aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

mpm: remove obsolete mpm algos

Browse Source 
Remove: ac-gfbs, wumanber, b2g, b3g.
pull/1978/head
Victor Julien 9 years ago
parent 262abbb49f
commit 4f8e1f59a6
27 changed files with 114 additions and 12145 deletions
Show Stats Download Patch File Download Diff File

4
src/Makefile.am
Unescape Escape View File

@ -367,14 +367,10 @@ util-memrchr.c util-memrchr.h \
util-misc.c util-misc.h \
util-mpm-ac-bs.c util-mpm-ac-bs.h \
util-mpm-ac.c util-mpm-ac.h \
util-mpm-ac-gfbs.c util-mpm-ac-gfbs.h \
util-mpm-ac-tile.c util-mpm-ac-tile.h \
util-mpm-ac-tile-small.c \
util-mpm-b2g.c util-mpm-b2g.h \
util-mpm-b3g.c util-mpm-b3g.h \
util-mpm-hs.c util-mpm-hs.h \
util-mpm.c util-mpm.h \
util-mpm-wumanber.c util-mpm-wumanber.h \
util-optimize.h \
util-path.c util-path.h \
util-pidfile.c util-pidfile.h \

5
src/app-layer-detect-proto.c
Unescape Escape View File

@ -3315,7 +3315,6 @@ static int AppLayerProtoDetectTest16(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx, "alert http any any -> any any "
@ -3409,7 +3408,6 @@ static int AppLayerProtoDetectTest17(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx, "alert http any !80 -> any any "
@ -3505,7 +3503,6 @@ static int AppLayerProtoDetectTest18(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx, "alert ftp any any -> any any "
@ -3597,7 +3594,6 @@ static int AppLayerProtoDetectTest19(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx, "alert http any !80 -> any any "
@ -3700,7 +3696,6 @@ static int AppLayerProtoDetectTest20(void)
ssn.toserver_smsg_head = stream_msg;
ssn.toserver_smsg_tail = stream_msg;
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx, "alert http any any -> any any "

31
src/detect-ack.c
Unescape Escape View File

@ -146,7 +146,7 @@ static void DetectAckFree(void *ptr)
* \internal
* \brief This test tests sameip success and failure.
*/
static int DetectAckSigTest01Real(int mpm_type)
static int DetectAckSigTest01(void)
{
Packet *p1 = NULL;
Packet *p2 = NULL;
@ -173,7 +173,6 @@ static int DetectAckSigTest01Real(int mpm_type)
goto end;
}
de_ctx->mpm_matcher = mpm_type;
de_ctx->flags |= DE_QUIET;
/* These three are crammed in here as there is no Parse */
@ -261,30 +260,6 @@ end:
return result;
}
/**
* \test DetectAckSigTest01B2g tests sameip under B2g MPM
*/
static int DetectAckSigTest01B2g(void)
{
return DetectAckSigTest01Real(MPM_B2G);
}
/**
* \test DetectAckSigTest01B2g tests sameip under B3g MPM
*/
static int DetectAckSigTest01B3g(void)
{
return DetectAckSigTest01Real(MPM_B3G);
}
/**
* \test DetectAckSigTest01B2g tests sameip under WuManber MPM
*/
static int DetectAckSigTest01Wm(void)
{
return DetectAckSigTest01Real(MPM_WUMANBER);
}
#endif /* UNITTESTS */
/**
@ -294,9 +269,7 @@ static int DetectAckSigTest01Wm(void)
static void DetectAckRegisterTests(void)
{
#ifdef UNITTESTS
UtRegisterTest("DetectAckSigTest01B2g", DetectAckSigTest01B2g, 1);
UtRegisterTest("DetectAckSigTest01B3g", DetectAckSigTest01B3g, 1);
UtRegisterTest("DetectAckSigTest01Wm", DetectAckSigTest01Wm, 1);
UtRegisterTest("DetectAckSigTest01", DetectAckSigTest01, 1);
#endif /* UNITTESTS */
}

4
src/detect-content.c
Unescape Escape View File

@ -2557,7 +2557,7 @@ static int SigTest76TestBug134(void)
char sig[] = "alert tcp any any -> any 515 "
"(msg:\"detect IFS\"; flow:to_server,established; content:\"${IFS}\";"
" depth:50; offset:0; sid:900091; rev:1;)";
if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0) {
if (UTHPacketMatchSigMpm(p, sig, MPM_AC) == 0) {
result = 0;
goto end;
}
@ -2584,7 +2584,7 @@ static int SigTest77TestBug139(void)
char sig[] = "alert udp any any -> any 53 (msg:\"dns testing\";"
" content:\"|00 00|\"; depth:5; offset:13; sid:9436601;"
" rev:1;)";
if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0) {
if (UTHPacketMatchSigMpm(p, sig, MPM_AC) == 0) {
result = 0;
goto end;
}

1
src/detect-distance.c
Unescape Escape View File

@ -189,7 +189,6 @@ static int DetectDistanceTest01(void)
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any (content:\"|AA BB|\"; content:\"|CC DD EE FF 00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE|\"; distance: 4; within: 19; sid:1; rev:1;)");

