From 86185ecd970e666ce041cce64cd2fc952b92f994 Mon Sep 17 00:00:00 2001
From: Pablo Rincon <pablo.rincon.crespo@gmail.com>
Date: Thu, 15 Apr 2010 11:06:23 +0200
Subject: [PATCH] Enable spm inspection with precooked pattern contexts on
 content, uricontent and http_client_body (we will also add this to
 http_header when it gets commited)

---
 src/detect-content.h          |  4 +++-
 src/detect-engine-uri.c       |  6 +++---
 src/detect-http-client-body.c | 11 +++++++----
 src/detect-http-client-body.h |  3 +++
 src/detect-uricontent.c       |  4 ++++
 src/detect-uricontent.h       |  5 +++++
 6 files changed, 25 insertions(+), 8 deletions(-)

diff --git a/src/detect-content.h b/src/detect-content.h
index 9be134fc4e..e5d21732a3 100644
--- a/src/detect-content.h
+++ b/src/detect-content.h
@@ -29,7 +29,6 @@ typedef struct DetectContentData_ {
 
     uint32_t id;        /**< unique pattern id */
 
-    BmCtx *bm_ctx;
     uint16_t depth;
     uint16_t offset;
     /** distance from the last match this match should start.
@@ -37,6 +36,9 @@ typedef struct DetectContentData_ {
     int32_t distance;
     int32_t within;
     uint8_t flags;
+
+    BmCtx *bm_ctx;     /**< Boyer Moore context (for spm search) */
+
 } DetectContentData;
 
 /* prototypes */
diff --git a/src/detect-engine-uri.c b/src/detect-engine-uri.c
index 59102b5211..b0e01d6f4d 100644
--- a/src/detect-engine-uri.c
+++ b/src/detect-engine-uri.c
@@ -161,11 +161,11 @@ static inline int DoInspectPacketUris(DetectEngineCtx *de_ctx,
             //PrintRawDataFp(stdout,ud->uricontent,ud->uricontent_len);
             //PrintRawDataFp(stdout,spayload,spayload_len);
 
-            /* do the actual search */
+            /* do the actual search with boyer moore precooked ctx */
             if (ud->flags & DETECT_URICONTENT_NOCASE)
-                found = SpmNocaseSearch(spayload, spayload_len, ud->uricontent, ud->uricontent_len);
+                found = BoyerMooreNocase(ud->uricontent, ud->uricontent_len, spayload, spayload_len, ud->bm_ctx->bmGs, ud->bm_ctx->bmBc);
             else
-                found = SpmSearch(spayload, spayload_len, ud->uricontent, ud->uricontent_len);
+                found = BoyerMoore(ud->uricontent, ud->uricontent_len, spayload, spayload_len, ud->bm_ctx->bmGs, ud->bm_ctx->bmBc);
 
             /* next we evaluate the result in combination with the
              * negation flag. */
diff --git a/src/detect-http-client-body.c b/src/detect-http-client-body.c
index 1191bb878c..a5c51644bc 100644
--- a/src/detect-http-client-body.c
+++ b/src/detect-http-client-body.c
@@ -114,12 +114,14 @@ int DetectHttpClientBodyMatch(ThreadVars *t, DetectEngineThreadCtx *det_ctx,
         }
         /* call the case insensitive version if nocase has been specified in the sig */
         if (hcbd->flags & DETECT_AL_HTTP_CLIENT_BODY_NOCASE) {
-            result = (SpmNocaseSearch(chunks_buffer, total_chunks_len,
-                                      hcbd->content, hcbd->content_len) != NULL);
+            result = (BoyerMooreNocase(hcbd->content, hcbd->content_len, chunks_buffer,
+                                       total_chunks_len, hcbd->bm_ctx->bmGs,
+                                       hcbd->bm_ctx->bmBc) != NULL);
         /* call the case sensitive version if nocase has been specified in the sig */
         } else {
-            result = (SpmSearch(chunks_buffer, total_chunks_len,
-                                hcbd->content, hcbd->content_len) != NULL);
+            result = (BoyerMoore(hcbd->content, hcbd->content_len, chunks_buffer,
+                                       total_chunks_len, hcbd->bm_ctx->bmGs,
+                                       hcbd->bm_ctx->bmBc) != NULL);
         }
         SCFree(chunks_buffer);
     }
@@ -202,6 +204,7 @@ int DetectHttpClientBodySetup(DetectEngineCtx *de_ctx, Signature *s, char *arg)
         DETECT_AL_HTTP_CLIENT_BODY_NOCASE : 0;
     hcbd->flags |= (((DetectContentData *)sm->ctx)->flags & DETECT_CONTENT_NEGATED) ?
         DETECT_AL_HTTP_CLIENT_BODY_NEGATED : 0;
+    hcbd->bm_ctx = ((DetectContentData *)sm->ctx)->bm_ctx;
 
     nm = SigMatchAlloc();
     if (nm == NULL) {
diff --git a/src/detect-http-client-body.h b/src/detect-http-client-body.h
index 4465f28538..7203174e8f 100644
--- a/src/detect-http-client-body.h
+++ b/src/detect-http-client-body.h
@@ -10,10 +10,13 @@
 #define DETECT_AL_HTTP_CLIENT_BODY_NOCASE   0x01
 #define DETECT_AL_HTTP_CLIENT_BODY_NEGATED  0x02
 
+#include "util-spm-bm.h"
+
 typedef struct DetectHttpClientBodyData_ {
     uint8_t *content;
     uint8_t content_len;
     uint8_t flags;
+    BmCtx *bm_ctx;
 } DetectHttpClientBodyData;
 
 void DetectHttpClientBodyRegister(void);
diff --git a/src/detect-uricontent.c b/src/detect-uricontent.c
index 1694361bb9..fb9118e834 100644
--- a/src/detect-uricontent.c
+++ b/src/detect-uricontent.c
@@ -35,6 +35,7 @@
 #include "util-unittest.h"
 #include "util-binsearch.h"
 #include "util-spm.h"
+#include "util-spm-bm.h"
 
 /* prototypes */
 static int DetectUricontentSetup (DetectEngineCtx *, Signature *, char *);
@@ -264,6 +265,9 @@ DetectUricontentData *DoDetectUricontentSetup (char * contentstr)
     cd->distance = 0;
     cd->flags = 0;
 
+    /* Prepare Boyer Moore context for searching faster */
+    cd->bm_ctx = BoyerMooreCtxInit(cd->uricontent, cd->uricontent_len);
+
     SCFree(str);
     return cd;
 
diff --git a/src/detect-uricontent.h b/src/detect-uricontent.h
index 2904e7d401..372e761ff5 100644
--- a/src/detect-uricontent.h
+++ b/src/detect-uricontent.h
@@ -18,6 +18,8 @@
                                        (c)->depth > 0 || \
                                        (c)->within > 0))
 
+#include "util-spm-bm.h"
+
 typedef struct DetectUricontentData_ {
     uint8_t *uricontent;
     uint8_t uricontent_len;
@@ -28,6 +30,9 @@ typedef struct DetectUricontentData_ {
     int32_t distance;
     int32_t within;
     uint8_t flags;
+
+    BmCtx *bm_ctx;     /**< Boyer Moore context (for spm search) */
+
 } DetectUricontentData;
 
 /* prototypes */