git.ipfire.org Git - thirdparty/suricata.git/commit

author	Victor Julien <victor@inliniac.net>
	Tue, 11 Apr 2017 16:15:16 +0000 (18:15 +0200)
committer	Victor Julien <victor@inliniac.net>
	Fri, 21 Apr 2017 16:58:01 +0000 (18:58 +0200)
commit	d1b7a8390581f0ed7a4f221e6a2af86a6df954a5
tree	7c07155af460b6c813de8479ca09eed94eaecfc1	tree
parent	a0fad6bb7fd57080f35ac500cf623cc21bcb2f92	commit \| diff

detect: change mask logic

Previously the MPM/Prefilter engines would suggest the same rule
candidates multiple times.

For example, while processing the request body, the http headers
would be inspected by MPM multiple times.

The mask check was one way to quickly decide which rules could be
skipped.

Now that the MPM engines normally return a rule just once, this
mask check no longer makes sense. If the rule meets the ip/port/
direction based conditions, it needs to be evaluated if the MPM
said so. Even if not all conditions are yet true.

WIP disable mask as it no longer makes sense

WIP redo mask match