38
src/detect-engine-hrl.c
Unescape Escape View File

@ -149,7 +149,6 @@ static int UriTestSig01(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -272,7 +271,6 @@ static int UriTestSig02(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -395,7 +393,6 @@ static int UriTestSig03(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -518,7 +515,6 @@ static int UriTestSig04(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -641,7 +637,6 @@ static int UriTestSig05(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -764,7 +759,6 @@ static int UriTestSig06(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -887,7 +881,6 @@ static int UriTestSig07(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -1010,7 +1003,6 @@ static int UriTestSig08(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -1133,7 +1125,6 @@ static int UriTestSig09(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -1256,7 +1247,6 @@ static int UriTestSig10(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -1379,7 +1369,6 @@ static int UriTestSig11(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -1503,7 +1492,6 @@ static int UriTestSig12(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -1627,7 +1615,6 @@ static int UriTestSig13(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -1751,7 +1738,6 @@ static int UriTestSig14(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -1875,7 +1861,6 @@ static int UriTestSig15(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -1999,7 +1984,6 @@ static int UriTestSig16(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx, "drop tcp any any -> any any (msg:\"ET TROJAN Downadup/Conficker A or B Worm reporting\"; flow:to_server,established; uricontent:\"/search?q=\"; pcre:\"/^\\/search\\?q=[0-9]{1,3}(&aq=7(\\?[0-9a-f]{8})?)?/U\"; pcre:\"/\\x0d\\x0aHost\\: \\d+\\.\\d+\\.\\d+\\.\\d+\\x0d\\x0a/\"; sid:2009024; rev:9;)");
@ -2119,7 +2103,6 @@ static int UriTestSig17(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -2215,7 +2198,6 @@ static int UriTestSig18(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -2311,7 +2293,6 @@ static int UriTestSig19(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -2408,7 +2389,6 @@ static int UriTestSig20(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -2504,7 +2484,6 @@ static int UriTestSig21(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -2600,7 +2579,6 @@ static int UriTestSig22(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -2694,7 +2672,6 @@ static int UriTestSig23(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -2788,7 +2765,6 @@ static int UriTestSig24(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -2882,7 +2858,6 @@ static int UriTestSig25(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -2976,7 +2951,6 @@ static int UriTestSig26(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -3070,7 +3044,6 @@ static int UriTestSig27(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -3196,7 +3169,6 @@ static int UriTestSig28(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,
@ -3289,7 +3261,6 @@ static int UriTestSig29(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,
@ -3382,7 +3353,6 @@ static int UriTestSig30(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,
@ -3475,7 +3445,6 @@ static int UriTestSig31(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,
@ -3568,7 +3537,6 @@ static int UriTestSig32(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,
@ -3661,7 +3629,6 @@ static int UriTestSig33(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -3752,7 +3719,6 @@ static int UriTestSig34(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -3843,7 +3809,6 @@ static int UriTestSig35(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -3934,7 +3899,6 @@ static int UriTestSig36(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -4025,7 +3989,6 @@ static int UriTestSig37(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -4116,7 +4079,6 @@ static int UriTestSig38(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "

2
src/detect-engine-hrud.c
Unescape Escape View File

@ -3503,7 +3503,6 @@ static int DetectEngineHttpRawUriTest29(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -3598,7 +3597,6 @@ static int DetectEngineHttpRawUriTest30(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "

44
src/detect-engine-payload.c
Unescape Escape View File

@ -137,7 +137,7 @@ static int PayloadTestSig01 (void)
int result = 0;
char sig[] = "alert tcp any any -> any any (content:\"abc\"; content:\"d\"; distance:0; within:1; sid:1;)";
if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0) {
if (UTHPacketMatchSigMpm(p, sig, DEFAULT_MPM) == 0) {
result = 0;
goto end;
}
@ -159,7 +159,7 @@ static int PayloadTestSig02 (void)
int result = 0;
char sig[] = "alert tcp any any -> any any (content:\"abc\"; nocase; content:\"d\"; distance:0; within:1; sid:1;)";
if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0) {
if (UTHPacketMatchSigMpm(p, sig, DEFAULT_MPM) == 0) {
result = 0;
goto end;
}
@ -181,7 +181,7 @@ static int PayloadTestSig03 (void)
int result = 0;
char sig[] = "alert tcp any any -> any any (content:\"aBc\"; nocase; content:\"abca\"; distance:-10; within:4; sid:1;)";
if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0) {
if (UTHPacketMatchSigMpm(p, sig, DEFAULT_MPM) == 0) {
result = 0;
goto end;
}
@ -206,7 +206,7 @@ static int PayloadTestSig04(void)
char sig[] = "alert tcp any any -> any any (msg:\"dummy\"; "
"content:\"this\"; content:\"is\"; within:6; content:\"big\"; within:8; "
"content:\"string\"; within:8; sid:1;)";
if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0) {
if (UTHPacketMatchSigMpm(p, sig, DEFAULT_MPM) == 0) {
result = 0;
goto end;
}
@ -231,7 +231,7 @@ static int PayloadTestSig05(void)
char sig[] = "alert tcp any any -> any any (msg:\"dummy\"; "
"content:\"this\"; content:\"is\"; within:9; content:\"big\"; within:12; "
"content:\"string\"; within:8; sid:1;)";
if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0) {
if (UTHPacketMatchSigMpm(p, sig, DEFAULT_MPM) == 0) {
result = 0;
goto end;
}
@ -256,7 +256,7 @@ static int PayloadTestSig06(void)
char sig[] = "alert tcp any any -> any any (msg:\"dummy\"; "
"content:\"now\"; content:\"this\"; content:\"is\"; within:12; content:\"big\"; within:8; "
"content:\"string\"; within:8; sid:1;)";
if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0) {
if (UTHPacketMatchSigMpm(p, sig, DEFAULT_MPM) == 0) {
result = 0;
goto end;
}
@ -281,7 +281,7 @@ static int PayloadTestSig07(void)
char sig[] = "alert tcp any any -> any any (msg:\"dummy\"; "
"content:\"thus\"; offset:8; content:\"is\"; within:6; content:\"big\"; within:8; sid:1;)";
if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0) {
if (UTHPacketMatchSigMpm(p, sig, DEFAULT_MPM) == 0) {
result = 0;
goto end;
}
@ -307,7 +307,7 @@ static int PayloadTestSig08(void)
char sig[] = "alert tcp any any -> any any (msg:\"dummy\"; "
"content:\"fix\"; content:\"this\"; within:6; content:!\"and\"; distance:0; sid:1;)";
if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) != 1) {
if (UTHPacketMatchSigMpm(p, sig, DEFAULT_MPM) != 1) {
goto end;
}
@ -331,7 +331,7 @@ static int PayloadTestSig09(void)
char sig[] = "alert tcp any any -> any any (msg:\"dummy\"; "
"pcre:/super/; content:\"nova\"; within:7; sid:1;)";
if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0) {
if (UTHPacketMatchSigMpm(p, sig, DEFAULT_MPM) == 0) {
result = 0;
goto end;
}
@ -356,7 +356,7 @@ static int PayloadTestSig10(void)
char sig[] = "alert udp any any -> any any (msg:\"crash\"; "
"byte_test:4,>,2,0,relative; sid:11;)";
if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 1) {
if (UTHPacketMatchSigMpm(p, sig, DEFAULT_MPM) == 1) {
result = 0;
goto end;
}
@ -381,7 +381,7 @@ static int PayloadTestSig11(void)
char sig[] = "alert udp any any -> any any (msg:\"crash\"; "
"byte_jump:1,0,relative; sid:11;)";
if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 1) {
if (UTHPacketMatchSigMpm(p, sig, DEFAULT_MPM) == 1) {
result = 0;
goto end;
}
@ -406,7 +406,7 @@ static int PayloadTestSig12(void)
char sig[] = "alert udp any any -> any any (msg:\"crash\"; "
"isdataat:10,relative; sid:11;)";
if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 1) {
if (UTHPacketMatchSigMpm(p, sig, DEFAULT_MPM) == 1) {
result = 0;
goto end;
}
@ -446,7 +446,7 @@ static int PayloadTestSig13(void)
uint16_t buflen = strlen((char *)buf);
Packet *p = UTHBuildPacket( buf, buflen, IPPROTO_TCP);
int result = 0;
uint16_t mpm_type = MPM_B2G;
uint16_t mpm_type = DEFAULT_MPM;
char sig[] = "alert tcp any any -> any any (msg:\"dummy\"; "
"content:\"aa\"; content:\"aa\"; distance:0; content:\"aa\"; distance:0; "
@ -528,7 +528,7 @@ static int PayloadTestSig14(void)
//char sig[] = "alert tcp any any -> any any (content:\"User-Agent: Mozilla/5.0 (Macintosh; \"; content:\"Firefox/3.\"; distance:0; content:!\"Firefox/3.6.12\"; distance:-10; content:!\"Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b4) Gecko/20090423 Firefox/3.6 GTB5\"; sid:1; rev:1;)";
if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 1) {
if (UTHPacketMatchSigMpm(p, sig, DEFAULT_MPM) == 1) {
goto end;
}
@ -549,7 +549,7 @@ static int PayloadTestSig15(void)
char sig[] = "alert tcp any any -> any any (msg:\"dummy\"; "
"content:\"nova\"; isdataat:18,relative; sid:1;)";
if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0) {
if (UTHPacketMatchSigMpm(p, sig, DEFAULT_MPM) == 0) {
result = 0;
goto end;
}
@ -572,7 +572,7 @@ static int PayloadTestSig16(void)
char sig[] = "alert tcp any any -> any any (msg:\"dummy\"; "
"content:\"nova\"; isdataat:!20,relative; sid:1;)";
if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0) {
if (UTHPacketMatchSigMpm(p, sig, DEFAULT_MPM) == 0) {
result = 0;
goto end;
}
@ -596,7 +596,7 @@ static int PayloadTestSig17(void)
"content:\"%\"; depth:4; offset:0; "
"content:\"%\"; within:2; distance:1; sid:1;)";
if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0) {
if (UTHPacketMatchSigMpm(p, sig, DEFAULT_MPM) == 0) {
result = 0;
goto end;
}
@ -964,7 +964,7 @@ static int PayloadTestSig30(void)
int result = 0;
char sig[] = "alert tcp any any -> any any (content:\"one\"; pcre:\"/^two/R\"; sid:1;)";
if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0) {
if (UTHPacketMatchSigMpm(p, sig, DEFAULT_MPM) == 0) {
result = 0;
goto end;
}
@ -985,7 +985,7 @@ static int PayloadTestSig31(void)
int result = 0;
char sig[] = "alert tcp any any -> any any (content:\"one\"; pcre:\"/(fiv|^two)/R\"; sid:1;)";
if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0) {
if (UTHPacketMatchSigMpm(p, sig, DEFAULT_MPM) == 0) {
result = 0;
goto end;
}
@ -1010,7 +1010,7 @@ static int PayloadTestSig32(void)
char sig[] = "alert tcp any any -> any any (msg:\"crash\"; "
"content:\"message\"; byte_jump:2,-14,string,dec,relative; content:\"card\"; within:4; sid:1;)";
if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0)
if (UTHPacketMatchSigMpm(p, sig, DEFAULT_MPM) == 0)
goto end;
result = 1;
@ -1033,7 +1033,7 @@ static int PayloadTestSig33(void)
char sig[] = "alert tcp any any -> any any (msg:\"crash\"; "
"content:\"message\"; byte_test:1,=,2,-14,string,dec,relative; sid:1;)";
if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0)
if (UTHPacketMatchSigMpm(p, sig, DEFAULT_MPM) == 0)
goto end;
result = 1;
@ -1056,7 +1056,7 @@ static int PayloadTestSig34(void)
char sig[] = "alert tcp any any -> any any (msg:\"crash\"; "
"content:\"message\"; byte_extract:1,-14,boom,string,dec,relative; sid:1;)";
if (UTHPacketMatchSigMpm(p, sig, MPM_B2G) == 0)
if (UTHPacketMatchSigMpm(p, sig, DEFAULT_MPM) == 0)
goto end;
result = 1;

