aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

modifications to PatternMatchPreprarePopulateMpm to fasten fast_pattern processing

Browse Source
remotes/origin/master-1.0.x
Anoop Saldanha 16 years ago committed by Victor Julien
parent bb5bd91045
commit 8c9df4cd6b
1 changed files with 29 additions and 5 deletions
Show Stats Download Patch File Download Diff File

34
src/detect-engine-mpm.c
Unescape Escape View File

@ -273,23 +273,47 @@ static int PatternMatchPreprarePopulateMpm(DetectEngineCtx *de_ctx, SigGroupHead
if (co == NULL) if (co == NULL)
continue; continue;
if (co->flags & DETECT_CONTENT_FAST_PATTERN) if (co->flags & DETECT_CONTENT_FAST_PATTERN) {
fast_pattern = 1; fast_pattern = 1;
ContentHash *ch = ContentHashAlloc(co);
if (ch == NULL)
goto error;
ContentHash *lookup_ch = (ContentHash *)HashTableLookup(ht, ch, 0);
if (lookup_ch == NULL) {
if (HashTableAdd(ht, ch, 0) < 0)
printf("Add hash failed\n");
} else {
/* only set the nosearch flag if all sigs have it
* as their sole pattern */
if (ch->nosearch == 0)
lookup_ch->nosearch = 0;
lookup_ch->cnt++;
ContentHashFree(ch);
}
}
cnt++; cnt++;
} }
} }
if (fast_pattern == 1) {
if (cnt == 1) {
ContentHash *ch = ContentHashAlloc(s->match->ctx);
ch->nosearch = 1;
ch->use = 1;
}
break;
}
for (sm = s->match; sm != NULL; sm = sm->next) { for (sm = s->match; sm != NULL; sm = sm->next) {
if (sm->type == DETECT_CONTENT) { if (sm->type == DETECT_CONTENT) {
DetectContentData *co = (DetectContentData *)sm->ctx; DetectContentData *co = (DetectContentData *)sm->ctx;
if (co == NULL) if (co == NULL)
continue; continue;
if (fast_pattern == 1) { if (co->content_len < sgh->mpm_content_maxlen) {
if (!(co->flags & DETECT_CONTENT_FAST_PATTERN))
continue;
} else if (co->content_len < sgh->mpm_content_maxlen) {
continue; continue;
} }

Write Preview
Loading…
Cancel
Save