A lot of time was spent in `SigMatchListSMBelongsTo` for the `mpm_sm`.
Optimize this by keeping the value at hand during Signature parsing and
detection engine setup.
int fast_pattern_set = 0;
int fast_pattern_only_set = 0;
int fast_pattern_chop_set = 0;
- DetectContentData *fp_cd = NULL;
- SigMatch *mpm_sm = s->init_data->mpm_sm;
+ const DetectContentData *fp_cd = NULL;
+ const SigMatch *mpm_sm = s->init_data->mpm_sm;
+ const int mpm_sm_list = s->init_data->mpm_sm_list;
if (mpm_sm != NULL) {
fp_cd = (DetectContentData *)mpm_sm->ctx;
}
fprintf(fp_engine_analysis_FD, " Fast pattern matcher: ");
- int list_type = SigMatchListSMBelongsTo(s, mpm_sm);
+ int list_type = mpm_sm_list;
if (list_type == DETECT_SM_LIST_PMATCH)
fprintf(fp_engine_analysis_FD, "content\n");
else {
static void EngineAnalysisRulesPrintFP(const DetectEngineCtx *de_ctx, const Signature *s)
{
- DetectContentData *fp_cd = NULL;
- SigMatch *mpm_sm = s->init_data->mpm_sm;
+ const DetectContentData *fp_cd = NULL;
+ const SigMatch *mpm_sm = s->init_data->mpm_sm;
+ const int mpm_sm_list = s->init_data->mpm_sm_list;
if (mpm_sm != NULL) {
fp_cd = (DetectContentData *)mpm_sm->ctx;
fprintf(rule_engine_analysis_FD, "\" on \"");
- int list_type = SigMatchListSMBelongsTo(s, mpm_sm);
+ const int list_type = mpm_sm_list;
if (list_type == DETECT_SM_LIST_PMATCH) {
int payload = 0;
int stream = 0;
warn_offset_depth_alproto = 1;
}
if (s->init_data->mpm_sm != NULL && s->alproto == ALPROTO_HTTP1 &&
- SigMatchListSMBelongsTo(s, s->init_data->mpm_sm) == DETECT_SM_LIST_PMATCH) {
+ s->init_data->mpm_sm_list == DETECT_SM_LIST_PMATCH) {
rule_warning += 1;
warn_non_alproto_fp_for_alproto_sig = 1;
}
{
if (s->init_data->mpm_sm == NULL)
return -1;
- int mpm_list = SigMatchListSMBelongsTo(s, s->init_data->mpm_sm);
+ int mpm_list = s->init_data->mpm_sm_list;
if (mpm_list < 0)
return -1;
const DetectContentData *cd = (const DetectContentData *)s->init_data->mpm_sm->ctx;
{
if (s->init_data->mpm_sm == NULL)
return 0;
- int mpm_list = SigMatchListSMBelongsTo(s, s->init_data->mpm_sm);
+ int mpm_list = s->init_data->mpm_sm_list;
if (mpm_list < 0)
return 0;
const DetectContentData *cd = (const DetectContentData *)s->init_data->mpm_sm->ctx;
}
} else {
- int mpm_list = SigMatchListSMBelongsTo(s, s->init_data->mpm_sm);
+ int mpm_list = s->init_data->mpm_sm_list;
BUG_ON(mpm_list < 0);
const DetectContentData *cd = (const DetectContentData *)s->init_data->mpm_sm->ctx;
uint32_t size = cd->content_len < 256 ? cd->content_len : 255;
/* one byte pattern in packet/stream payloads */
} else if (s->init_data->mpm_sm != NULL &&
- SigMatchListSMBelongsTo(s, s->init_data->mpm_sm) == DETECT_SM_LIST_PMATCH &&
- RuleGetMpmPatternSize(s) == 1)
- {
+ s->init_data->mpm_sm_list == DETECT_SM_LIST_PMATCH &&
+ RuleGetMpmPatternSize(s) == 1) {
SCLogDebug("Rule %u No MPM. Payload inspecting. Whitelisting SGH's.", s->id);
wl = 55;
} else if (DetectFlagsSignatureNeedsSynPackets(s) &&
- DetectFlagsSignatureNeedsSynOnlyPackets(s))
- {
+ DetectFlagsSignatureNeedsSynOnlyPackets(s)) {
SCLogDebug("Rule %u Needs SYN, so inspected often. Whitelisting SGH's.", s->id);
wl = 33;
}
#define SGH_DIRECTION_TS(sgh) ((sgh)->init->direction & SIG_FLAG_TOSERVER)
#define SGH_DIRECTION_TC(sgh) ((sgh)->init->direction & SIG_FLAG_TOCLIENT)
-static void SetMpm(Signature *s, SigMatch *mpm_sm)
+static void SetMpm(Signature *s, SigMatch *mpm_sm, const int mpm_sm_list)
{
if (s == NULL || mpm_sm == NULL)
return;
}
}
cd->flags |= DETECT_CONTENT_MPM;
+ s->init_data->mpm_sm_list = mpm_sm_list;
s->init_data->mpm_sm = mpm_sm;
return;
}
if (s->init_data->mpm_sm != NULL)