38
src/detect-engine-uri.c
Unescape Escape View File

@ -150,7 +150,6 @@ static int UriTestSig01(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -273,7 +272,6 @@ static int UriTestSig02(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -396,7 +394,6 @@ static int UriTestSig03(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -519,7 +516,6 @@ static int UriTestSig04(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -642,7 +638,6 @@ static int UriTestSig05(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -765,7 +760,6 @@ static int UriTestSig06(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -888,7 +882,6 @@ static int UriTestSig07(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -1011,7 +1004,6 @@ static int UriTestSig08(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -1134,7 +1126,6 @@ static int UriTestSig09(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -1257,7 +1248,6 @@ static int UriTestSig10(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -1380,7 +1370,6 @@ static int UriTestSig11(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -1504,7 +1493,6 @@ static int UriTestSig12(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -1628,7 +1616,6 @@ static int UriTestSig13(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -1752,7 +1739,6 @@ static int UriTestSig14(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -1876,7 +1862,6 @@ static int UriTestSig15(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -2000,7 +1985,6 @@ static int UriTestSig16(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx, "drop tcp any any -> any any (msg:\"ET TROJAN Downadup/Conficker A or B Worm reporting\"; flow:to_server,established; uricontent:\"/search?q=\"; pcre:\"/^\\/search\\?q=[0-9]{1,3}(&aq=7(\\?[0-9a-f]{8})?)?/U\"; pcre:\"/\\x0d\\x0aHost\\: \\d+\\.\\d+\\.\\d+\\.\\d+\\x0d\\x0a/\"; sid:2009024; rev:9;)");
@ -2120,7 +2104,6 @@ static int UriTestSig17(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -2216,7 +2199,6 @@ static int UriTestSig18(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -2312,7 +2294,6 @@ static int UriTestSig19(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -2409,7 +2390,6 @@ static int UriTestSig20(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -2505,7 +2485,6 @@ static int UriTestSig21(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -2601,7 +2580,6 @@ static int UriTestSig22(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -2695,7 +2673,6 @@ static int UriTestSig23(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -2789,7 +2766,6 @@ static int UriTestSig24(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -2883,7 +2859,6 @@ static int UriTestSig25(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -2977,7 +2952,6 @@ static int UriTestSig26(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -3071,7 +3045,6 @@ static int UriTestSig27(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -3197,7 +3170,6 @@ static int UriTestSig28(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,
@ -3290,7 +3262,6 @@ static int UriTestSig29(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,
@ -3383,7 +3354,6 @@ static int UriTestSig30(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,
@ -3476,7 +3446,6 @@ static int UriTestSig31(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,
@ -3569,7 +3538,6 @@ static int UriTestSig32(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,
@ -3662,7 +3630,6 @@ static int UriTestSig33(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -3753,7 +3720,6 @@ static int UriTestSig34(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -3844,7 +3810,6 @@ static int UriTestSig35(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -3935,7 +3900,6 @@ static int UriTestSig36(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -4026,7 +3990,6 @@ static int UriTestSig37(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
@ -4117,7 +4080,6 @@ static int UriTestSig38(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "

