 # HyperScan 5.4.2
 ExternalProject_Add(hyperscan PREFIX hyperscan
diff --git a/vendor/colm-0.13.0.5.tar.gz b/vendor/colm-0.13.0.5.tar.gz
deleted file mode 100644
index 51f4f6d..0000000
--- a/vendor/colm-0.13.0.5.tar.gz
+++ /dev/null
diff --git a/vendor/colm-0.14.7.tar.gz b/vendor/colm-0.14.7.tar.gz
new file mode 100644
index 0000000..2bb97ed
--- /dev/null
+++ b/vendor/colm-0.14.7.tar.gz
diff --git a/vendor/ragel-6.10.tar.gz b/vendor/ragel-6.10.tar.gz
deleted file mode 100644
index 9b7392e..0000000
--- a/vendor/ragel-6.10.tar.gz
+++ /dev/null
diff --git a/vendor/ragel-7.0.4.tar.gz b/vendor/ragel-7.0.4.tar.gz
new file mode 100644
index 0000000..d37daf6
--- /dev/null
+++ b/vendor/ragel-7.0.4.tar.gz