From: Lukas Sismis Date: Mon, 28 Oct 2024 14:44:09 +0000 (+0100) Subject: util-mpm: prepare MPM codebase for ruleset caching X-Git-Tag: suricata-8.0.0-beta1~191 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=59c3b8912b7baee5d174fbe985781fcbe0ca00c5;p=thirdparty%2Fsuricata.git util-mpm: prepare MPM codebase for ruleset caching --- diff --git a/Makefile.am b/Makefile.am index 72b0a5ca0e..aaaaf7b6dd 100644 --- a/Makefile.am +++ b/Makefile.am @@ -37,6 +37,7 @@ install-conf: install -d "$(DESTDIR)$(e_rundir)" install -m 770 -d "$(DESTDIR)$(e_localstatedir)" install -m 770 -d "$(DESTDIR)$(e_datadir)" + install -m 660 -d "$(DESTDIR)$(e_sghcachedir)" install-rules: if INSTALL_SURICATA_UPDATE diff --git a/configure.ac b/configure.ac index adf838b857..8fc5e345ca 100644 --- a/configure.ac +++ b/configure.ac @@ -2470,6 +2470,7 @@ if test "$WINDOWS_PATH" = "yes"; then e_sysconfdir="${e_winbase}\\\\" e_defaultruledir="$e_winbase\\\\rules\\\\" + e_sghcachedir="$e_winbase\\\\cache\\\\sgh\\\\" e_magic_file="$e_winbase\\\\magic.mgc" e_logdir="$e_winbase\\\\log" e_logfilesdir="$e_logdir\\\\files" @@ -2491,6 +2492,7 @@ else EXPAND_VARIABLE(sysconfdir, e_sysconfdir, "/suricata/") EXPAND_VARIABLE(localstatedir, e_localstatedir, "/run/suricata") EXPAND_VARIABLE(datadir, e_datarulesdir, "/suricata/rules") + EXPAND_VARIABLE(localstatedir, e_sghcachedir, "/lib/suricata/cache/sgh") EXPAND_VARIABLE(localstatedir, e_datadir, "/lib/suricata/data") EXPAND_VARIABLE(localstatedir, e_defaultruledir, "/lib/suricata/rules") @@ -2504,6 +2506,8 @@ AC_SUBST(e_logcertsdir) AC_SUBST(e_sysconfdir) AC_DEFINE_UNQUOTED([CONFIG_DIR],["$e_sysconfdir"],[Our CONFIG_DIR]) AC_SUBST(e_localstatedir) +AC_SUBST(e_sghcachedir) +AC_DEFINE_UNQUOTED([SGH_CACHE_DIR],["$e_sghcachedir"],[Directory path for signature group head cache]) AC_SUBST(e_datadir) AC_DEFINE_UNQUOTED([DATA_DIR],["$e_datadir"],[Our DATA_DIR]) AC_SUBST(e_magic_file) diff --git a/src/app-layer-detect-proto.c b/src/app-layer-detect-proto.c index 12ab6a030f..dc02cf61a9 100644 --- a/src/app-layer-detect-proto.c +++ b/src/app-layer-detect-proto.c @@ -1287,7 +1287,7 @@ static int AppLayerProtoDetectPMPrepareMpm(AppLayerProtoDetectPMCtx *ctx) int ret = 0; MpmCtx *mpm_ctx = &ctx->mpm_ctx; - if (mpm_table[mpm_ctx->mpm_type].Prepare(mpm_ctx) < 0) + if (mpm_table[mpm_ctx->mpm_type].Prepare(NULL, mpm_ctx) < 0) goto error; goto end; diff --git a/src/app-layer-ftp.c b/src/app-layer-ftp.c index 29df14e530..d07b6290b9 100644 --- a/src/app-layer-ftp.c +++ b/src/app-layer-ftp.c @@ -1213,8 +1213,7 @@ static void FTPSetMpmState(void) MpmInitCtx(ftp_mpm_ctx, FTP_MPM); SCFTPSetMpmState(ftp_mpm_ctx); - mpm_table[FTP_MPM].Prepare(ftp_mpm_ctx); - + mpm_table[FTP_MPM].Prepare(NULL, ftp_mpm_ctx); } static void FTPFreeMpmState(void) diff --git a/src/app-layer-smtp.c b/src/app-layer-smtp.c index 47c365f389..6d48753827 100644 --- a/src/app-layer-smtp.c +++ b/src/app-layer-smtp.c @@ -1634,7 +1634,7 @@ static void SMTPSetMpmState(void) i /* pattern id */, i /* rule id */ , 0 /* no flags */); } - mpm_table[SMTP_MPM].Prepare(smtp_mpm_ctx); + mpm_table[SMTP_MPM].Prepare(NULL, smtp_mpm_ctx); } static void SMTPFreeMpmState(void) diff --git a/src/detect-engine-loader.c b/src/detect-engine-loader.c index c4dfd75697..c2d2d344be 100644 --- a/src/detect-engine-loader.c +++ b/src/detect-engine-loader.c @@ -33,6 +33,7 @@ #include "tm-threads.h" #include "queue.h" +#include "detect-engine.h" #include "detect-engine-loader.h" #include "detect-engine-build.h" #include "detect-engine-analyzer.h" @@ -400,6 +401,10 @@ int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, bool sig_file_exc ret = 0; + if (mpm_table[de_ctx->mpm_matcher].CacheRuleset != NULL) { + mpm_table[de_ctx->mpm_matcher].CacheRuleset(de_ctx->mpm_cfg); + } + end: gettimeofday(&de_ctx->last_reload, NULL); if (SCRunmodeGet() == RUNMODE_ENGINE_ANALYSIS) { diff --git a/src/detect-engine-mpm.c b/src/detect-engine-mpm.c index fab8a66146..2585d807ff 100644 --- a/src/detect-engine-mpm.c +++ b/src/detect-engine-mpm.c @@ -295,7 +295,7 @@ int DetectMpmPrepareAppMpms(DetectEngineCtx *de_ctx) MpmCtx *mpm_ctx = MpmFactoryGetMpmCtxForProfile(de_ctx, am->sgh_mpm_context, dir); if (mpm_ctx != NULL) { if (mpm_table[de_ctx->mpm_matcher].Prepare != NULL) { - r |= mpm_table[de_ctx->mpm_matcher].Prepare(mpm_ctx); + r |= mpm_table[de_ctx->mpm_matcher].Prepare(de_ctx->mpm_cfg, mpm_ctx); } } } @@ -524,7 +524,7 @@ int DetectMpmPrepareFrameMpms(DetectEngineCtx *de_ctx) SCLogDebug("%s: %d mpm_Ctx %p", am->name, r, mpm_ctx); if (mpm_ctx != NULL) { if (mpm_table[de_ctx->mpm_matcher].Prepare != NULL) { - r |= mpm_table[de_ctx->mpm_matcher].Prepare(mpm_ctx); + r |= mpm_table[de_ctx->mpm_matcher].Prepare(de_ctx->mpm_cfg, mpm_ctx); SCLogDebug("%s: %d", am->name, r); } } @@ -689,7 +689,7 @@ int DetectMpmPreparePktMpms(DetectEngineCtx *de_ctx) MpmCtx *mpm_ctx = MpmFactoryGetMpmCtxForProfile(de_ctx, am->sgh_mpm_context, 0); if (mpm_ctx != NULL) { if (mpm_table[de_ctx->mpm_matcher].Prepare != NULL) { - r |= mpm_table[de_ctx->mpm_matcher].Prepare(mpm_ctx); + r |= mpm_table[de_ctx->mpm_matcher].Prepare(de_ctx->mpm_cfg, mpm_ctx); SCLogDebug("%s: %d", am->name, r); } } @@ -744,40 +744,40 @@ int DetectMpmPrepareBuiltinMpms(DetectEngineCtx *de_ctx) if (de_ctx->sgh_mpm_context_proto_tcp_packet != MPM_CTX_FACTORY_UNIQUE_CONTEXT) { mpm_ctx = MpmFactoryGetMpmCtxForProfile(de_ctx, de_ctx->sgh_mpm_context_proto_tcp_packet, 0); if (mpm_table[de_ctx->mpm_matcher].Prepare != NULL) { - r |= mpm_table[de_ctx->mpm_matcher].Prepare(mpm_ctx); + r |= mpm_table[de_ctx->mpm_matcher].Prepare(de_ctx->mpm_cfg, mpm_ctx); } mpm_ctx = MpmFactoryGetMpmCtxForProfile(de_ctx, de_ctx->sgh_mpm_context_proto_tcp_packet, 1); if (mpm_table[de_ctx->mpm_matcher].Prepare != NULL) { - r |= mpm_table[de_ctx->mpm_matcher].Prepare(mpm_ctx); + r |= mpm_table[de_ctx->mpm_matcher].Prepare(de_ctx->mpm_cfg, mpm_ctx); } } if (de_ctx->sgh_mpm_context_proto_udp_packet != MPM_CTX_FACTORY_UNIQUE_CONTEXT) { mpm_ctx = MpmFactoryGetMpmCtxForProfile(de_ctx, de_ctx->sgh_mpm_context_proto_udp_packet, 0); if (mpm_table[de_ctx->mpm_matcher].Prepare != NULL) { - r |= mpm_table[de_ctx->mpm_matcher].Prepare(mpm_ctx); + r |= mpm_table[de_ctx->mpm_matcher].Prepare(de_ctx->mpm_cfg, mpm_ctx); } mpm_ctx = MpmFactoryGetMpmCtxForProfile(de_ctx, de_ctx->sgh_mpm_context_proto_udp_packet, 1); if (mpm_table[de_ctx->mpm_matcher].Prepare != NULL) { - r |= mpm_table[de_ctx->mpm_matcher].Prepare(mpm_ctx); + r |= mpm_table[de_ctx->mpm_matcher].Prepare(de_ctx->mpm_cfg, mpm_ctx); } } if (de_ctx->sgh_mpm_context_proto_other_packet != MPM_CTX_FACTORY_UNIQUE_CONTEXT) { mpm_ctx = MpmFactoryGetMpmCtxForProfile(de_ctx, de_ctx->sgh_mpm_context_proto_other_packet, 0); if (mpm_table[de_ctx->mpm_matcher].Prepare != NULL) { - r |= mpm_table[de_ctx->mpm_matcher].Prepare(mpm_ctx); + r |= mpm_table[de_ctx->mpm_matcher].Prepare(de_ctx->mpm_cfg, mpm_ctx); } } if (de_ctx->sgh_mpm_context_stream != MPM_CTX_FACTORY_UNIQUE_CONTEXT) { mpm_ctx = MpmFactoryGetMpmCtxForProfile(de_ctx, de_ctx->sgh_mpm_context_stream, 0); if (mpm_table[de_ctx->mpm_matcher].Prepare != NULL) { - r |= mpm_table[de_ctx->mpm_matcher].Prepare(mpm_ctx); + r |= mpm_table[de_ctx->mpm_matcher].Prepare(de_ctx->mpm_cfg, mpm_ctx); } mpm_ctx = MpmFactoryGetMpmCtxForProfile(de_ctx, de_ctx->sgh_mpm_context_stream, 1); if (mpm_table[de_ctx->mpm_matcher].Prepare != NULL) { - r |= mpm_table[de_ctx->mpm_matcher].Prepare(mpm_ctx); + r |= mpm_table[de_ctx->mpm_matcher].Prepare(de_ctx->mpm_cfg, mpm_ctx); } } @@ -1577,6 +1577,9 @@ static void MpmStoreSetup(const DetectEngineCtx *de_ctx, MpmStore *ms) MpmInitCtx(ms->mpm_ctx, de_ctx->mpm_matcher); + if (de_ctx->mpm_cfg && de_ctx->mpm_cfg->cache_dir_path) + ms->mpm_ctx->flags |= MPMCTX_FLAGS_CACHE_TO_DISK; + const bool mpm_supports_endswith = (mpm_table[de_ctx->mpm_matcher].feature_flags & MPM_FEATURE_FLAG_ENDSWITH) != 0; @@ -1621,7 +1624,7 @@ static void MpmStoreSetup(const DetectEngineCtx *de_ctx, MpmStore *ms) } else { if (ms->sgh_mpm_context == MPM_CTX_FACTORY_UNIQUE_CONTEXT) { if (mpm_table[ms->mpm_ctx->mpm_type].Prepare != NULL) { - mpm_table[ms->mpm_ctx->mpm_type].Prepare(ms->mpm_ctx); + mpm_table[ms->mpm_ctx->mpm_type].Prepare(de_ctx->mpm_cfg, ms->mpm_ctx); } } } diff --git a/src/detect-engine.c b/src/detect-engine.c index 397edb353a..7fa7e71bb1 100644 --- a/src/detect-engine.c +++ b/src/detect-engine.c @@ -2556,6 +2556,39 @@ retry: return -1; } +bool DetectEngineMpmCachingEnabled(void) +{ + const char *strval = NULL; + if (ConfGet("detect.sgh-mpm-caching", &strval) != 1) + return false; + + int sgh_mpm_caching = 0; + (void)ConfGetBool("detect.sgh-mpm-caching", &sgh_mpm_caching); + return (bool)sgh_mpm_caching; +} + +const char *DetectEngineMpmCachingGetPath(void) +{ + if (DetectEngineMpmCachingEnabled() == false) { + return NULL; + } + + char yamlpath[] = "detect.sgh-mpm-caching-path"; + const char *strval = NULL; + ConfGet(yamlpath, &strval); + + if (strval != NULL) { + return strval; + } + + static bool notified = false; + if (!notified) { + SCLogInfo("%s has no path specified, using %s", yamlpath, SGH_CACHE_DIR); + notified = true; + } + return SGH_CACHE_DIR; +} + static DetectEngineCtx *DetectEngineCtxInitReal( enum DetectEngineType type, const char *prefix, uint32_t tenant_id) { @@ -2592,6 +2625,17 @@ static DetectEngineCtx *DetectEngineCtxInitReal( mpm_table[de_ctx->mpm_matcher].name, spm_table[de_ctx->spm_matcher].name); + if (mpm_table[de_ctx->mpm_matcher].ConfigInit) { + de_ctx->mpm_cfg = mpm_table[de_ctx->mpm_matcher].ConfigInit(); + if (de_ctx->mpm_cfg == NULL) { + goto error; + } + } + if (DetectEngineMpmCachingEnabled() && mpm_table[de_ctx->mpm_matcher].ConfigCacheDirSet) { + mpm_table[de_ctx->mpm_matcher].ConfigCacheDirSet( + de_ctx->mpm_cfg, DetectEngineMpmCachingGetPath()); + } + de_ctx->spm_global_thread_ctx = SpmInitGlobalThreadCtx(de_ctx->spm_matcher); if (de_ctx->spm_global_thread_ctx == NULL) { SCLogDebug("Unable to alloc SpmGlobalThreadCtx."); @@ -2718,6 +2762,9 @@ void DetectEngineCtxFree(DetectEngineCtx *de_ctx) SCProfilingPrefilterDestroyCtx(de_ctx); #endif + if (mpm_table[de_ctx->mpm_matcher].ConfigDeinit) { + mpm_table[de_ctx->mpm_matcher].ConfigDeinit(&de_ctx->mpm_cfg); + } /* Normally the hashes are freed elsewhere, but * to be sure look at them again here. */ diff --git a/src/detect-engine.h b/src/detect-engine.h index 08bd77c961..4ed06fa9bb 100644 --- a/src/detect-engine.h +++ b/src/detect-engine.h @@ -103,6 +103,8 @@ void *DetectThreadCtxGetGlobalKeywordThreadCtx(DetectEngineThreadCtx *det_ctx, i TmEcode DetectEngineThreadCtxInit(ThreadVars *, void *, void **); TmEcode DetectEngineThreadCtxDeinit(ThreadVars *, void *); +bool DetectEngineMpmCachingEnabled(void); +const char *DetectEngineMpmCachingGetPath(void); /* faster as a macro than a inline function on my box -- VJ */ #define DetectEngineGetMaxSigId(de_ctx) ((de_ctx)->signum) void DetectEngineResetMaxSigId(DetectEngineCtx *); diff --git a/src/detect.h b/src/detect.h index 74319a6982..f728cfe8e2 100644 --- a/src/detect.h +++ b/src/detect.h @@ -860,6 +860,7 @@ typedef struct DetectEngineCtx_ { bool failure_fatal; uint8_t flags; /**< only DE_QUIET */ uint8_t mpm_matcher; /**< mpm matcher this ctx uses */ + MpmConfig *mpm_cfg; uint8_t spm_matcher; /**< spm matcher this ctx uses */ uint32_t tenant_id; diff --git a/src/util-mpm-ac-ks.c b/src/util-mpm-ac-ks.c index 60bb1b7a9e..665147744c 100644 --- a/src/util-mpm-ac-ks.c +++ b/src/util-mpm-ac-ks.c @@ -90,7 +90,7 @@ int SCACTileAddPatternCI(MpmCtx *, uint8_t *, uint16_t, uint16_t, uint16_t, uint32_t, SigIntId, uint8_t); int SCACTileAddPatternCS(MpmCtx *, uint8_t *, uint16_t, uint16_t, uint16_t, uint32_t, SigIntId, uint8_t); -int SCACTilePreparePatterns(MpmCtx *mpm_ctx); +int SCACTilePreparePatterns(MpmConfig *mpm_conf, MpmCtx *mpm_ctx); uint32_t SCACTileSearch(const MpmCtx *mpm_ctx, MpmThreadCtx *mpm_thread_ctx, PrefilterRuleStore *pmq, const uint8_t *buf, uint32_t buflen); @@ -859,9 +859,10 @@ static void SCACTilePrepareSearch(MpmCtx *mpm_ctx) /** * \brief Process the patterns added to the mpm, and create the internal tables. * + * \param mpm_conf Pointer to the generic MPM matcher configuration * \param mpm_ctx Pointer to the mpm context. */ -int SCACTilePreparePatterns(MpmCtx *mpm_ctx) +int SCACTilePreparePatterns(MpmConfig *mpm_conf, MpmCtx *mpm_ctx) { SCACTileSearchCtx *search_ctx = (SCACTileSearchCtx *)mpm_ctx->ctx; @@ -1400,9 +1401,13 @@ void MpmACTileRegister(void) mpm_table[MPM_AC_KS].name = "ac-ks"; mpm_table[MPM_AC_KS].InitCtx = SCACTileInitCtx; mpm_table[MPM_AC_KS].DestroyCtx = SCACTileDestroyCtx; + mpm_table[MPM_AC_KS].ConfigInit = NULL; + mpm_table[MPM_AC_KS].ConfigDeinit = NULL; + mpm_table[MPM_AC_KS].ConfigCacheDirSet = NULL; mpm_table[MPM_AC_KS].AddPattern = SCACTileAddPatternCS; mpm_table[MPM_AC_KS].AddPatternNocase = SCACTileAddPatternCI; mpm_table[MPM_AC_KS].Prepare = SCACTilePreparePatterns; + mpm_table[MPM_AC_KS].CacheRuleset = NULL; mpm_table[MPM_AC_KS].Search = SCACTileSearch; mpm_table[MPM_AC_KS].PrintCtx = SCACTilePrintInfo; #ifdef UNITTESTS @@ -1432,7 +1437,7 @@ static int SCACTileTest01(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCACTilePreparePatterns(&mpm_ctx); + SCACTilePreparePatterns(NULL, &mpm_ctx); const char *buf = "abcdefghjiklmnopqrstuvwxyz"; @@ -1464,7 +1469,7 @@ static int SCACTileTest02(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abce", 4, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCACTilePreparePatterns(&mpm_ctx); + SCACTilePreparePatterns(NULL, &mpm_ctx); const char *buf = "abcdefghjiklmnopqrstuvwxyz"; uint32_t cnt = SCACTileSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, @@ -1499,7 +1504,7 @@ static int SCACTileTest03(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"fghj", 4, 0, 0, 2, 0, 0); PmqSetup(&pmq); - SCACTilePreparePatterns(&mpm_ctx); + SCACTilePreparePatterns(NULL, &mpm_ctx); const char *buf = "abcdefghjiklmnopqrstuvwxyz"; uint32_t cnt = SCACTileSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, @@ -1531,7 +1536,7 @@ static int SCACTileTest04(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"fghjxyz", 7, 0, 0, 2, 0, 0); PmqSetup(&pmq); - SCACTilePreparePatterns(&mpm_ctx); + SCACTilePreparePatterns(NULL, &mpm_ctx); const char *buf = "abcdefghjiklmnopqrstuvwxyz"; uint32_t cnt = SCACTileSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, @@ -1563,7 +1568,7 @@ static int SCACTileTest05(void) MpmAddPatternCI(&mpm_ctx, (uint8_t *)"fghJikl", 7, 0, 0, 2, 0, 0); PmqSetup(&pmq); - SCACTilePreparePatterns(&mpm_ctx); + SCACTilePreparePatterns(NULL, &mpm_ctx); const char *buf = "abcdefghjiklmnopqrstuvwxyz"; uint32_t cnt = SCACTileSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, @@ -1593,7 +1598,7 @@ static int SCACTileTest06(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCACTilePreparePatterns(&mpm_ctx); + SCACTilePreparePatterns(NULL, &mpm_ctx); const char *buf = "abcd"; uint32_t cnt = SCACTileSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, @@ -1635,7 +1640,7 @@ static int SCACTileTest07(void) PmqSetup(&pmq); /* total matches: 135: 6 unique */ - SCACTilePreparePatterns(&mpm_ctx); + SCACTilePreparePatterns(NULL, &mpm_ctx); const char *buf = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"; uint32_t cnt = SCACTileSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, @@ -1662,7 +1667,7 @@ static int SCACTileTest08(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCACTilePreparePatterns(&mpm_ctx); + SCACTilePreparePatterns(NULL, &mpm_ctx); uint32_t cnt = SCACTileSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, (uint8_t *)"a", 1); @@ -1692,7 +1697,7 @@ static int SCACTileTest09(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"ab", 2, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCACTilePreparePatterns(&mpm_ctx); + SCACTilePreparePatterns(NULL, &mpm_ctx); uint32_t cnt = SCACTileSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, (uint8_t *)"ab", 2); @@ -1722,7 +1727,7 @@ static int SCACTileTest10(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcdefgh", 8, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCACTilePreparePatterns(&mpm_ctx); + SCACTilePreparePatterns(NULL, &mpm_ctx); const char *buf = "01234567890123456789012345678901234567890123456789" "01234567890123456789012345678901234567890123456789" @@ -1763,7 +1768,7 @@ static int SCACTileTest11(void) goto end; PmqSetup(&pmq); - if (SCACTilePreparePatterns(&mpm_ctx) == -1) + if (SCACTilePreparePatterns(NULL, &mpm_ctx) == -1) goto end; result = 1; @@ -1804,7 +1809,7 @@ static int SCACTileTest12(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"vwxyz", 5, 0, 0, 1, 0, 0); PmqSetup(&pmq); - SCACTilePreparePatterns(&mpm_ctx); + SCACTilePreparePatterns(NULL, &mpm_ctx); const char *buf = "abcdefghijklmnopqrstuvwxyz"; uint32_t cnt = SCACTileSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, @@ -1836,7 +1841,7 @@ static int SCACTileTest13(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, sizeof(pat) - 1, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCACTilePreparePatterns(&mpm_ctx); + SCACTilePreparePatterns(NULL, &mpm_ctx); const char *buf = "abcdefghijklmnopqrstuvwxyzABCD"; uint32_t cnt = SCACTileSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, @@ -1868,7 +1873,7 @@ static int