Give priority to non stream content over stream content when selecting fast

author Anoop Saldanha <anoopsaldanha@gmail.com>

Fri, 21 Sep 2012 15:15:17 +0000 (20:45 +0530)

committer Victor Julien <victor@inliniac.net>

Mon, 24 Sep 2012 07:58:51 +0000 (09:58 +0200)
author Anoop Saldanha <anoopsaldanha@gmail.com>
Fri, 21 Sep 2012 15:15:17 +0000 (20:45 +0530)
committer Victor Julien <victor@inliniac.net>
Mon, 24 Sep 2012 07:58:51 +0000 (09:58 +0200)
diff --git a/src/detect-engine-mpm.c b/src/detect-engine-mpm.c

index 7150c1e34b71b34844068a7c00def2dc9336ab6b..3646643a7f7e1c348eeb637f123815238c41e9de 100644 (file)
--- a/src/detect-engine-mpm.c
+++ b/src/detect-engine-mpm.c
@@ -1687,14 +1687,21 @@ static int PatternMatchPreparePopulateMpm(DetectEngineCtx *de_ctx,
                                            SigGroupHead *sgh)
  {
      uint32_t sig;
-    uint32_t *fast_pattern = NULL;
+    uint8_t *fast_pattern = NULL;
+    uint8_t *has_non_negated_non_stream_pattern = NULL;
  
-    fast_pattern = (uint32_t *)SCMalloc(sgh->sig_cnt * sizeof(uint32_t));
+    fast_pattern = (uint8_t *)SCMalloc(sgh->sig_cnt * sizeof(uint8_t));
      if (fast_pattern == NULL) {
          SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory");
          exit(EXIT_FAILURE);
      }
-    memset(fast_pattern, 0, sgh->sig_cnt * sizeof(uint32_t));
+    memset(fast_pattern, 0, sgh->sig_cnt * sizeof(uint8_t));
+    has_non_negated_non_stream_pattern = (uint8_t *)SCMalloc(sgh->sig_cnt * sizeof(uint8_t));
+    if (has_non_negated_non_stream_pattern == NULL) {
+        SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory");
+        exit(EXIT_FAILURE);
+    }
+    memset(has_non_negated_non_stream_pattern, 0, sgh->sig_cnt * sizeof(uint8_t));
  
      /* add all mpm candidates to a hash */
      for (sig = 0; sig < sgh->sig_cnt; sig++) {
@@ -1728,6 +1735,11 @@ static int PatternMatchPreparePopulateMpm(DetectEngineCtx *de_ctx,
                  //}
  
                  DetectContentData *cd = (DetectContentData *)sm->ctx;
+                if (!(cd->flags & DETECT_CONTENT_NEGATED) &&
+                    list_id != DETECT_SM_LIST_PMATCH) {
+                    has_non_negated_non_stream_pattern[sig] = 1;
+                }
+
                  if (cd->flags & DETECT_CONTENT_FAST_PATTERN) {
                      fast_pattern[sig] = 1;
                      break;
@@ -1761,6 +1773,12 @@ static int PatternMatchPreparePopulateMpm(DetectEngineCtx *de_ctx,
                  if (!FastPatternSupportEnabledForSigMatchList(list_id))
                      continue;
  
+                if (list_id == DETECT_SM_LIST_PMATCH &&
+                    !fast_pattern[sig] &&
+                    has_non_negated_non_stream_pattern[sig]) {
+                    continue;
+                }
+
                  for (sm = s->sm_lists[list_id]; sm != NULL; sm = sm->next) {
                      if (sm->type != DETECT_CONTENT)
                          continue;
@@ -1797,6 +1815,12 @@ static int PatternMatchPreparePopulateMpm(DetectEngineCtx *de_ctx,
              if (!FastPatternSupportEnabledForSigMatchList(list_id))
                  continue;
  
+            if (list_id == DETECT_SM_LIST_PMATCH &&
+                !fast_pattern[sig] &&
+                has_non_negated_non_stream_pattern[sig]) {
+                continue;
+            }
+
              for (sm = s->sm_lists[list_id]; sm != NULL; sm = sm->next) {
                  if (sm->type != DETECT_CONTENT)
                      continue;
@@ -1854,6 +1878,8 @@ static int PatternMatchPreparePopulateMpm(DetectEngineCtx *de_ctx,
  
      if (fast_pattern != NULL)
          SCFree(fast_pattern);
+    if (has_non_negated_non_stream_pattern != NULL)
+        SCFree(has_non_negated_non_stream_pattern);
  
      return 0;
  }
author	Anoop Saldanha <anoopsaldanha@gmail.com>
	Fri, 21 Sep 2012 15:15:17 +0000 (20:45 +0530)
committer	Victor Julien <victor@inliniac.net>
	Mon, 24 Sep 2012 07:58:51 +0000 (09:58 +0200)