Since recursive content matching goes through the buffer from left to
right, it is possible to bail early when isdataat is part of the
recursive checking. If `isdataat:50,relative` fails for offset 10, it
will surely also fail for offset 20. So break inspection in such cases.
The exception is for dynamic isdataat, where the value is determined
by a prior byte_extract that may be updated during the recursion.
projects / thirdparty / suricata.git / commit