3
src/detect-engine.c
Unescape Escape View File

@ -1068,11 +1068,10 @@ static uint8_t DetectEngineCtxLoadConf(DetectEngineCtx *de_ctx)
if (sgh_mpm_context == NULL || strcmp(sgh_mpm_context, "auto") == 0) {
/* for now, since we still haven't implemented any intelligence into
* understanding the patterns and distributing mpm_ctx across sgh */
if (de_ctx->mpm_matcher == DEFAULT_MPM || de_ctx->mpm_matcher == MPM_AC_GFBS ||
if (de_ctx->mpm_matcher == DEFAULT_MPM || de_ctx->mpm_matcher == MPM_AC_TILE ||
#ifdef BUILD_HYPERSCAN
de_ctx->mpm_matcher == MPM_HS ||
#endif
de_ctx->mpm_matcher == MPM_AC_TILE ||
#ifdef __SC_CUDA_SUPPORT__
de_ctx->mpm_matcher == MPM_AC_BS || de_ctx->mpm_matcher == MPM_AC_CUDA) {
#else

1
src/detect-fast-pattern.c
Unescape Escape View File

@ -1038,7 +1038,6 @@ int DetectFastPatternTest14(void)
FlowInitConfig(FLOW_QUIET);
de_ctx->mpm_matcher = MPM_B3G;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "

2
src/detect-parse.c
Unescape Escape View File

@ -2987,7 +2987,6 @@ int SigTestBidirec04 (void)
with source 192.168.1.1 80, all the sids should match */
SigGroupBuild(de_ctx);
//PatternMatchPrepare(mpm_ctx, MPM_B2G);
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
/* only sid 2 should match with a packet going to 192.168.1.1 port 80 */
@ -3000,7 +2999,6 @@ int SigTestBidirec04 (void)
PACKET_RECYCLE(p);
}
FlowShutdown();
//PatternMatchDestroy(mpm_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
end:

58
src/detect-pcre.c
Unescape Escape View File

@ -1698,7 +1698,7 @@ static int DetectPcreParseTest27(void)
return result;
}
static int DetectPcreTestSig01Real(int mpm_type)
static int DetectPcreTestSig01(void)
{
uint8_t *buf = (uint8_t *)
"GET /one/ HTTP/1.1\r\n"
@ -1739,7 +1739,6 @@ static int DetectPcreTestSig01Real(int mpm_type)
goto end;
}
de_ctx->mpm_matcher = mpm_type;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP TEST\"; pcre:\"/^gEt/i\"; pcre:\"/\\/two\\//U; pcre:\"/GET \\/two\\//\"; pcre:\"/\\s+HTTP/R\"; sid:1;)");
@ -1781,20 +1780,8 @@ end:
UTHFreePackets(&p, 1);
return result;
}
static int DetectPcreTestSig01B2g (void)
{
return DetectPcreTestSig01Real(MPM_B2G);
}
static int DetectPcreTestSig01B3g (void)
{
return DetectPcreTestSig01Real(MPM_B3G);
}
static int DetectPcreTestSig01Wm (void)
{
return DetectPcreTestSig01Real(MPM_WUMANBER);
}
static int DetectPcreTestSig02Real(int mpm_type)
static int DetectPcreTestSig02(void)
{
uint8_t *buf = (uint8_t *)
"GET /one/ HTTP/1.1\r\n"
@ -1827,7 +1814,6 @@ static int DetectPcreTestSig02Real(int mpm_type)
goto end;
}
de_ctx->mpm_matcher = mpm_type;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP TEST\"; pcre:\"/two/O\"; sid:2;)");
@ -1854,23 +1840,11 @@ end:
UTHFreePackets(&p, 1);
return result;
}
static int DetectPcreTestSig02B2g (void)
{
return DetectPcreTestSig02Real(MPM_B2G);
}
static int DetectPcreTestSig02B3g (void)
{
return DetectPcreTestSig02Real(MPM_B3G);
}
static int DetectPcreTestSig02Wm (void)
{
return DetectPcreTestSig02Real(MPM_WUMANBER);
}
/**
* \test DetectPcreTestSig03Real negation test ! outside of "" this sig should not match
*/
static int DetectPcreTestSig03Real(int mpm_type)
static int DetectPcreTestSig03(void)
{
uint8_t *buf = (uint8_t *)
"GET /one/ HTTP/1.1\r\n"
@ -1895,7 +1869,6 @@ static int DetectPcreTestSig03Real(int mpm_type)
goto end;
}
de_ctx->mpm_matcher = mpm_type;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"HTTP TEST\"; content:\"GET\"; pcre:!\"/two/\"; sid:1;)");
@ -1922,19 +1895,6 @@ end:
return result;
}
static int DetectPcreTestSig03B2g (void)
{
return DetectPcreTestSig03Real(MPM_B2G);
}
static int DetectPcreTestSig03B3g (void)
{
return DetectPcreTestSig03Real(MPM_B3G);
}
static int DetectPcreTestSig03Wm (void)
{
return DetectPcreTestSig03Real(MPM_WUMANBER);
}
/**
* \test Check the signature with pcre modifier P (match with L7 to http body data)
*/
@ -4161,15 +4121,9 @@ void DetectPcreRegisterTests(void)
UtRegisterTest("DetectPcreParseTest26", DetectPcreParseTest26, 1);
UtRegisterTest("DetectPcreParseTest27", DetectPcreParseTest27, 1);
UtRegisterTest("DetectPcreTestSig01B2g -- pcre test", DetectPcreTestSig01B2g, 1);
UtRegisterTest("DetectPcreTestSig01B3g -- pcre test", DetectPcreTestSig01B3g, 1);
UtRegisterTest("DetectPcreTestSig01Wm -- pcre test", DetectPcreTestSig01Wm, 1);
UtRegisterTest("DetectPcreTestSig02B2g -- pcre test", DetectPcreTestSig02B2g, 1);
UtRegisterTest("DetectPcreTestSig02B3g -- pcre test", DetectPcreTestSig02B3g, 1);
UtRegisterTest("DetectPcreTestSig02Wm -- pcre test", DetectPcreTestSig02Wm, 1);
UtRegisterTest("DetectPcreTestSig03B2g -- negated pcre test", DetectPcreTestSig03B2g, 1);
UtRegisterTest("DetectPcreTestSig03B3g -- negated pcre test", DetectPcreTestSig03B3g, 1);
UtRegisterTest("DetectPcreTestSig03Wm -- negated pcre test", DetectPcreTestSig03Wm, 1);
UtRegisterTest("DetectPcreTestSig01 -- pcre test", DetectPcreTestSig01, 1);
UtRegisterTest("DetectPcreTestSig02 -- pcre test", DetectPcreTestSig02, 1);
UtRegisterTest("DetectPcreTestSig03 -- negated pcre test", DetectPcreTestSig03, 1);
UtRegisterTest("DetectPcreModifPTest04 -- Modifier P", DetectPcreModifPTest04, 1);
UtRegisterTest("DetectPcreModifPTest05 -- Modifier P fragmented", DetectPcreModifPTest05, 1);

