sgh->match_array = NULL;
}
+ if (sgh->non_mpm_id_array != NULL) {
+ SCFree(sgh->non_mpm_id_array);
+ sgh->non_mpm_id_array = NULL;
+ sgh->non_mpm_id_cnt = 0;
+ }
+
sgh->sig_cnt = 0;
if (sgh->init != NULL) {
return;
}
+/* build an array of rule id's for sigs with no mpm */
+int SigGroupHeadBuildNonMpmArray(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
+{
+ Signature *s = NULL;
+ uint32_t sig = 0;
+ uint32_t non_mpm = 0;
+
+ if (sgh == NULL)
+ return 0;
+
+ BUG_ON(sgh->non_mpm_id_array != NULL);
+
+ for (sig = 0; sig < sgh->sig_cnt; sig++) {
+ s = sgh->match_array[sig];
+ if (s == NULL)
+ continue;
+
+ if (s->mpm_sm == NULL)
+ non_mpm++;
+ }
+
+ if (non_mpm == 0) {
+ sgh->non_mpm_id_array = NULL;
+ return 0;
+ }
+
+ sgh->non_mpm_id_array = SCMalloc(non_mpm * sizeof(uint32_t));
+ BUG_ON(sgh->non_mpm_id_array == NULL);
+ memset(sgh->non_mpm_id_array, 0, non_mpm * sizeof(uint32_t));
+
+ for (sig = 0; sig < sgh->sig_cnt; sig++) {
+ s = sgh->match_array[sig];
+ if (s == NULL)
+ continue;
+ if (s->mpm_sm != NULL)
+ continue;
+
+ BUG_ON(sgh->non_mpm_id_cnt >= non_mpm);
+ sgh->non_mpm_id_array[sgh->non_mpm_id_cnt++] = s->num;
+ }
+ return 0;
+}
+
int SigGroupHeadBuildHeadArray(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
{
Signature *s = NULL;
void SigGroupHeadSetFileMd5Flag(DetectEngineCtx *, SigGroupHead *);
void SigGroupHeadSetFilesizeFlag(DetectEngineCtx *, SigGroupHead *);
+int SigGroupHeadBuildNonMpmArray(DetectEngineCtx *de_ctx, SigGroupHead *sgh);
+
#endif /* __DETECT_ENGINE_SIGGROUP_H__ */
SigGroupHeadSetFilesizeFlag(de_ctx, sgh);
SigGroupHeadSetFilestoreCount(de_ctx, sgh);
SCLogDebug("filestore count %u", sgh->filestore_cnt);
+
+ SigGroupHeadBuildNonMpmArray(de_ctx, sgh);
}
if (de_ctx->decoder_event_sgh != NULL) {
* signatures to be inspected in a cache efficient way. */
SignatureHeader *head_array;
+ uint32_t *non_mpm_id_array;
+ uint32_t non_mpm_id_cnt; // size is cnt * sizeof(uint32_t)
+
/* pattern matcher instances */
MpmCtx *mpm_proto_other_ctx;
projects / thirdparty / suricata.git / commitdiff
