mpm: add "auto" default for mpm-algo

Setting mpm-algo to "auto" will use "hs" if Suricata was built against
Hyperscan, and "ac" otherwise (or "ac-tile" on Tilera platforms).

diff --git a/src/detect-engine-mpm.c b/src/detect-engine-mpm.c
index 04cca7844f7bf1ef2a7c95efddab397966027799..fe469b4a08a23e5da6c86b38d2d29387bbaedc76 100644 (file)
--- a/src/detect-engine-mpm.c
+++ b/src/detect-engine-mpm.c
@@ -335,6 +335,9 @@ uint16_t PatternMatchDefaultMatcher(void)
         uint16_t u;
 
         if (mpm_algo != NULL) {
+            if (strcmp("auto", mpm_algo) == 0) {
+                goto done;
+            }
             for (u = 0; u < MPM_TABLE_SIZE; u++) {
                 if (mpm_table[u].name == NULL)
                     continue;

diff --git a/src/detect-engine.c b/src/detect-engine.c
index a319a0ea329b1913648c476797d921ae87fd0e02..dea169ed3ff4037dd8da73ee48fd3bcc0314ee88 100644 (file)
--- a/src/detect-engine.c
+++ b/src/detect-engine.c
@@ -1041,7 +1041,7 @@ static int DetectEngineCtxLoadConf(DetectEngineCtx *de_ctx)
     if (sgh_mpm_context == NULL || strcmp(sgh_mpm_context, "auto") == 0) {
         /* for now, since we still haven't implemented any intelligence into
          * understanding the patterns and distributing mpm_ctx across sgh */
-        if (de_ctx->mpm_matcher == DEFAULT_MPM || de_ctx->mpm_matcher == MPM_AC_TILE ||
+        if (de_ctx->mpm_matcher == MPM_AC || de_ctx->mpm_matcher == MPM_AC_TILE ||
 #ifdef BUILD_HYPERSCAN
             de_ctx->mpm_matcher == MPM_HS ||
 #endif

diff --git a/src/util-mpm.h b/src/util-mpm.h
index 2c165bedab03a023212e8d59cccfa71649634562..4930f0a6b62c382b0bf3f6bdbb04c29607d6b3a8 100644 (file)
--- a/src/util-mpm.h
+++ b/src/util-mpm.h
@@ -43,10 +43,16 @@ enum {
     MPM_TABLE_SIZE,
 };
 
-#ifdef __tile__
-#define DEFAULT_MPM   MPM_AC_TILE
+/* MPM matcher to use by default, i.e. when "mpm-algo" is set to "auto".
+ * If Hyperscan is available, use it. Otherwise, use AC. */
+#ifdef BUILD_HYPERSCAN
+# define DEFAULT_MPM    MPM_HS
 #else
-#define DEFAULT_MPM   MPM_AC
+# ifdef __tile__
+#  define DEFAULT_MPM   MPM_AC_TILE
+# else
+#  define DEFAULT_MPM   MPM_AC
+# endif
 #endif
 
 /* Internal Pattern Index: 0 to pattern_cnt-1 */

diff --git a/suricata.yaml.in b/suricata.yaml.in
index 4951c4dbe5178608f4a37cb18c483c00cdefc803..74a3b95d9f401ef752530f215b86a1835b4c1978 100644 (file)
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -722,8 +722,17 @@ cuda:
     cuda-streams: 2
 
 # Select the multi pattern algorithm you want to run for scan/search the
-# in the engine. The supported algorithms are b2g, b3g, wumanber,
-# ac, ac-bs and ac-gfbs.
+# in the engine.
+#
+# The supported algorithms are:
+# "ac"      - Aho-Corasick, default implementation
+# "ac-bs"   - Aho-Corasick, reduced memory implementation
+# "ac-cuda" - Aho-Corasick, CUDA implementation
+# "ac-tile" - Aho-Corasick, optimized for Tilera architecture
+# "hs"      - Hyperscan, available when built with Hyperscan support
+#
+# The default mpm-algo value of "auto" will use "hs" if Hyperscan is available,
+# "ac-tile" on Tilera platforms, and "ac" otherwise.
 #
 # The mpm you choose also decides the distribution of mpm contexts for
 # signature groups, specified by the conf - "detect.sgh-mpm-context".
@@ -736,7 +745,7 @@ cuda:
 # compiled with --enable-cuda: b2g_cuda. Make sure to update your
 # max-pending-packets setting above as well if you use b2g_cuda.
 
-mpm-algo: ac
+mpm-algo: auto
 
 # Select the matching algorithm you want to use for single-pattern searches.
 #