]> git.ipfire.org Git - thirdparty/suricata.git/commit
projects / thirdparty / suricata.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 84b97ca) | patch
detect: don't rescan when just distance is used
authorVictor Julien <victor@inliniac.net>
Sat, 4 Mar 2017 12:40:39 +0000 (13:40 +0100)
committerVictor Julien <victor@inliniac.net>
Mon, 1 May 2017 09:59:03 +0000 (11:59 +0200)
commit7eda6beade1b9227a5ad36c50610858c67155530
treee4da378abf14cbd92abbb1500dcd33157c727498tree
parent84b97ca15519ebffded1a475d9eda058620b1931commit | diff
detect: don't rescan when just distance is used

Content inspection optimization: when just distance is used without
within we don't need to search recursively.

E.g. content:"a"; content:"b"; distance:1; will scan the buffer for
'a' and when it finds 'a' it will scan the remainder for 'b'. Until
now, the failure to find 'b' would lead to looking for the next 'a'
and then for 'b' after that. However, we already inspected the
entire buffer for 'b', so we know this will fail.
src/detect-byte-extract.c diff | blob | blame | history
src/detect-content.h diff | blob | blame | history
src/detect-distance.c diff | blob | blame | history
src/detect-engine-content-inspection.c diff | blob | blame | history
src/detect-within.c diff | blob | blame | history
src/tests/detect-engine-content-inspection.c diff | blob | blame | history
Mirror of https://github.com/OISF/suricata.git