SCACTileTest14(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, sizeof(pat) - 1, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCACTilePreparePatterns(&mpm_ctx); + SCACTilePreparePatterns(NULL, &mpm_ctx); const char *buf = "abcdefghijklmnopqrstuvwxyzABCDE"; uint32_t cnt = SCACTileSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, @@ -1900,7 +1905,7 @@ static int SCACTileTest15(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, sizeof(pat) - 1, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCACTilePreparePatterns(&mpm_ctx); + SCACTilePreparePatterns(NULL, &mpm_ctx); const char *buf = "abcdefghijklmnopqrstuvwxyzABCDEF"; uint32_t cnt = SCACTileSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, @@ -1932,7 +1937,7 @@ static int SCACTileTest16(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, sizeof(pat) - 1, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCACTilePreparePatterns(&mpm_ctx); + SCACTilePreparePatterns(NULL, &mpm_ctx); const char *buf = "abcdefghijklmnopqrstuvwxyzABC"; uint32_t cnt = SCACTileSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, @@ -1964,7 +1969,7 @@ static int SCACTileTest17(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, sizeof(pat) - 1, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCACTilePreparePatterns(&mpm_ctx); + SCACTilePreparePatterns(NULL, &mpm_ctx); const char *buf = "abcdefghijklmnopqrstuvwxyzAB"; uint32_t cnt = SCACTileSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, @@ -2001,7 +2006,7 @@ static int SCACTileTest18(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, sizeof(pat) - 1, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCACTilePreparePatterns(&mpm_ctx); + SCACTilePreparePatterns(NULL, &mpm_ctx); const char *buf = "abcde""fghij""klmno""pqrst""uvwxy""z"; uint32_t cnt = SCACTileSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, @@ -2033,7 +2038,7 @@ static int SCACTileTest19(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, sizeof(pat) - 1, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCACTilePreparePatterns(&mpm_ctx); + SCACTilePreparePatterns(NULL, &mpm_ctx); const char *buf = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"; uint32_t cnt = SCACTileSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, @@ -2071,7 +2076,7 @@ static int SCACTileTest20(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, sizeof(pat) - 1, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCACTilePreparePatterns(&mpm_ctx); + SCACTilePreparePatterns(NULL, &mpm_ctx); const char *buf = "AAAAA""AAAAA""AAAAA""AAAAA""AAAAA""AAAAA""AA"; uint32_t cnt = SCACTileSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, @@ -2102,7 +2107,7 @@ static int SCACTileTest21(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"AA", 2, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCACTilePreparePatterns(&mpm_ctx); + SCACTilePreparePatterns(NULL, &mpm_ctx); uint32_t cnt = SCACTileSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, (uint8_t *)"AA", 2); @@ -2134,7 +2139,7 @@ static int SCACTileTest22(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcde", 5, 0, 0, 1, 0, 0); PmqSetup(&pmq); - SCACTilePreparePatterns(&mpm_ctx); + SCACTilePreparePatterns(NULL, &mpm_ctx); const char *buf = "abcdefghijklmnopqrstuvwxyz"; uint32_t cnt = SCACTileSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, @@ -2165,7 +2170,7 @@ static int SCACTileTest23(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"AA", 2, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCACTilePreparePatterns(&mpm_ctx); + SCACTilePreparePatterns(NULL, &mpm_ctx); uint32_t cnt = SCACTileSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, (uint8_t *)"aa", 2); @@ -2195,7 +2200,7 @@ static int SCACTileTest24(void) MpmAddPatternCI(&mpm_ctx, (uint8_t *)"AA", 2, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCACTilePreparePatterns(&mpm_ctx); + SCACTilePreparePatterns(NULL, &mpm_ctx); uint32_t cnt = SCACTileSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, (uint8_t *)"aa", 2); @@ -2226,7 +2231,7 @@ static int SCACTileTest25(void) MpmAddPatternCI(&mpm_ctx, (uint8_t *)"fghiJkl", 7, 0, 0, 2, 0, 0); PmqSetup(&pmq); - SCACTilePreparePatterns(&mpm_ctx); + SCACTilePreparePatterns(NULL, &mpm_ctx); const char *buf = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"; uint32_t cnt = SCACTileSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, @@ -2257,7 +2262,7 @@ static int SCACTileTest26(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"Works", 5, 0, 0, 1, 0, 0); PmqSetup(&pmq); - SCACTilePreparePatterns(&mpm_ctx); + SCACTilePreparePatterns(NULL, &mpm_ctx); const char *buf = "works"; uint32_t cnt = SCACTileSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, @@ -2288,7 +2293,7 @@ static int SCACTileTest27(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"ONE", 3, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCACTilePreparePatterns(&mpm_ctx); + SCACTilePreparePatterns(NULL, &mpm_ctx); const char *buf = "tone"; uint32_t cnt = SCACTileSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, @@ -2319,7 +2324,7 @@ static int SCACTileTest28(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"one", 3, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCACTilePreparePatterns(&mpm_ctx); + SCACTilePreparePatterns(NULL, &mpm_ctx); const char *buf = "tONE"; uint32_t cnt = SCACTileSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, diff --git a/src/util-mpm-ac.c b/src/util-mpm-ac.c index 6e115acaa3..086f321e2a 100644 --- a/src/util-mpm-ac.c +++ b/src/util-mpm-ac.c @@ -68,7 +68,7 @@ int SCACAddPatternCI(MpmCtx *, uint8_t *, uint16_t, uint16_t, uint16_t, uint32_t, SigIntId, uint8_t); int SCACAddPatternCS(MpmCtx *, uint8_t *, uint16_t, uint16_t, uint16_t, uint32_t, SigIntId, uint8_t); -int SCACPreparePatterns(MpmCtx *mpm_ctx); +int SCACPreparePatterns(MpmConfig *, MpmCtx *mpm_ctx); uint32_t SCACSearch(const MpmCtx *mpm_ctx, MpmThreadCtx *mpm_thread_ctx, PrefilterRuleStore *pmq, const uint8_t *buf, uint32_t buflen); void SCACPrintInfo(MpmCtx *mpm_ctx); @@ -700,9 +700,10 @@ static void SCACPrepareStateTable(MpmCtx *mpm_ctx) /** * \brief Process the patterns added to the mpm, and create the internal tables. * + * \param mpm_conf Pointer to the generic MPM matcher configuration * \param mpm_ctx Pointer to the mpm context. */ -int SCACPreparePatterns(MpmCtx *mpm_ctx) +int SCACPreparePatterns(MpmConfig *mpm_conf, MpmCtx *mpm_ctx) { SCACCtx *ctx = (SCACCtx *)mpm_ctx->ctx; @@ -1099,9 +1100,13 @@ void MpmACRegister(void) mpm_table[MPM_AC].name = "ac"; mpm_table[MPM_AC].InitCtx = SCACInitCtx; mpm_table[MPM_AC].DestroyCtx = SCACDestroyCtx; + mpm_table[MPM_AC].ConfigInit = NULL; + mpm_table[MPM_AC].ConfigDeinit = NULL; + mpm_table[MPM_AC].ConfigCacheDirSet = NULL; mpm_table[MPM_AC].AddPattern = SCACAddPatternCS; mpm_table[MPM_AC].AddPatternNocase = SCACAddPatternCI; mpm_table[MPM_AC].Prepare = SCACPreparePatterns; + mpm_table[MPM_AC].CacheRuleset = NULL; mpm_table[MPM_AC].Search = SCACSearch; mpm_table[MPM_AC].PrintCtx = SCACPrintInfo; #ifdef UNITTESTS @@ -1130,7 +1135,7 @@ static int SCACTest01(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCACPreparePatterns(&mpm_ctx); + SCACPreparePatterns(NULL, &mpm_ctx); const char *buf = "abcdefghjiklmnopqrstuvwxyz"; @@ -1162,7 +1167,7 @@ static int SCACTest02(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abce", 4, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCACPreparePatterns(&mpm_ctx); + SCACPreparePatterns(NULL, &mpm_ctx); const char *buf = "abcdefghjiklmnopqrstuvwxyz"; uint32_t cnt = SCACSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, @@ -1197,7 +1202,7 @@ static int SCACTest03(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"fghj", 4, 0, 0, 2, 0, 0); PmqSetup(&pmq); - SCACPreparePatterns(&mpm_ctx); + SCACPreparePatterns(NULL, &mpm_ctx); const char *buf = "abcdefghjiklmnopqrstuvwxyz"; uint32_t cnt = SCACSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, @@ -1229,7 +1234,7 @@ static int SCACTest04(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"fghjxyz", 7, 0, 0, 2, 0, 0); PmqSetup(&pmq); - SCACPreparePatterns(&mpm_ctx); + SCACPreparePatterns(NULL, &mpm_ctx); const char *buf = "abcdefghjiklmnopqrstuvwxyz"; uint32_t cnt = SCACSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, @@ -1261,7 +1266,7 @@ static int SCACTest05(void) MpmAddPatternCI(&mpm_ctx, (uint8_t *)"fghJikl", 7, 0, 0, 2, 0, 0); PmqSetup(&pmq); - SCACPreparePatterns(&mpm_ctx); + SCACPreparePatterns(NULL, &mpm_ctx); const char *buf = "abcdefghjiklmnopqrstuvwxyz"; uint32_t cnt = SCACSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, @@ -1291,7 +1296,7 @@ static int SCACTest06(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCACPreparePatterns(&mpm_ctx); + SCACPreparePatterns(NULL, &mpm_ctx); const char *buf = "abcd"; uint32_t cnt = SCACSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, @@ -1333,7 +1338,7 @@ static int SCACTest07(void) PmqSetup(&pmq); /* total matches: 135: unique matches: 6 */ - SCACPreparePatterns(&mpm_ctx); + SCACPreparePatterns(NULL, &mpm_ctx); const char *buf = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"; uint32_t cnt = SCACSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, @@ -1360,7 +1365,7 @@ static int SCACTest08(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCACPreparePatterns(&mpm_ctx); + SCACPreparePatterns(NULL, &mpm_ctx); uint32_t cnt = SCACSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, (uint8_t *)"a", 1); @@ -1390,7 +1395,7 @@ static int SCACTest09(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"ab", 2, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCACPreparePatterns(&mpm_ctx); + SCACPreparePatterns(NULL, &mpm_ctx); uint32_t cnt = SCACSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, (uint8_t *)"ab", 2); @@ -1420,7 +1425,7 @@ static int SCACTest10(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcdefgh", 8, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCACPreparePatterns(&mpm_ctx); + SCACPreparePatterns(NULL, &mpm_ctx); const char *buf = "01234567890123456789012345678901234567890123456789" "01234567890123456789012345678901234567890123456789" @@ -1461,7 +1466,7 @@ static int SCACTest11(void) goto end; PmqSetup(&pmq); - if (SCACPreparePatterns(&mpm_ctx) == -1) + if (SCACPreparePatterns(NULL, &mpm_ctx) == -1) goto end; result = 1; @@ -1502,7 +1507,7 @@ static int SCACTest12(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"vwxyz", 5, 0, 0, 1, 0, 0); PmqSetup(&pmq); - SCACPreparePatterns(&mpm_ctx); + SCACPreparePatterns(NULL, &mpm_ctx); const char *buf = "abcdefghijklmnopqrstuvwxyz"; uint32_t cnt = SCACSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, @@ -1534,7 +1539,7 @@ static int SCACTest13(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, sizeof(pat) - 1, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCACPreparePatterns(&mpm_ctx); + SCACPreparePatterns(NULL, &mpm_ctx); const char *buf = "abcdefghijklmnopqrstuvwxyzABCD"; uint32_t cnt = SCACSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, @@ -1566,7 +1571,7 @@ static int SCACTest14(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, sizeof(pat) - 1, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCACPreparePatterns(&mpm_ctx); + SCACPreparePatterns(NULL, &mpm_ctx); const char *buf = "abcdefghijklmnopqrstuvwxyzABCDE"; uint32_t cnt = SCACSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, @@ -1598,7 +1603,7 @@ static int SCACTest15(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, sizeof(pat) - 1, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCACPreparePatterns(&mpm_ctx); + SCACPreparePatterns(NULL, &mpm_ctx); const char *buf = "abcdefghijklmnopqrstuvwxyzABCDEF"; uint32_t cnt = SCACSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, @@ -1630,7 +1635,7 @@ static int SCACTest16(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, sizeof(pat) - 1, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCACPreparePatterns(&mpm_ctx); + SCACPreparePatterns(NULL, &mpm_ctx); const char *buf = "abcdefghijklmnopqrstuvwxyzABC"; uint32_t cnt = SCACSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, @@ -1662,7 +1667,7 @@ static int SCACTest17(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, sizeof(pat) - 1, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCACPreparePatterns(&mpm_ctx); + SCACPreparePatterns(NULL, &mpm_ctx); const char *buf = "abcdefghijklmnopqrstuvwxyzAB"; uint32_t cnt = SCACSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, @@ -1699,7 +1704,7 @@ static int SCACTest18(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, sizeof(pat) - 1, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCACPreparePatterns(&mpm_ctx); + SCACPreparePatterns(NULL, &mpm_ctx); const char *buf = "abcde""fghij""klmno""pqrst""uvwxy""z"; uint32_t cnt = SCACSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, @@ -1731,7 +1736,7 @@ static int SCACTest19(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, sizeof(pat) - 1, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCACPreparePatterns(&mpm_ctx); + SCACPreparePatterns(NULL, &mpm_ctx); const char *buf = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"; uint32_t cnt = SCACSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, @@ -1769,7 +1774,7 @@ static int SCACTest20(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, sizeof(pat) - 1, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCACPreparePatterns(&mpm_ctx); + SCACPreparePatterns(NULL, &mpm_ctx); const char *buf = "AAAAA""AAAAA""AAAAA""AAAAA""AAAAA""AAAAA""AA"; uint32_t cnt = SCACSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, @@ -1800,7 +1805,7 @@ static int SCACTest21(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"AA", 2, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCACPreparePatterns(&mpm_ctx); + SCACPreparePatterns(NULL, &mpm_ctx); uint32_t cnt = SCACSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, (uint8_t *)"AA", 2); @@ -1832,7 +1837,7 @@ static int SCACTest22(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcde", 5, 0, 0, 1, 0, 0); PmqSetup(&pmq); - SCACPreparePatterns(&mpm_ctx); + SCACPreparePatterns(NULL, &mpm_ctx); const char *buf = "abcdefghijklmnopqrstuvwxyz"; uint32_t cnt = SCACSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, @@ -1863,7 +1868,7 @@ static int SCACTest23(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"AA", 2, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCACPreparePatterns(&mpm_ctx); + SCACPreparePatterns(NULL, &mpm_ctx); uint32_t cnt = SCACSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, (uint8_t *)"aa", 2); @@ -1893,7 +1898,7 @@ static int SCACTest24(void) MpmAddPatternCI(&mpm_ctx, (uint8_t *)"AA", 2, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCACPreparePatterns(&mpm_ctx); + SCACPreparePatterns(NULL, &mpm_ctx); uint32_t cnt = SCACSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, (uint8_t *)"aa", 2); @@ -1924,7 +1929,7 @@ static int SCACTest25(void) MpmAddPatternCI(&mpm_ctx, (uint8_t *)"fghiJkl", 7, 0, 0, 2, 0, 0); PmqSetup(&pmq); - SCACPreparePatterns(&mpm_ctx); + SCACPreparePatterns(NULL, &mpm_ctx); const char *buf = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"; uint32_t cnt = SCACSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, @@ -1955,7 +1960,7 @@ static int SCACTest26(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"Works", 5, 0, 0, 1, 0, 0); PmqSetup(&pmq); - SCACPreparePatterns(&mpm_ctx); + SCACPreparePatterns(NULL, &mpm_ctx); const char *buf = "works"; uint32_t cnt = SCACSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, @@ -1986,7 +1991,7 @@ static int SCACTest27(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"ONE", 3, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCACPreparePatterns(&mpm_ctx); + SCACPreparePatterns(NULL, &mpm_ctx); const char *buf = "tone"; uint32_t cnt = SCACSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, @@ -2016,7 +2021,7 @@ static int SCACTest28(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"one", 3, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCACPreparePatterns(&mpm_ctx); + SCACPreparePatterns(NULL, &mpm_ctx); const char *buf = "tONE"; uint32_t cnt = SCACSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, @@ -2083,7 +2088,7 @@ static int SCACTest30(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"xyz", 3, 0, 0, 0, 0, MPM_PATTERN_FLAG_ENDSWITH); PmqSetup(&pmq); - SCACPreparePatterns(&mpm_ctx); + SCACPreparePatterns(NULL, &mpm_ctx); const char *buf1 = "abcdefghijklmnopqrstuvwxyz"; uint32_t cnt = SCACSearch(&mpm_ctx, &mpm_thread_ctx, &pmq, (uint8_t *)buf1, strlen(buf1)); diff --git a/src/util-mpm-hs.c b/src/util-mpm-hs.c index da02e2194d..66fd4582cc 100644 --- a/src/util-mpm-hs.c +++ b/src/util-mpm-hs.c @@ -56,7 +56,7 @@ int SCHSAddPatternCI(MpmCtx *, uint8_t *, uint16_t, uint16_t, uint16_t, uint32_t, SigIntId, uint8_t); int SCHSAddPatternCS(MpmCtx *, uint8_t *, uint16_t, uint16_t, uint16_t, uint32_t, SigIntId, uint8_t); -int SCHSPreparePatterns(MpmCtx *mpm_ctx); +int SCHSPreparePatterns(MpmConfig *mpm_conf, MpmCtx *mpm_ctx); uint32_t SCHSSearch(const MpmCtx *mpm_ctx, MpmThreadCtx *mpm_thread_ctx, PrefilterRuleStore *pmq, const uint8_t *buf, const uint32_t buflen); void SCHSPrintInfo(MpmCtx *mpm_ctx); @@ -733,9 +733,10 @@ static int PatternDatabaseCompile(PatternDatabase *pd, SCHSCompileData *cd) /** * \brief Process the patterns added to the mpm, and create the internal tables. * + * \param mpm_conf Pointer to the generic MPM matcher configuration * \param mpm_ctx Pointer to the mpm context. */ -int SCHSPreparePatterns(MpmCtx *mpm_ctx) +int SCHSPreparePatterns(MpmConfig *mpm_conf, MpmCtx *mpm_ctx) { SCHSCtx *ctx = (SCHSCtx *)mpm_ctx->ctx; @@ -1107,9 +1108,13 @@ void MpmHSRegister(void) mpm_table[MPM_HS].InitThreadCtx = SCHSInitThreadCtx; mpm_table[MPM_HS].DestroyCtx = SCHSDestroyCtx; mpm_table[MPM_HS].DestroyThreadCtx = SCHSDestroyThreadCtx; + mpm_table[MPM_HS].ConfigInit = NULL; + mpm_table[MPM_HS].ConfigDeinit = NULL; + mpm_table[MPM_HS].ConfigCacheDirSet = NULL; mpm_table[MPM_HS].AddPattern = SCHSAddPatternCS; mpm_table[MPM_HS].AddPatternNocase = SCHSAddPatternCI; mpm_table[MPM_HS].Prepare = SCHSPreparePatterns; + mpm_table[MPM_HS].CacheRuleset = NULL; mpm_table[MPM_HS].Search = SCHSSearch; mpm_table[MPM_HS].PrintCtx = SCHSPrintInfo; mpm_table[MPM_HS].PrintThreadCtx = SCHSPrintSearchStats; @@ -1165,7 +1170,7 @@ static int SCHSTest01(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCHSPreparePatterns(&mpm_ctx); + SCHSPreparePatterns(NULL, &mpm_ctx); SCHSInitThreadCtx(&mpm_ctx, &mpm_thread_ctx); const char *buf = "abcdefghjiklmnopqrstuvwxyz"; @@ -1199,7 +1204,7 @@ static int SCHSTest02(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abce", 4, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCHSPreparePatterns(&mpm_ctx); + SCHSPreparePatterns(NULL, &mpm_ctx); SCHSInitThreadCtx(&mpm_ctx, &mpm_thread_ctx); const char *buf = "abcdefghjiklmnopqrstuvwxyz"; @@ -1236,7 +1241,7 @@ static int SCHSTest03(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"fghj", 4, 0, 0, 2, 0, 0); PmqSetup(&pmq); - SCHSPreparePatterns(&mpm_ctx); + SCHSPreparePatterns(NULL, &mpm_ctx); SCHSInitThreadCtx(&mpm_ctx, &mpm_thread_ctx); const char *buf = "abcdefghjiklmnopqrstuvwxyz"; @@ -1270,7 +1275,7 @@ static int SCHSTest04(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"fghjxyz", 7, 0, 0, 2, 0, 0); PmqSetup(&pmq); - SCHSPreparePatterns(&mpm_ctx); + SCHSPreparePatterns(NULL, &mpm_ctx); SCHSInitThreadCtx(&mpm_ctx, &mpm_thread_ctx); const char *buf = "abcdefghjiklmnopqrstuvwxyz"; @@ -1304,7 +1309,7 @@ static int SCHSTest05(void) MpmAddPatternCI(&mpm_ctx, (uint8_t *)"fghJikl", 7, 0, 0, 2, 0, 0); PmqSetup(&pmq); - SCHSPreparePatterns(&mpm_ctx); + SCHSPreparePatterns(NULL, &mpm_ctx); SCHSInitThreadCtx(&mpm_ctx, &mpm_thread_ctx); const char *buf = "abcdefghjiklmnopqrstuvwxyz"; @@ -1336,7 +1341,7 @@ static int SCHSTest06(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCHSPreparePatterns(&mpm_ctx); + SCHSPreparePatterns(NULL, &mpm_ctx); SCHSInitThreadCtx(&mpm_ctx, &mpm_thread_ctx); const char *buf = "abcd"; @@ -1380,7 +1385,7 @@ static int SCHSTest07(void) 0, 0, 5, 0, 0); PmqSetup(&pmq); - SCHSPreparePatterns(&mpm_ctx); + SCHSPreparePatterns(NULL, &mpm_ctx); SCHSInitThreadCtx(&mpm_ctx, &mpm_thread_ctx); const char *buf = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"; @@ -1413,7 +1418,7 @@ static int SCHSTest08(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcd", 4, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCHSPreparePatterns(&mpm_ctx); + SCHSPreparePatterns(NULL, &mpm_ctx); SCHSInitThreadCtx(&mpm_ctx, &mpm_thread_ctx); uint32_t cnt = @@ -1445,7 +1450,7 @@ static int SCHSTest09(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"ab", 2, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCHSPreparePatterns(&mpm_ctx); + SCHSPreparePatterns(NULL, &mpm_ctx); SCHSInitThreadCtx(&mpm_ctx, &mpm_thread_ctx); uint32_t cnt = @@ -1477,7 +1482,7 @@ static int SCHSTest10(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcdefgh", 8, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCHSPreparePatterns(&mpm_ctx); + SCHSPreparePatterns(NULL, &mpm_ctx); SCHSInitThreadCtx(&mpm_ctx, &mpm_thread_ctx); const char *buf = "01234567890123456789012345678901234567890123456789" @@ -1520,7 +1525,7 @@ static int SCHSTest11(void) goto end; PmqSetup(&pmq); - if (SCHSPreparePatterns(&mpm_ctx) == -1) + if (SCHSPreparePatterns(NULL, &mpm_ctx) == -1) goto end; SCHSInitThreadCtx(&mpm_ctx, &mpm_thread_ctx); @@ -1564,7 +1569,7 @@ static int SCHSTest12(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"vwxyz", 5, 0, 0, 1, 0, 0); PmqSetup(&pmq); - SCHSPreparePatterns(&mpm_ctx); + SCHSPreparePatterns(NULL, &mpm_ctx); SCHSInitThreadCtx(&mpm_ctx, &mpm_thread_ctx); const char *buf = "abcdefghijklmnopqrstuvwxyz"; @@ -1598,7 +1603,7 @@ static int SCHSTest13(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, sizeof(pat) - 1, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCHSPreparePatterns(&mpm_ctx); + SCHSPreparePatterns(NULL, &mpm_ctx); SCHSInitThreadCtx(&mpm_ctx, &mpm_thread_ctx); const char *buf = "abcdefghijklmnopqrstuvwxyzABCD"; @@ -1632,7 +1637,7 @@ static int SCHSTest14(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, sizeof(pat) - 1, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCHSPreparePatterns(&mpm_ctx); + SCHSPreparePatterns(NULL, &mpm_ctx); SCHSInitThreadCtx(&mpm_ctx, &mpm_thread_ctx); const char *buf = "abcdefghijklmnopqrstuvwxyzABCDE"; @@ -1666,7 +1671,7 @@ static int SCHSTest15(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, sizeof(pat) - 1, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCHSPreparePatterns(&mpm_ctx); + SCHSPreparePatterns(NULL, &mpm_ctx); SCHSInitThreadCtx(&mpm_ctx, &mpm_thread_ctx); const char *buf = "abcdefghijklmnopqrstuvwxyzABCDEF"; @@ -1700,7 +1705,7 @@ static int SCHSTest16(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, sizeof(pat) - 1, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCHSPreparePatterns(&mpm_ctx); + SCHSPreparePatterns(NULL, &mpm_ctx); SCHSInitThreadCtx(&mpm_ctx, &mpm_thread_ctx); const