31
src/detect-sameip.c
Unescape Escape View File

@ -119,7 +119,7 @@ error:
* \internal
* \brief This test tests sameip success and failure.
*/
static int DetectSameipSigTest01Real(int mpm_type)
static int DetectSameipSigTest01(void)
{
uint8_t *buf = (uint8_t *)
"GET / HTTP/1.0\r\n"
@ -144,7 +144,6 @@ static int DetectSameipSigTest01Real(int mpm_type)
goto end;
}
de_ctx->mpm_matcher = mpm_type;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,
@ -182,30 +181,6 @@ end:
return result;
}
/**
* \test DetectSameipSigTest01B2g tests sameip under B2g MPM
*/
static int DetectSameipSigTest01B2g(void)
{
return DetectSameipSigTest01Real(MPM_B2G);
}
/**
* \test DetectSameipSigTest01B2g tests sameip under B3g MPM
*/
static int DetectSameipSigTest01B3g(void)
{
return DetectSameipSigTest01Real(MPM_B3G);
}
/**
* \test DetectSameipSigTest01B2g tests sameip under WuManber MPM
*/
static int DetectSameipSigTest01Wm(void)
{
return DetectSameipSigTest01Real(MPM_WUMANBER);
}
#endif /* UNITTESTS */
/**
@ -215,8 +190,6 @@ static int DetectSameipSigTest01Wm(void)
static void DetectSameipRegisterTests(void)
{
#ifdef UNITTESTS
UtRegisterTest("DetectSameipSigTest01B2g", DetectSameipSigTest01B2g, 1);
UtRegisterTest("DetectSameipSigTest01B3g", DetectSameipSigTest01B3g, 1);
UtRegisterTest("DetectSameipSigTest01Wm", DetectSameipSigTest01Wm, 1);
UtRegisterTest("DetectSameipSigTest01", DetectSameipSigTest01, 1);
#endif /* UNITTESTS */
}

5
src/detect-uricontent.c
Unescape Escape View File

@ -635,7 +635,6 @@ static int DetectUriSigTest02(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:"
@ -751,7 +750,6 @@ static int DetectUriSigTest03(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:"
@ -1106,7 +1104,6 @@ static int DetectUriSigTest05(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:"
@ -1235,7 +1232,6 @@ static int DetectUriSigTest06(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:"
@ -1358,7 +1354,6 @@ static int DetectUriSigTest07(void)
if (de_ctx == NULL) {
goto end;
}
de_ctx->mpm_matcher = MPM_B2G;
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:"

777
src/detect.c
View File

File diff suppressed because it is too large Load Diff

2722
src/util-mpm-ac-gfbs.c
View File

File diff suppressed because it is too large Load Diff

110
src/util-mpm-ac-gfbs.h
Unescape Escape View File

@ -1,110 +0,0 @@
/* Copyright (C) 2007-2014 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
* Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
/**
* \file
*
* \author Anoop Saldanha <anoopsaldanha@gmail.com>
*
*/
#define SC_AC_GFBS_STATE_TYPE_U16 uint16_t
#define SC_AC_GFBS_STATE_TYPE_U32 uint32_t
typedef struct SCACGfbsPattern_ {
/* length of the pattern */
uint16_t len;
/* flags decribing the pattern */
uint8_t flags;
/* holds the original pattern that was added */
uint8_t *original_pat;
/* case sensitive */
uint8_t *cs;
/* case INsensitive */
uint8_t *ci;
/* pattern id */
uint32_t id;
/* sid(s) for this pattern */
uint32_t sids_size;
SigIntId *sids;
struct SCACGfbsPattern_ *next;
} SCACGfbsPattern;
typedef struct SCACGfbsPatternList_ {
uint8_t *cs;
uint16_t patlen;
/* sid(s) for this pattern */
uint32_t sids_size;
SigIntId *sids;
} SCACGfbsPatternList;
typedef struct SCACGfbsOutputTable_ {
/* list of pattern sids */
uint32_t *pids;
/* no of entries we have in pids */
uint32_t no_of_entries;
} SCACGfbsOutputTable;
typedef struct SCACGfbsGotoTableMod_ {
/* each of these below declarations will be of type uint32_t, if the state
* count exceeds 65535, the maximum value a 16 bit unsigned var can hold */
/* no of entries stored below */
uint16_t no_of_entries;
/* the ascii codes over which we have state transitions */
uint16_t *ascii_codes;
/* the states that correspond to the ascii_codes above */
uint16_t *states;
} SCACGfbsGotoTableMod_;
typedef struct SCACGfbsCtx_ {
/* hash used during ctx initialization */
SCACGfbsPattern **init_hash;
/* pattern arrays. We need this only during the goto table creation phase */
SCACGfbsPattern **parray;
/* no of states used by ac */
int32_t state_count;
/* the modified goto_table */
uint8_t *goto_table_mod;
uint8_t **goto_table_mod_pointers;
/* goto_table, failure table and output table. Needed to create state_table.
* Will be freed, once we have created the goto_table_mod */
int32_t (*goto_table)[256];
int32_t *failure_table;
SCACGfbsOutputTable *output_table;
SCACGfbsPatternList *pid_pat_list;
/* the size of each state */
uint16_t single_state_size;
uint32_t max_pat_id;
} SCACGfbsCtx;
typedef struct SCACGfbsThreadCtx_ {
/* the total calls we make to the search function */
uint32_t total_calls;
/* the total patterns that we ended up matching against */
uint64_t total_matches;
} SCACGfbsThreadCtx;
void MpmACGfbsRegister(void);

