git.ipfire.org Git - people/ms/suricata.git/commit

author	Victor Julien <victor@inliniac.net>
	Mon, 10 Apr 2017 18:42:25 +0000 (20:42 +0200)
committer	Victor Julien <victor@inliniac.net>
	Fri, 21 Apr 2017 16:58:01 +0000 (18:58 +0200)
commit	a0fad6bb7fd57080f35ac500cf623cc21bcb2f92
tree	b5f6facfe0783344ca7b79d819c34006393d717b	tree \| snapshot
parent	d304be5bc3fff43ef27eddec56569ab6b512689a	commit \| diff

mpm: run engines as few times as possible

In various scenarios buffers would be checked my MPM more than
once. This was because the buffers would be inspected for a
certain progress value or higher.

For example, for each packet in a file upload, the engine would
not just rerun the 'http client body' MPM on the new data, it
would also rerun the method, uri, headers, cookie, etc MPMs.

This was obviously inefficent, so this patch changes the logic.

The patch only runs the MPM engines when the progress is exactly
the intended progress. If the progress is beyond the desired
value, it is run once. A tracker is added to the app layer API,
where the completed MPMs are tracked.

Implemented for HTTP, TLS and SSH.

src/app-layer-htp.c		diff \| blob \| blame \| history
src/app-layer-htp.h		diff \| blob \| blame \| history
src/app-layer-parser.c		diff \| blob \| blame \| history
src/app-layer-parser.h		diff \| blob \| blame \| history
src/app-layer-ssh.c		diff \| blob \| blame \| history
src/app-layer-ssh.h		diff \| blob \| blame \| history
src/app-layer-ssl.c		diff \| blob \| blame \| history
src/app-layer-ssl.h		diff \| blob \| blame \| history
src/detect-engine-prefilter.c		diff \| blob \| blame \| history