return;
- SigMatch *mpm_sm = NULL, *sm = NULL;
+ SigMatch *sm = NULL;
const int nlists = s->init_data->smlists_array_size;
int nn_sm_list[nlists];
int n_sm_list[nlists];
const DetectContentData *cd = (DetectContentData *)sm->ctx;
/* fast_pattern set in rule, so using this pattern */
if ((cd->flags & DETECT_CONTENT_FAST_PATTERN)) {
- SetMpm(s, sm);
+ SetMpm(s, sm, list_id);
return;
}
}
}
+ SigMatch *mpm_sm = NULL;
+ int mpm_sm_list = -1;
for (int i = 0; i < count_final_sm_list; i++) {
if (final_sm_list[i] >= (int)s->init_data->smlists_array_size)
continue;
+ /* GetMpmForList may keep `mpm_sm` the same, so track if it changed */
+ SigMatch *prev_mpm_sm = mpm_sm;
mpm_sm = GetMpmForList(s, final_sm_list[i], mpm_sm, max_len, skip_negated_content);
+ if (mpm_sm != prev_mpm_sm) {
+ mpm_sm_list = final_sm_list[i];
+ }
}
+#ifdef DEBUG
+ if (mpm_sm != NULL) {
+ BUG_ON(mpm_sm_list == -1);
+ int check_list = SigMatchListSMBelongsTo(s, mpm_sm);
+ BUG_ON(check_list != mpm_sm_list);
+ }
+#endif
/* assign to signature */
- SetMpm(s, mpm_sm);
+ SetMpm(s, mpm_sm, mpm_sm_list);
return;
}
}
if (s->init_data->mpm_sm == NULL)
continue;
- int list = SigMatchListSMBelongsTo(s, s->init_data->mpm_sm);
+ int list = s->init_data->mpm_sm_list;
if (list < 0)
continue;
if (list != ms->sm_list)
if (s->init_data->mpm_sm == NULL)
continue;
- int list = SigMatchListSMBelongsTo(s, s->init_data->mpm_sm);
+ int list = s->init_data->mpm_sm_list;
if (list < 0)
continue;
if ((s->flags & am->direction) == 0)
continue;
- int list = SigMatchListSMBelongsTo(s, s->init_data->mpm_sm);
+ int list = s->init_data->mpm_sm_list;
if (list < 0)
continue;
if (s->init_data->mpm_sm == NULL)
continue;
- int list = SigMatchListSMBelongsTo(s, s->init_data->mpm_sm);
+ int list = s->init_data->mpm_sm_list;
if (list < 0)
continue;
if ((s->flags & am->direction) == 0)
continue;
- int list = SigMatchListSMBelongsTo(s, s->init_data->mpm_sm);
+ int list = s->init_data->mpm_sm_list;
if (list < 0)
continue;
for (s = de_ctx->sig_list; s != NULL; s = s->next) {
if (s->init_data->mpm_sm != NULL) {
- int sm_list = SigMatchListSMBelongsTo(s, s->init_data->mpm_sm);
+ int sm_list = s->init_data->mpm_sm_list;
BUG_ON(sm_list == -1);
DetectContentData *cd = (DetectContentData *)s->init_data->mpm_sm->ctx;
if (unlikely(new_engine == NULL)) {
exit(EXIT_FAILURE);
}
- if (SigMatchListSMBelongsTo(s, s->init_data->mpm_sm) == DETECT_SM_LIST_PMATCH) {
+ if (s->init_data->mpm_sm_list == DETECT_SM_LIST_PMATCH) {
SCLogDebug("stream is mpm");
prepend = true;
new_engine->mpm = true;
SigMatchData *ptrs[nlists];
memset(&ptrs, 0, (nlists * sizeof(SigMatchData *)));
- const int mpm_list = s->init_data->mpm_sm ?
- SigMatchListSMBelongsTo(s, s->init_data->mpm_sm) :
- -1;
+ const int mpm_list = s->init_data->mpm_sm ? s->init_data->mpm_sm_list : -1;
const int files_id = DetectBufferTypeGetByName("files");
if (e == NULL)
return -1;
- e->mpm = (SigMatchListSMBelongsTo(s, s->init_data->mpm_sm) == list_id);
+ e->mpm = s->init_data->mpm_sm_list == list_id;
e->sm_list = list_id;
e->sm_list_base = list_id;
e->v1.Callback = Callback;
SCFree(sig);
return NULL;
}
+ sig->init_data->mpm_sm_list = -1;
sig->init_data->smlists_array_size = DetectBufferTypeMaxId();
SCLogDebug("smlists size %u", sig->init_data->smlists_array_size);
/* used at init to determine max dsize */
SigMatch *dsize_sm;
+ /* list id for `mpm_sm`. Should always match `SigMatchListSMBelongsTo(s, mpm_sm)`. */
+ int mpm_sm_list;
/* the fast pattern added from this signature */
SigMatch *mpm_sm;
/* used to speed up init of prefilter */
projects / thirdparty / suricata.git / commitdiff