2832
src/util-mpm-b2g.c
View File

File diff suppressed because it is too large Load Diff

127
src/util-mpm-b2g.h
Unescape Escape View File

@ -1,127 +0,0 @@
/* Copyright (C) 2007-2010 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
* Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
/**
* \file
*
* \author Victor Julien <victor@inliniac.net>
*/
#ifndef __UTIL_MPM_B2G_H__
#define __UTIL_MPM_B2G_H__
#include "util-mpm.h"
#include "util-bloomfilter.h"
#define B2G_HASHSHIFT_MAX 8
#define B2G_HASHSHIFT_HIGHER 7
#define B2G_HASHSHIFT_HIGH 6
#define B2G_HASHSHIFT_MEDIUM 5
#define B2G_HASHSHIFT_LOW 4
#define B2G_HASHSHIFT_LOWEST 3
//#define B2G_TYPE uint64_t
#define B2G_TYPE uint32_t
//#define B2G_TYPE uint16_t
//#define B2G_TYPE uint8_t
//#define B2G_WORD_SIZE 64
#define B2G_WORD_SIZE 32
//#define B2G_WORD_SIZE 16
//#define B2G_WORD_SIZE 8
#define B2G_Q 2
#define B2G_SEARCHFUNC B2gSearchBNDMq
//#define B2G_SEARCHFUNC B2gSearch
//#define B2G_SEARCH2
//#define B2G_COUNTERS
typedef struct B2gPattern_ {
uint16_t len; /**< \todo we're limited to 32/64 byte lengths, uint8_t would be fine here */
uint8_t flags;
uint8_t pad0;
uint32_t id;
uint8_t *original_pat;
uint8_t *ci; /* case INsensitive */
uint8_t *cs; /* case sensitive */
/* sid(s) for this pattern */
uint32_t sids_size;
SigIntId *sids;
struct B2gPattern_ *next;
} B2gPattern;
typedef struct B2gCtx_ {
B2G_TYPE *B2G;
B2G_TYPE m;
BloomFilter **bloom;
uint8_t *pminlen; /* array containing the minimal length
of the patters in a hash bucket. Used
for the BloomFilter. */
/* pattern arrays */
B2gPattern **parray;
uint16_t pat_1_cnt;
#ifdef B2G_SEARCH2
uint16_t pat_2_cnt;
#endif
uint16_t pat_x_cnt;
uint32_t hash_size;
B2gPattern **hash;
B2gPattern hash1[256];
#ifdef B2G_SEARCH2
B2gHashItem **hash2;
#endif
/* hash used during ctx initialization */
B2gPattern **init_hash;
uint8_t s0;
/* we store our own multi byte search func ptr here for B2gSearch1 */
uint32_t (*Search)(struct MpmCtx_ *, struct MpmThreadCtx_ *, PatternMatcherQueue *, uint8_t *, uint16_t);
/* we store our own multi byte search func ptr here for B2gSearch1 */
uint32_t (*MBSearch2)(struct MpmCtx_ *, struct MpmThreadCtx_ *, PatternMatcherQueue *, uint8_t *, uint16_t);
uint32_t (*MBSearch)(struct MpmCtx_ *, struct MpmThreadCtx_ *, PatternMatcherQueue *, uint8_t *, uint16_t);
} B2gCtx;
typedef struct B2gThreadCtx_ {
#ifdef B2G_COUNTERS
uint32_t stat_pminlen_calls;
uint32_t stat_pminlen_total;
uint32_t stat_bloom_calls;
uint32_t stat_bloom_hits;
uint32_t stat_calls;
uint32_t stat_m_total;
uint32_t stat_d0;
uint32_t stat_d0_hashloop;
uint32_t stat_loop_match;
uint32_t stat_loop_no_match;
uint32_t stat_num_shift;
uint32_t stat_total_shift;
#endif /* B2G_COUNTERS */
} B2gThreadCtx;
void MpmB2gRegister(void);
#endif

1807
src/util-mpm-b3g.c
View File

File diff suppressed because it is too large Load Diff

130
src/util-mpm-b3g.h
Unescape Escape View File

@ -1,130 +0,0 @@
/* Copyright (C) 2007-2010 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
* Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
/**
* \file
*
* \author Victor Julien <victor@inliniac.net>
*/
#ifndef __UTIL_MPM_B3G_H__
#define __UTIL_MPM_B3G_H__
#include "util-mpm.h"
#include "util-bloomfilter.h"
#define B3G_HASHSHIFT_MAX 8
#define B3G_HASHSHIFT_MAX2 5
#define B3G_HASHSHIFT_HIGHER 7
#define B3G_HASHSHIFT_HIGHER2 4
#define B3G_HASHSHIFT_HIGH 6
#define B3G_HASHSHIFT_HIGH2 3
#define B3G_HASHSHIFT_MEDIUM 5
#define B3G_HASHSHIFT_MEDIUM2 2
#define B3G_HASHSHIFT_LOW 4
#define B3G_HASHSHIFT_LOW2 1
#define B3G_HASHSHIFT_LOWEST 3
#define B3G_HASHSHIFT_LOWEST2 1
#define B3G_TYPE uint32_t
//#define B3G_TYPE uint16_t
//#define B3G_TYPE uint8_t
//#define B3G_WORD_SIZE 16
//#define B3G_WORD_SIZE 8
#define B3G_WORD_SIZE 32
#define B3G_Q 3
//#define B3G_SEARCHFUNC B3gSearch
#define B3G_SEARCHFUNC B3gSearchBNDMq
//#define B3G_COUNTERS
typedef struct B3gPattern_ {
uint8_t *cs; /* case sensitive */
uint8_t *ci; /* case INsensitive */
uint16_t len;
uint8_t flags;
uint32_t id;
/* sid(s) for this pattern */
uint32_t sids_size;
SigIntId *sids;
struct B3gPattern_ *next;
} B3gPattern;
typedef struct B3gHashItem_ {
uint8_t flags;
uint16_t idx;
struct B3gHashItem_ *nxt;
} B3gHashItem;
typedef struct B3gCtx_ {
/* hash used during ctx initialization */
B3gPattern **init_hash;
B3G_TYPE m;
B3G_TYPE *B3G;
uint8_t s0;
uint16_t pat_1_cnt;
uint16_t pat_2_cnt;
uint16_t pat_x_cnt;
uint32_t hash_size;
B3gHashItem **hash;
BloomFilter **bloom;
uint8_t *pminlen; /* array containing the minimal length
of the patters in a hash bucket. Used
for the BloomFilter. */
B3gHashItem hash1[256];
B3gHashItem **hash2;
uint32_t (*Search)(struct MpmCtx_ *, struct MpmThreadCtx_ *, PatternMatcherQueue *, uint8_t *, uint16_t);
/* we store our own multi byte search func ptr here for B3gSearch1 */
uint32_t (*MBSearch2)(struct MpmCtx_ *, struct MpmThreadCtx_ *, PatternMatcherQueue *, uint8_t *, uint16_t);
uint32_t (*MBSearch)(struct MpmCtx_ *, struct MpmThreadCtx_ *, PatternMatcherQueue *, uint8_t *, uint16_t);
/* pattern arrays */
B3gPattern **parray;
} B3gCtx;
typedef struct B3gThreadCtx_ {
#ifdef B3G_COUNTERS
uint32_t stat_pminlen_calls;
uint32_t stat_pminlen_total;
uint32_t stat_bloom_calls;
uint32_t stat_bloom_hits;
uint32_t stat_calls;
uint32_t stat_m_total;
uint32_t stat_d0;
uint32_t stat_d0_hashloop;
uint32_t stat_loop_match;
uint32_t stat_loop_no_match;
uint32_t stat_num_shift;
uint32_t stat_total_shift;
#endif /* B3G_COUNTERS */
} B3gThreadCtx;
void MpmB3gRegister(void);
#endif