char *buf = "abcdefghijklmnopqrstuvwxyzABC"; @@ -1734,7 +1739,7 @@ static int SCHSTest17(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, sizeof(pat) - 1, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCHSPreparePatterns(&mpm_ctx); + SCHSPreparePatterns(NULL, &mpm_ctx); SCHSInitThreadCtx(&mpm_ctx, &mpm_thread_ctx); const char *buf = "abcdefghijklmnopqrstuvwxyzAB"; @@ -1773,7 +1778,7 @@ static int SCHSTest18(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, sizeof(pat) - 1, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCHSPreparePatterns(&mpm_ctx); + SCHSPreparePatterns(NULL, &mpm_ctx); SCHSInitThreadCtx(&mpm_ctx, &mpm_thread_ctx); const char *buf = "abcde" @@ -1812,7 +1817,7 @@ static int SCHSTest19(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, sizeof(pat) - 1, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCHSPreparePatterns(&mpm_ctx); + SCHSPreparePatterns(NULL, &mpm_ctx); SCHSInitThreadCtx(&mpm_ctx, &mpm_thread_ctx); const char *buf = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"; @@ -1852,7 +1857,7 @@ static int SCHSTest20(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)pat, sizeof(pat) - 1, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCHSPreparePatterns(&mpm_ctx); + SCHSPreparePatterns(NULL, &mpm_ctx); SCHSInitThreadCtx(&mpm_ctx, &mpm_thread_ctx); const char *buf = "AAAAA" @@ -1891,7 +1896,7 @@ static int SCHSTest21(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"AA", 2, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCHSPreparePatterns(&mpm_ctx); + SCHSPreparePatterns(NULL, &mpm_ctx); SCHSInitThreadCtx(&mpm_ctx, &mpm_thread_ctx); uint32_t cnt = @@ -1925,7 +1930,7 @@ static int SCHSTest22(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"abcde", 5, 0, 0, 1, 0, 0); PmqSetup(&pmq); - SCHSPreparePatterns(&mpm_ctx); + SCHSPreparePatterns(NULL, &mpm_ctx); SCHSInitThreadCtx(&mpm_ctx, &mpm_thread_ctx); const char *buf = "abcdefghijklmnopqrstuvwxyz"; @@ -1958,7 +1963,7 @@ static int SCHSTest23(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"AA", 2, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCHSPreparePatterns(&mpm_ctx); + SCHSPreparePatterns(NULL, &mpm_ctx); SCHSInitThreadCtx(&mpm_ctx, &mpm_thread_ctx); uint32_t cnt = @@ -1990,7 +1995,7 @@ static int SCHSTest24(void) MpmAddPatternCI(&mpm_ctx, (uint8_t *)"AA", 2, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCHSPreparePatterns(&mpm_ctx); + SCHSPreparePatterns(NULL, &mpm_ctx); SCHSInitThreadCtx(&mpm_ctx, &mpm_thread_ctx); uint32_t cnt = @@ -2023,7 +2028,7 @@ static int SCHSTest25(void) MpmAddPatternCI(&mpm_ctx, (uint8_t *)"fghiJkl", 7, 0, 0, 2, 0, 0); PmqSetup(&pmq); - SCHSPreparePatterns(&mpm_ctx); + SCHSPreparePatterns(NULL, &mpm_ctx); SCHSInitThreadCtx(&mpm_ctx, &mpm_thread_ctx); const char *buf = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"; @@ -2056,7 +2061,7 @@ static int SCHSTest26(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"Works", 5, 0, 0, 1, 0, 0); PmqSetup(&pmq); - SCHSPreparePatterns(&mpm_ctx); + SCHSPreparePatterns(NULL, &mpm_ctx); SCHSInitThreadCtx(&mpm_ctx, &mpm_thread_ctx); const char *buf = "works"; @@ -2089,7 +2094,7 @@ static int SCHSTest27(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"ONE", 3, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCHSPreparePatterns(&mpm_ctx); + SCHSPreparePatterns(NULL, &mpm_ctx); SCHSInitThreadCtx(&mpm_ctx, &mpm_thread_ctx); const char *buf = "tone"; @@ -2122,7 +2127,7 @@ static int SCHSTest28(void) MpmAddPatternCS(&mpm_ctx, (uint8_t *)"one", 3, 0, 0, 0, 0, 0); PmqSetup(&pmq); - SCHSPreparePatterns(&mpm_ctx); + SCHSPreparePatterns(NULL, &mpm_ctx); SCHSInitThreadCtx(&mpm_ctx, &mpm_thread_ctx); const char *buf = "tONE"; diff --git a/src/util-mpm.h b/src/util-mpm.h index 2309b75dee..6c18828e8b 100644 --- a/src/util-mpm.h +++ b/src/util-mpm.h @@ -84,6 +84,11 @@ typedef struct MpmPattern_ { * one per sgh. */ #define MPMCTX_FLAGS_GLOBAL BIT_U8(0) #define MPMCTX_FLAGS_NODEPTH BIT_U8(1) +#define MPMCTX_FLAGS_CACHE_TO_DISK BIT_U8(2) + +typedef struct MpmConfig_ { + const char *cache_dir_path; +} MpmConfig; typedef struct MpmCtx_ { void *ctx; @@ -149,6 +154,10 @@ typedef struct MpmTableElmt_ { void (*DestroyCtx)(struct MpmCtx_ *); void (*DestroyThreadCtx)(struct MpmCtx_ *, struct MpmThreadCtx_ *); + MpmConfig *(*ConfigInit)(void); + void (*ConfigDeinit)(MpmConfig **); + void (*ConfigCacheDirSet)(MpmConfig *, const char *dir_path); + /** function pointers for adding patterns to the mpm ctx. * * \param mpm_ctx Mpm context to add the pattern to @@ -162,7 +171,8 @@ typedef struct MpmTableElmt_ { */ int (*AddPattern)(struct MpmCtx_ *, uint8_t *, uint16_t, uint16_t, uint16_t, uint32_t, SigIntId, uint8_t); int (*AddPatternNocase)(struct MpmCtx_ *, uint8_t *, uint16_t, uint16_t, uint16_t, uint32_t, SigIntId, uint8_t); - int (*Prepare)(struct MpmCtx_ *); + int (*Prepare)(MpmConfig *, struct MpmCtx_ *); + int (*CacheRuleset)(MpmConfig *); /** \retval cnt number of patterns that matches: once per pattern max. */ uint32_t (*Search)(const struct MpmCtx_ *, struct MpmThreadCtx_ *, PrefilterRuleStore *, const uint8_t *, uint32_t); void (*PrintCtx)(struct MpmCtx_ *); diff --git a/suricata.yaml.in b/suricata.yaml.in index 0bd021b096..ec7d32b1d3 100644 --- a/suricata.yaml.in +++ b/suricata.yaml.in @@ -1748,6 +1748,10 @@ detect: toclient-groups: 3 toserver-groups: 25 sgh-mpm-context: auto + # Cache MPM contexts to the disk to avoid rule compilation at the startup. + # Cache files are created in the standard library directory. + sgh-mpm-caching: yes + sgh-mpm-caching-path: @e_sghcachedir@ # inspection-recursion-limit: 3000 # maximum number of times a tx will get logged for rules without app-layer keywords # stream-tx-log-limit: 4