From: Justin Viiret <justin.viiret@intel.com>
Date: Mon, 23 May 2016 00:46:53 +0000 (+1000)
Subject: mpm: add "auto" default for mpm-algo
X-Git-Tag: suricata-3.1RC1~75
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c9d0d6f69855c3aba2ee148a092618e7d5453096;p=thirdparty%2Fsuricata.git

mpm: add "auto" default for mpm-algo

Setting mpm-algo to "auto" will use "hs" if Suricata was built against
Hyperscan, and "ac" otherwise (or "ac-tile" on Tilera platforms).
---

diff --git a/src/detect-engine-mpm.c b/src/detect-engine-mpm.c
index 04cca7844f..fe469b4a08 100644
--- a/src/detect-engine-mpm.c
+++ b/src/detect-engine-mpm.c
@@ -335,6 +335,9 @@ uint16_t PatternMatchDefaultMatcher(void)
         uint16_t u;
 
         if (mpm_algo != NULL) {
+            if (strcmp("auto", mpm_algo) == 0) {
+                goto done;
+            }
             for (u = 0; u < MPM_TABLE_SIZE; u++) {
                 if (mpm_table[u].name == NULL)
                     continue;
diff --git a/src/detect-engine.c b/src/detect-engine.c
index a319a0ea32..dea169ed3f 100644
--- a/src/detect-engine.c
+++ b/src/detect-engine.c
@@ -1041,7 +1041,7 @@ static int DetectEngineCtxLoadConf(DetectEngineCtx *de_ctx)
     if (sgh_mpm_context == NULL || strcmp(sgh_mpm_context, "auto") == 0) {
         /* for now, since we still haven't implemented any intelligence into
          * understanding the patterns and distributing mpm_ctx across sgh */
-        if (de_ctx->mpm_matcher == DEFAULT_MPM || de_ctx->mpm_matcher == MPM_AC_TILE ||
+        if (de_ctx->mpm_matcher == MPM_AC || de_ctx->mpm_matcher == MPM_AC_TILE ||
 #ifdef BUILD_HYPERSCAN
             de_ctx->mpm_matcher == MPM_HS ||
 #endif
diff --git a/src/util-mpm.h b/src/util-mpm.h
index 2c165bedab..4930f0a6b6 100644
--- a/src/util-mpm.h
+++ b/src/util-mpm.h
@@ -43,10 +43,16 @@ enum {
     MPM_TABLE_SIZE,
 };
 
-#ifdef __tile__
-#define DEFAULT_MPM   MPM_AC_TILE
+/* MPM matcher to use by default, i.e. when "mpm-algo" is set to "auto".
+ * If Hyperscan is available, use it. Otherwise, use AC. */
+#ifdef BUILD_HYPERSCAN
+# define DEFAULT_MPM    MPM_HS
 #else
-#define DEFAULT_MPM   MPM_AC
+# ifdef __tile__
+#  define DEFAULT_MPM   MPM_AC_TILE
+# else
+#  define DEFAULT_MPM   MPM_AC
+# endif
 #endif
 
 /* Internal Pattern Index: 0 to pattern_cnt-1 */
diff --git a/suricata.yaml.in b/suricata.yaml.in
index 4951c4dbe5..74a3b95d9f 100644
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -722,8 +722,17 @@ cuda:
     cuda-streams: 2
 
 # Select the multi pattern algorithm you want to run for scan/search the
-# in the engine. The supported algorithms are b2g, b3g, wumanber,
-# ac, ac-bs and ac-gfbs.
+# in the engine.
+#
+# The supported algorithms are:
+# "ac"      - Aho-Corasick, default implementation
+# "ac-bs"   - Aho-Corasick, reduced memory implementation
+# "ac-cuda" - Aho-Corasick, CUDA implementation
+# "ac-tile" - Aho-Corasick, optimized for Tilera architecture
+# "hs"      - Hyperscan, available when built with Hyperscan support
+#
+# The default mpm-algo value of "auto" will use "hs" if Hyperscan is available,
+# "ac-tile" on Tilera platforms, and "ac" otherwise.
 #
 # The mpm you choose also decides the distribution of mpm contexts for
 # signature groups, specified by the conf - "detect.sgh-mpm-context".
@@ -736,7 +745,7 @@ cuda:
 # compiled with --enable-cuda: b2g_cuda. Make sure to update your
 # max-pending-packets setting above as well if you use b2g_cuda.
 
-mpm-algo: ac
+mpm-algo: auto
 
 # Select the matching algorithm you want to use for single-pattern searches.
 #