From: Victor Julien Date: Wed, 28 Oct 2015 20:47:37 +0000 (+0100) Subject: mpm: clean up builtin mpm setup, enable single/full X-Git-Tag: suricata-3.1RC1~308 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ac2c206359922a2296b5d019be0355ba23ae430b;p=thirdparty%2Fsuricata.git mpm: clean up builtin mpm setup, enable single/full --- diff --git a/src/detect-engine-mpm.c b/src/detect-engine-mpm.c index 179085603f..89cc643b90 100644 --- a/src/detect-engine-mpm.c +++ b/src/detect-engine-mpm.c @@ -163,6 +163,88 @@ void DetectMpmPrepareAppMpms(DetectEngineCtx *de_ctx) } } +static int32_t SetupBuiltinMpm(DetectEngineCtx *de_ctx, const char *name) +{ + /* default to whatever the global setting is */ + int shared = (de_ctx->sgh_mpm_context == ENGINE_SGH_MPM_FACTORY_CONTEXT_SINGLE); + + /* see if we use a unique or shared mpm ctx for this type */ + int confshared = 0; + char confstring[256] = "detect.mpm."; + strlcat(confstring, name, sizeof(confstring)); + strlcat(confstring, ".shared", sizeof(confstring)); + if (ConfGetBool(confstring, &confshared) == 1) + shared = confshared; + + int32_t ctx; + if (shared == 0) { + ctx = MPM_CTX_FACTORY_UNIQUE_CONTEXT; + SCLogInfo("using unique mpm ctx' for %s", name); + } else { + ctx = MpmFactoryRegisterMpmCtxProfile(de_ctx, name); + SCLogInfo("using shared mpm ctx' for %s", name); + } + return ctx; +} + +void DetectMpmInitializeBuiltinMpms(DetectEngineCtx *de_ctx) +{ + de_ctx->sgh_mpm_context_proto_tcp_packet = SetupBuiltinMpm(de_ctx, "tcp-packet"); + de_ctx->sgh_mpm_context_stream = SetupBuiltinMpm(de_ctx, "tcp-stream"); + + de_ctx->sgh_mpm_context_proto_udp_packet = SetupBuiltinMpm(de_ctx, "udp-packet"); + de_ctx->sgh_mpm_context_proto_other_packet = SetupBuiltinMpm(de_ctx, "other-ip"); +} + +/** + * \brief initialize mpm contexts for builtin buffers that are in + * "single or "shared" mode. + */ +void DetectMpmPrepareBuiltinMpms(DetectEngineCtx *de_ctx) +{ + MpmCtx *mpm_ctx = NULL; + + if (de_ctx->sgh_mpm_context_proto_tcp_packet != MPM_CTX_FACTORY_UNIQUE_CONTEXT) { + mpm_ctx = MpmFactoryGetMpmCtxForProfile(de_ctx, de_ctx->sgh_mpm_context_proto_tcp_packet, 0); + if (mpm_table[de_ctx->mpm_matcher].Prepare != NULL) { + mpm_table[de_ctx->mpm_matcher].Prepare(mpm_ctx); + } + mpm_ctx = MpmFactoryGetMpmCtxForProfile(de_ctx, de_ctx->sgh_mpm_context_proto_tcp_packet, 1); + if (mpm_table[de_ctx->mpm_matcher].Prepare != NULL) { + mpm_table[de_ctx->mpm_matcher].Prepare(mpm_ctx); + } + } + + if (de_ctx->sgh_mpm_context_proto_udp_packet != MPM_CTX_FACTORY_UNIQUE_CONTEXT) { + mpm_ctx = MpmFactoryGetMpmCtxForProfile(de_ctx, de_ctx->sgh_mpm_context_proto_udp_packet, 0); + if (mpm_table[de_ctx->mpm_matcher].Prepare != NULL) { + mpm_table[de_ctx->mpm_matcher].Prepare(mpm_ctx); + } + mpm_ctx = MpmFactoryGetMpmCtxForProfile(de_ctx, de_ctx->sgh_mpm_context_proto_udp_packet, 1); + if (mpm_table[de_ctx->mpm_matcher].Prepare != NULL) { + mpm_table[de_ctx->mpm_matcher].Prepare(mpm_ctx); + } + } + + if (de_ctx->sgh_mpm_context_proto_other_packet != MPM_CTX_FACTORY_UNIQUE_CONTEXT) { + mpm_ctx = MpmFactoryGetMpmCtxForProfile(de_ctx, de_ctx->sgh_mpm_context_proto_other_packet, 0); + if (mpm_table[de_ctx->mpm_matcher].Prepare != NULL) { + mpm_table[de_ctx->mpm_matcher].Prepare(mpm_ctx); + } + } + + if (de_ctx->sgh_mpm_context_stream != MPM_CTX_FACTORY_UNIQUE_CONTEXT) { + mpm_ctx = MpmFactoryGetMpmCtxForProfile(de_ctx, de_ctx->sgh_mpm_context_stream, 0); + if (mpm_table[de_ctx->mpm_matcher].Prepare != NULL) { + mpm_table[de_ctx->mpm_matcher].Prepare(mpm_ctx); + } + mpm_ctx = MpmFactoryGetMpmCtxForProfile(de_ctx, de_ctx->sgh_mpm_context_stream, 1); + if (mpm_table[de_ctx->mpm_matcher].Prepare != NULL) { + mpm_table[de_ctx->mpm_matcher].Prepare(mpm_ctx); + } + } +} + /** * \brief check if a signature has patterns that are to be inspected * against a packets payload (as opposed to the stream payload) diff --git a/src/detect-engine-mpm.h b/src/detect-engine-mpm.h index 4bb7fe31a5..5e83a25539 100644 --- a/src/detect-engine-mpm.h +++ b/src/detect-engine-mpm.h @@ -34,10 +34,12 @@ void DetectMpmInitializeAppMpms(DetectEngineCtx *de_ctx); void DetectMpmPrepareAppMpms(DetectEngineCtx *de_ctx); - -uint16_t PatternMatchDefaultMatcher(void); +void DetectMpmInitializeBuiltinMpms(DetectEngineCtx *de_ctx); +void DetectMpmPrepareBuiltinMpms(DetectEngineCtx *de_ctx); uint32_t PatternStrength(uint8_t *, uint16_t); + +uint16_t PatternMatchDefaultMatcher(void); uint32_t PacketPatternSearchWithStreamCtx(DetectEngineThreadCtx *, Packet *); uint32_t PacketPatternSearch(DetectEngineThreadCtx *, Packet *); uint32_t StreamPatternSearch(DetectEngineThreadCtx *, Packet *, StreamMsg *, uint8_t); diff --git a/src/detect.c b/src/detect.c index a322bfc755..fd99ed761a 100644 --- a/src/detect.c +++ b/src/detect.c @@ -2730,22 +2730,7 @@ static int SignatureCreateMask(Signature *s) static void SigInitStandardMpmFactoryContexts(DetectEngineCtx *de_ctx) { - if (de_ctx->sgh_mpm_context == ENGINE_SGH_MPM_FACTORY_CONTEXT_SINGLE) { - de_ctx->sgh_mpm_context_proto_tcp_packet = - MpmFactoryRegisterMpmCtxProfile(de_ctx, "packet_proto_tcp"); - de_ctx->sgh_mpm_context_proto_udp_packet = - MpmFactoryRegisterMpmCtxProfile(de_ctx, "packet_proto_udp"); - de_ctx->sgh_mpm_context_proto_other_packet = - MpmFactoryRegisterMpmCtxProfile(de_ctx, "packet_proto_other"); - de_ctx->sgh_mpm_context_stream = - MpmFactoryRegisterMpmCtxProfile(de_ctx, "stream"); - } else { - de_ctx->sgh_mpm_context_proto_tcp_packet = MPM_CTX_FACTORY_UNIQUE_CONTEXT; - de_ctx->sgh_mpm_context_proto_udp_packet = MPM_CTX_FACTORY_UNIQUE_CONTEXT; - de_ctx->sgh_mpm_context_proto_other_packet = MPM_CTX_FACTORY_UNIQUE_CONTEXT; - de_ctx->sgh_mpm_context_stream = MPM_CTX_FACTORY_UNIQUE_CONTEXT; - } - + DetectMpmInitializeBuiltinMpms(de_ctx); DetectMpmInitializeAppMpms(de_ctx); return; @@ -4141,8 +4126,6 @@ int SigGroupBuild(DetectEngineCtx *de_ctx) } if (de_ctx->sgh_mpm_context == ENGINE_SGH_MPM_FACTORY_CONTEXT_SINGLE) { - MpmCtx *mpm_ctx = NULL; - #ifdef __SC_CUDA_SUPPORT__ if (PatternMatchDefaultMatcher() == MPM_AC_CUDA) { /* setting it to default. You've gotta remove it once you fix the state table thing */ @@ -4161,42 +4144,6 @@ int SigGroupBuild(DetectEngineCtx *de_ctx) } } #endif - mpm_ctx = MpmFactoryGetMpmCtxForProfile(de_ctx, de_ctx->sgh_mpm_context_proto_tcp_packet, 0); - if (mpm_table[de_ctx->mpm_matcher].Prepare != NULL) { - mpm_table[de_ctx->mpm_matcher].Prepare(mpm_ctx); - } - mpm_ctx = MpmFactoryGetMpmCtxForProfile(de_ctx, de_ctx->sgh_mpm_context_proto_tcp_packet, 1); - if (mpm_table[de_ctx->mpm_matcher].Prepare != NULL) { - mpm_table[de_ctx->mpm_matcher].Prepare(mpm_ctx); - } - //printf("packet- %d\n", mpm_ctx->pattern_cnt); - - mpm_ctx = MpmFactoryGetMpmCtxForProfile(de_ctx, de_ctx->sgh_mpm_context_proto_udp_packet, 0); - if (mpm_table[de_ctx->mpm_matcher].Prepare != NULL) { - mpm_table[de_ctx->mpm_matcher].Prepare(mpm_ctx); - } - mpm_ctx = MpmFactoryGetMpmCtxForProfile(de_ctx, de_ctx->sgh_mpm_context_proto_udp_packet, 1); - if (mpm_table[de_ctx->mpm_matcher].Prepare != NULL) { - mpm_table[de_ctx->mpm_matcher].Prepare(mpm_ctx); - } - //printf("packet- %d\n", mpm_ctx->pattern_cnt); - - mpm_ctx = MpmFactoryGetMpmCtxForProfile(de_ctx, de_ctx->sgh_mpm_context_proto_other_packet, 0); - if (mpm_table[de_ctx->mpm_matcher].Prepare != NULL) { - mpm_table[de_ctx->mpm_matcher].Prepare(mpm_ctx); - } - //printf("packet- %d\n", mpm_ctx->pattern_cnt); - - mpm_ctx = MpmFactoryGetMpmCtxForProfile(de_ctx, de_ctx->sgh_mpm_context_stream, 0); - if (mpm_table[de_ctx->mpm_matcher].Prepare != NULL) { - mpm_table[de_ctx->mpm_matcher].Prepare(mpm_ctx); - } - mpm_ctx = MpmFactoryGetMpmCtxForProfile(de_ctx, de_ctx->sgh_mpm_context_stream, 1); - if (mpm_table[de_ctx->mpm_matcher].Prepare != NULL) { - mpm_table[de_ctx->mpm_matcher].Prepare(mpm_ctx); - } - //printf("stream- %d\n", mpm_ctx->pattern_cnt); - #ifdef __SC_CUDA_SUPPORT__ if (PatternMatchDefaultMatcher() == MPM_AC_CUDA) { int r = SCCudaCtxPopCurrent(NULL); @@ -4211,6 +4158,7 @@ int SigGroupBuild(DetectEngineCtx *de_ctx) DetermineCudaStateTableSize(de_ctx); #endif } + DetectMpmPrepareBuiltinMpms(de_ctx); DetectMpmPrepareAppMpms(de_ctx); // DetectAddressPrintMemory();