]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0b5d8a1)
detect/analyzer: show pattern that is used by mpm
authorVictor Julien <victor@inliniac.net>
Thu, 9 Aug 2018 21:27:00 +0000 (23:27 +0200)
committerVictor Julien <victor@inliniac.net>
Fri, 10 Aug 2018 10:34:26 +0000 (12:34 +0200)
Set a new DETECT_CONTENT_MPM flag on the pattern that is selected
during setup.

src/detect-content.h patch | blob | blame | history
src/detect-engine-analyzer.c patch | blob | blame | history
src/detect-engine-mpm.c patch | blob | blame | history

diff --git a/src/detect-content.h b/src/detect-content.h
index 3bcf7c83bf5f9dea3c7ff1cd86f17b43205ca521..484e8993a27540f399d27d812231a091046e558d 100644 (file)
--- a/src/detect-content.h
+++ b/src/detect-content.h
@@ -57,6 +57,9 @@
 #define DETECT_CONTENT_WITHIN_NEXT      BIT_U32(17)
 #define DETECT_CONTENT_DISTANCE_NEXT    BIT_U32(18)
 #define DETECT_CONTENT_STARTS_WITH      BIT_U32(19)
+/** MPM pattern selected by the engine or forced by fast_pattern keyword */
+#define DETECT_CONTENT_MPM              BIT_U32(20)
+
 /** a relative match to this content is next, used in matching phase */
 #define DETECT_CONTENT_RELATIVE_NEXT    (DETECT_CONTENT_WITHIN_NEXT|DETECT_CONTENT_DISTANCE_NEXT)
 
diff --git a/src/detect-engine-analyzer.c b/src/detect-engine-analyzer.c
index f11e4f47dfbb064614834d7d119c553d0e5a78e1..2c67c84bbe4c37bc41520e328f9305a16901072c 100644 (file)
--- a/src/detect-engine-analyzer.c
+++ b/src/detect-engine-analyzer.c
@@ -504,6 +504,7 @@ static void DumpMatches(json_t *js, const SigMatchData *smd)
                         json_object_set_new(js_match_content, "negated", json_boolean(cd->flags & DETECT_CONTENT_NEGATED));
                         json_object_set_new(js_match_content, "starts_with", json_boolean(cd->flags & DETECT_CONTENT_STARTS_WITH));
                         json_object_set_new(js_match_content, "ends_with", json_boolean(cd->flags & DETECT_CONTENT_ENDS_WITH));
+                        json_object_set_new(js_match_content, "is_mpm", json_boolean(cd->flags & DETECT_CONTENT_MPM));
                         if (cd->flags & DETECT_CONTENT_OFFSET) {
                             json_object_set_new(js_match_content, "offset", json_integer(cd->offset));
                         }
diff --git a/src/detect-engine-mpm.c b/src/detect-engine-mpm.c
index 28b9f3f6cd4d200de9fc42b405ae48b6bf385bd1..69977cc9e4c63026283868da649069a9982da83f 100644 (file)
--- a/src/detect-engine-mpm.c
+++ b/src/detect-engine-mpm.c
@@ -666,6 +666,7 @@ static void SetMpm(Signature *s, SigMatch *mpm_sm)
             cd->flags |= DETECT_CONTENT_NO_DOUBLE_INSPECTION_REQUIRED;
         }
     }
+    cd->flags |= DETECT_CONTENT_MPM;
     s->init_data->mpm_sm = mpm_sm;
     return;
 }
Mirror of https://github.com/OISF/suricata.git