#include "suricata.h"
#include "detect.h"
#include "detect-parse.h"
+#include "detect-engine.h"
#include "detect-engine-analyzer.h"
#include "detect-engine-mpm.h"
#include "conf.h"
static pcre_extra *percent_re_study = NULL;
static char log_path[PATH_MAX];
+typedef struct FpPatternStats_ {
+ uint16_t min;
+ uint16_t max;
+ uint32_t cnt;
+ uint64_t tot;
+} FpPatternStats;
+
+static FpPatternStats fp_pattern_stats[DETECT_SM_LIST_MAX];
+
+static void FpPatternStatsAdd(int list, uint16_t patlen)
+{
+ FpPatternStats *f = &fp_pattern_stats[list];
+
+ if (f->min == 0)
+ f->min = patlen;
+ else if (patlen < f->min)
+ f->min = patlen;
+
+ if (patlen > f->max)
+ f->max = patlen;
+
+ f->cnt++;
+ f->tot += patlen;
+}
+
void EngineAnalysisFP(Signature *s, char *line)
{
int fast_pattern_set = 0;
fprintf(fp_engine_analysis_FD, " Final content: ");
PrintRawUriFp(fp_engine_analysis_FD, pat, patlen);
fprintf(fp_engine_analysis_FD, "\n");
+
+ FpPatternStatsAdd(list_type, patlen);
} else {
fprintf(fp_engine_analysis_FD, " Final content: ");
PrintRawUriFp(fp_engine_analysis_FD, pat, patlen);
fprintf(fp_engine_analysis_FD, "\n");
+
+ FpPatternStatsAdd(list_type, patlen);
}
SCFree(pat);
fprintf(fp_engine_analysis_FD, "----------------------------------------------"
"---------------------\n");
+ memset(&fp_pattern_stats, 0, sizeof(fp_pattern_stats));
return 1;
}
void CleanupFPAnalyzer(void)
{
+ fprintf(fp_engine_analysis_FD, "============\n"
+ "Summary:\n============\n");
+ int i;
+ for (i = 0; i < DETECT_SM_LIST_MAX; i++) {
+ FpPatternStats *f = &fp_pattern_stats[i];
+ if (f->cnt == 0)
+ continue;
+
+ fprintf(fp_engine_analysis_FD,
+ "%s, smallest pattern %u byte(s), longest pattern %u byte(s), number of patterns %u, avg pattern len %.2f byte(s)\n",
+ DetectSigmatchListEnumToString(i), f->min, f->max, f->cnt, (float)((double)f->tot/(float)f->cnt));
+ }
+
if (fp_engine_analysis_FD != NULL) {
fclose(fp_engine_analysis_FD);
fp_engine_analysis_FD = NULL;
projects / thirdparty / suricata.git / commitdiff
