detect mpm: fast_pattern assignment cleanup

author Victor Julien <victor@inliniac.net>

Tue, 13 Oct 2015 06:33:27 +0000 (08:33 +0200)

committer Victor Julien <victor@inliniac.net>

Tue, 5 Apr 2016 07:30:11 +0000 (09:30 +0200)
author Victor Julien <victor@inliniac.net>
Tue, 13 Oct 2015 06:33:27 +0000 (08:33 +0200)
committer Victor Julien <victor@inliniac.net>
Tue, 5 Apr 2016 07:30:11 +0000 (09:30 +0200)
diff --git a/src/detect-engine-mpm.c b/src/detect-engine-mpm.c

index 65baebf9e4f081156734b3d603c2038f00720a74..34964c432d827d33e987088c65ab53e2d9539b59 100644 (file)
--- a/src/detect-engine-mpm.c
+++ b/src/detect-engine-mpm.c
@@ -983,11 +983,10 @@ static void PopulateMpmHelperAddPatternToPktCtx(MpmCtx *mpm_ctx,
  #define SGH_DIRECTION_TS(sgh) ((sgh)->init->direction & SIG_FLAG_TOSERVER)
  #define SGH_DIRECTION_TC(sgh) ((sgh)->init->direction & SIG_FLAG_TOCLIENT)
  
-SigMatch *RetrieveFPForSig(Signature *s)
+void RetrieveFPForSig(Signature *s)
  {
      if (s->mpm_sm != NULL)
-        return s->mpm_sm;
-
+        return;
  
      SigMatch *mpm_sm = NULL, *sm = NULL;
      int nn_sm_list[DETECT_SM_LIST_MAX];
@@ -998,6 +997,8 @@ SigMatch *RetrieveFPForSig(Signature *s)
      int count_n_sm_list = 0;
      int list_id;
  
+    /* inspect rule to see if we have the fast_pattern keyword to
+     * force using a sig, otherwise keep stats about the patterns */
      for (list_id = 0; list_id < DETECT_SM_LIST_MAX; list_id++) {
          if (!FastPatternSupportEnabledForSigMatchList(list_id))
              continue;
@@ -1007,8 +1008,13 @@ SigMatch *RetrieveFPForSig(Signature *s)
                  continue;
  
              DetectContentData *cd = (DetectContentData *)sm->ctx;
-            if ((cd->flags & DETECT_CONTENT_FAST_PATTERN))
-                return sm;
+
+            /* fast_pattern set in rule, so using this pattern */
+            if ((cd->flags & DETECT_CONTENT_FAST_PATTERN)) {
+                s->mpm_sm = sm;
+                return;
+            }
+
              if (cd->flags & DETECT_CONTENT_NEGATED) {
                  n_sm_list[list_id] = 1;
                  count_n_sm_list++;
@@ -1016,9 +1022,10 @@ SigMatch *RetrieveFPForSig(Signature *s)
                  nn_sm_list[list_id] = 1;
                  count_nn_sm_list++;
              }
-        } /* for */
-    } /* for */
+        }
+    }
  
+    /* prefer normal not-negated over negated */
      int *curr_sm_list = NULL;
      int skip_negated_content = 1;
      if (count_nn_sm_list > 0) {
@@ -1027,7 +1034,7 @@ SigMatch *RetrieveFPForSig(Signature *s)
          curr_sm_list = n_sm_list;
          skip_negated_content = 0;
      } else {
-        return NULL;
+        return;
      }
  
      int final_sm_list[DETECT_SM_LIST_MAX];
@@ -1038,8 +1045,8 @@ SigMatch *RetrieveFPForSig(Signature *s)
      while (tmp != NULL) {
          for (priority = tmp->priority;
               tmp != NULL && priority == tmp->priority;
-             tmp = tmp->next) {
-
+             tmp = tmp->next)
+        {
              if (curr_sm_list[tmp->list_id] == 0)
                  continue;
              final_sm_list[count_final_sm_list++] = tmp->list_id;
@@ -1096,11 +1103,12 @@ SigMatch *RetrieveFPForSig(Signature *s)
                  } else {
                      SCLogDebug("sticking with mpm_sm");
                  }
-            } /* else - if */
-        } /* for */
-    } /* for */
+            }
+        }
+    }
  
-    return mpm_sm;
+    s->mpm_sm = mpm_sm;
+    return;
  }
  
  /** \internal
@@ -1767,7 +1775,7 @@ int DetectSetFastPatternAndItsId(DetectEngineCtx *de_ctx)
       * true size, since duplicates are removed below, but counted here.
       */
      for (s = de_ctx->sig_list; s != NULL; s = s->next) {
-        s->mpm_sm = RetrieveFPForSig(s);
+        RetrieveFPForSig(s);
          if (s->mpm_sm != NULL) {
              DetectContentData *cd = (DetectContentData *)s->mpm_sm->ctx;
              struct_total_size += sizeof(DetectFPAndItsId);
diff --git a/src/detect-engine-mpm.h b/src/detect-engine-mpm.h

index 9984791c26797c890bd4f867921ca5e086614609..7231caf6ae9f21596e49dab8b5a140167b2bded9 100644 (file)
--- a/src/detect-engine-mpm.h
+++ b/src/detect-engine-mpm.h
@@ -83,7 +83,7 @@ uint32_t DetectContentGetId(MpmPatternIdStore *, DetectContentData *);
  int SignatureHasPacketContent(const Signature *);
  int SignatureHasStreamContent(const Signature *);
  
-SigMatch *RetrieveFPForSig(Signature *s);
+void RetrieveFPForSig(Signature *s);
  
  int MpmStoreInit(DetectEngineCtx *);
  void MpmStoreFree(DetectEngineCtx *);
diff --git a/src/detect.c b/src/detect.c

index 9189b4612ff89e159fd9aff6dde891e9e19561a7..7a3f6575388e856eea2c139bd7b6f490d8824f1f 100644 (file)
--- a/src/detect.c
+++ b/src/detect.c
@@ -357,7 +357,7 @@ static int DetectLoadSigFile(DetectEngineCtx *de_ctx, char *sig_file,
          sig = DetectEngineAppendSig(de_ctx, line);
          if (sig != NULL) {
              if (rule_engine_analysis_set || fp_engine_analysis_set) {
-                sig->mpm_sm = RetrieveFPForSig(sig);
+                RetrieveFPForSig(sig);
                  if (fp_engine_analysis_set) {
                      EngineAnalysisFP(sig, line);
                  }
author	Victor Julien <victor@inliniac.net>
	Tue, 13 Oct 2015 06:33:27 +0000 (08:33 +0200)
committer	Victor Julien <victor@inliniac.net>
	Tue, 5 Apr 2016 07:30:11 +0000 (09:30 +0200)
src/detect-engine-mpm.c		patch \| blob \| blame \| history
src/detect-engine-mpm.h		patch \| blob \| blame \| history
src/detect.c		patch \| blob \| blame \| history