3219
src/util-mpm-wumanber.c
View File

File diff suppressed because it is too large Load Diff

97
src/util-mpm-wumanber.h
Unescape Escape View File

@ -1,97 +0,0 @@
/* Copyright (C) 2007-2010 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
* Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
/**
* \file
*
* \author Victor Julien <victor@inliniac.net>
*/
#ifndef __UTIL_MPM_WUMANBER_H__
#define __UTIL_MPM_WUMANBER_H__
#include "util-mpm.h"
#include "util-bloomfilter.h"
//#define WUMANBER_COUNTERS
typedef struct WmPattern_ {
uint8_t *cs; /* case sensitive */
uint8_t *ci; /* case INsensitive */
uint16_t len;
struct WmPattern_ *next;
uint16_t prefix_ci;
uint16_t prefix_cs;
uint8_t flags;
uint32_t id; /* global pattern id */
/* sid(s) for this pattern */
uint32_t sids_size;
SigIntId *sids;
} WmPattern;
typedef struct WmHashItem_ {
uint8_t flags;
uint16_t idx;
struct WmHashItem_ *nxt;
} WmHashItem;
typedef struct WmCtx_ {
/* hash used during ctx initialization */
WmPattern **init_hash;
uint16_t shiftlen;
uint32_t hash_size;
WmHashItem **hash;
BloomFilter **bloom;
uint8_t *pminlen; /* array containing the minimal length
of the patters in a hash bucket. Used
for the BloomFilter. */
WmHashItem hash1[256];
/* we store our own search func ptr here for WmSearch1 */
uint32_t (*Search)(struct MpmCtx_ *, struct MpmThreadCtx_ *, PatternMatcherQueue *, uint8_t *, uint16_t);
/* we store our own multi byte search func ptr here for WmSearch1 */
uint32_t (*MBSearch)(struct MpmCtx_ *, struct MpmThreadCtx_ *, PatternMatcherQueue *, uint8_t *, uint16_t);
/* pattern arrays */
WmPattern **parray;
/* only used for multibyte pattern search */
uint16_t *shifttable;
} WmCtx;
typedef struct WmThreadCtx_ {
#ifdef WUMANBER_COUNTERS
uint32_t stat_pminlen_calls;
uint32_t stat_pminlen_total;
uint32_t stat_bloom_calls;
uint32_t stat_bloom_hits;
uint32_t stat_shift_null;
uint32_t stat_loop_match;
uint32_t stat_loop_no_match;
uint32_t stat_num_shift;
uint32_t stat_total_shift;
#endif /* WUMANBER_COUNTERS */
} WmThreadCtx;
void MpmWuManberRegister(void);
#endif /* __UTIL_MPM_WUMANBER_H__ */

101
src/util-mpm.c
Unescape Escape View File

@ -28,11 +28,7 @@
#include "util-debug.h"
/* include pattern matchers */
#include "util-mpm-wumanber.h"
#include "util-mpm-b2g.h"
#include "util-mpm-b3g.h"
#include "util-mpm-ac.h"
#include "util-mpm-ac-gfbs.h"
#include "util-mpm-ac-bs.h"
#include "util-mpm-ac-tile.h"
#include "util-mpm-hs.h"
@ -536,43 +532,6 @@ MpmAddPidResize(PatternMatcherQueue *pmq, uint32_t new_size)
return new_size;
}
/** \brief Verify and store a match
*
* used at search runtime
*
* \param thread_ctx mpm thread ctx
* \param pmq storage for match results
* \param patid pattern ID being checked
* \param bitarray Array of bits for patterns IDs found in current search
* \param sids pointer to array of Signature IDs
* \param sids_size number of Signature IDs in sids array.
*
* \retval 0 no match after all
* \retval 1 (new) match
*/
int
MpmVerifyMatch(MpmThreadCtx *thread_ctx, PatternMatcherQueue *pmq, uint32_t patid,
uint8_t *bitarray, SigIntId *sids, uint32_t sids_size)
{
SCEnter();
/* Handle pattern id storage */
if (pmq != NULL && pmq->pattern_id_bitarray != NULL) {
SCLogDebug("using pattern id arrays, storing %"PRIu32, patid);
if ((bitarray[(patid / 8)] & (1<<(patid % 8))) == 0) {
bitarray[(patid / 8)] |= (1<<(patid % 8));
/* flag this pattern id as being added now */
pmq->pattern_id_bitarray[(patid / 8)] |= (1<<(patid % 8));
/* append the pattern_id to the array with matches */
MpmAddPid(pmq, patid);
MpmAddSids(pmq, sids, sids_size);
}
}
SCReturnInt(1);
}
/**
* \brief Merge two pmq's bitarrays
*
@ -668,12 +627,8 @@ void MpmTableSetup(void)
{
memset(mpm_table, 0, sizeof(mpm_table));
MpmWuManberRegister();
MpmB2gRegister();
MpmB3gRegister();
MpmACRegister();
MpmACBSRegister();
MpmACGfbsRegister();
MpmACTileRegister();
#ifdef BUILD_HYPERSCAN
MpmHSRegister();
@ -683,62 +638,6 @@ void MpmTableSetup(void)
#endif /* __SC_CUDA_SUPPORT__ */
}
/** \brief Function to return the default hash size for the mpm algorithm,
* which has been defined by the user in the config file
*
* \param conf_val pointer to the string value of hash size
* \retval hash_value returns the hash value as defined by user, otherwise
* default low size value
*/
uint32_t MpmGetHashSize(const char *conf_val)
{
SCEnter();
uint32_t hash_value = HASHSIZE_LOW;
if(strcmp(conf_val, "lowest") == 0) {
hash_value = HASHSIZE_LOWEST;
} else if(strcmp(conf_val, "low") == 0) {
hash_value = HASHSIZE_LOW;
} else if(strcmp(conf_val, "medium") == 0) {
hash_value = HASHSIZE_MEDIUM;
} else if(strcmp(conf_val, "high") == 0) {
hash_value = HASHSIZE_HIGH;
/* "highest" is supported in 1.0 to 1.0.2, so we keep supporting
* it for backwards compatibility */
} else if(strcmp(conf_val, "highest") == 0) {
hash_value = HASHSIZE_HIGHER;
} else if(strcmp(conf_val, "higher") == 0) {
hash_value = HASHSIZE_HIGHER;
} else if(strcmp(conf_val, "max") == 0) {
hash_value = HASHSIZE_MAX;
}
SCReturnInt(hash_value);
}
/** \brief Function to return the default bloomfilter size for the mpm algorithm,
* which has been defined by the user in the config file
*
* \param conf_val pointer to the string value of bloom filter size
* \retval bloom_value returns the bloom filter value as defined by user,
* otherwise default medium size value
*/
uint32_t MpmGetBloomSize(const char *conf_val)
{
SCEnter();
uint32_t bloom_value = BLOOMSIZE_MEDIUM;
if(strncmp(conf_val, "low", 3) == 0) {
bloom_value = BLOOMSIZE_LOW;
} else if(strncmp(conf_val, "medium", 6) == 0) {
bloom_value = BLOOMSIZE_MEDIUM;
} else if(strncmp(conf_val, "high", 4) == 0) {
bloom_value = BLOOMSIZE_HIGH;
}
SCReturnInt(bloom_value);
}
int MpmAddPatternCS(struct MpmCtx_ *mpm_ctx, uint8_t *pat, uint16_t patlen,
uint16_t offset, uint16_t depth,
uint32_t pid, SigIntId sid, uint8_t flags)

41
src/util-mpm.h
Unescape Escape View File

@ -25,51 +25,14 @@
#define __UTIL_MPM_H__
#include "suricata-common.h"
#define MPM_ENDMATCH_SINGLE 0x01 /**< A single match is sufficient. No
depth, offset, etc settings. */
#define MPM_ENDMATCH_OFFSET 0x02 /**< has offset setting */
#define MPM_ENDMATCH_DEPTH 0x04 /**< has depth setting */
#define MPM_ENDMATCH_NOSEARCH 0x08 /**< if this matches, no search is
required (for this pattern) */
#define HASHSIZE_LOWEST 2048 /**< Lowest hash size for the multi
pattern matcher algorithms */
#define HASHSIZE_LOW 4096 /**< Low hash size for the multi
pattern matcher algorithms */
#define HASHSIZE_MEDIUM 8192 /**< Medium hash size for the multi
pattern matcher algorithms */
#define HASHSIZE_HIGH 16384 /**< High hash size for the multi
pattern matcher algorithms */
#define HASHSIZE_HIGHER 32768 /**< Higher hash size for the multi
pattern matcher algorithms */
#define HASHSIZE_MAX 65536 /**< Max hash size for the multi
pattern matcher algorithms */
#define BLOOMSIZE_LOW 512 /*<* Low bloomfilter size for the multi
pattern matcher algorithms */
#define BLOOMSIZE_MEDIUM 1024 /**< Medium bloomfilter size for the multi
pattern matcher algorithms */
#define BLOOMSIZE_HIGH 2048 /**< High bloomfilter size for the multi
pattern matcher algorithms */
enum {
MPM_NOTSET = 0,
/* wumanber as the name suggests */
MPM_WUMANBER,
/* bndmq 2 gram */
MPM_B2G,
/* bndmq 3 gram */
MPM_B3G,
MPM_B2GC,
MPM_B2GM,
/* aho-corasick */
MPM_AC,
#ifdef __SC_CUDA_SUPPORT__
MPM_AC_CUDA,
#endif
/* aho-corasick-goto-failure state based */
MPM_AC_GFBS,
MPM_AC_BS,
MPM_AC_TILE,
MPM_HS,
@ -256,12 +219,8 @@ void PmqFree(PatternMatcherQueue *);
void MpmTableSetup(void);
void MpmRegisterTests(void);
int MpmVerifyMatch(MpmThreadCtx *thread_ctx, PatternMatcherQueue *pmq, uint32_t patid,
uint8_t *bitarray, SigIntId *sids, uint32_t sids_size);
void MpmInitCtx(MpmCtx *mpm_ctx, uint16_t matcher);
void MpmInitThreadCtx(MpmThreadCtx *mpm_thread_ctx, uint16_t, uint32_t);
uint32_t MpmGetHashSize(const char *);
uint32_t MpmGetBloomSize(const char *);
int MpmAddPatternCS(struct MpmCtx_ *mpm_ctx, uint8_t *pat, uint16_t patlen,
uint16_t offset, uint16_t depth,

29
suricata.yaml.in
Unescape Escape View File

@ -711,35 +711,6 @@ cuda:
mpm-algo: ac
# The memory settings for hash size of these algorithms can vary from lowest
# (2048) - low (4096) - medium (8192) - high (16384) - higher (32768) - max
# (65536). The bloomfilter sizes of these algorithms can vary from low (512) -
# medium (1024) - high (2048).
#
# For B2g/B3g algorithms, there is a support for two different scan/search
# algorithms. For B2g the scan algorithms are B2gScan & B2gScanBNDMq, and
# search algorithms are B2gSearch & B2gSearchBNDMq. For B3g scan algorithms
# are B3gScan & B3gScanBNDMq, and search algorithms are B3gSearch &
# B3gSearchBNDMq.
#
# For B2g the different scan/search algorithms and, hash and bloom
# filter size settings. For B3g the different scan/search algorithms and, hash
# and bloom filter size settings. For wumanber the hash and bloom filter size
# settings.
pattern-matcher:
- b2g:
search-algo: B2gSearchBNDMq
hash-size: low
bf-size: medium
- b3g:
search-algo: B3gSearchBNDMq
hash-size: low
bf-size: medium
- wumanber:
hash-size: low
bf-size: medium
# Defrag settings:
defrag:

Write Preview
Loading…
Cancel
Save