aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c312d670d4'
${ noResults }
suricata/src/util-mpm.h

210 lines
6.3 KiB
C
Raw Normal View History Unescape Escape

Dynamically resize pmq->rule_id_array Rather than statically allocate 64K entries in every rule_id_array, increase the size only when needed. Created a new function MpmAddSids() to check the size before adding the new sids. If the array is not large enough, it calls MpmAddSidsResize() that calls realloc and does error checking. If the realloc fails, it prints an error and drops the new sids on the floor, which seems better than exiting Suricata. The size is increased to (current_size + new_count) * 2. This handles the case where new_count > current_size, which would not be handled by simply using current_size * 2. It should also be faster than simply reallocing to current_size + new_count, which would then require another realloc for each new addition.
11 years ago
/* Copyright (C) 2007-2014 Open Information Security Foundation
Import of GPLv2 Header 050410
16 years ago
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
* Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
/**
* \file
*
* \author Victor Julien <victor@inliniac.net>
*/
Initial add of the files.
17 years ago
src: make include guards more library friendly Include guards for libraries should use a prefix that is meaningful for the library to avoid conflicts with other user code. For Suricata, use SURICATA. Additionally, remove the pattern of leading and trailing underscores as these are reserved for the language implementation per the C and C++ standards.
1 year ago
#ifndef SURICATA_UTIL_MPM_H
#define SURICATA_UTIL_MPM_H
Initial add of the files.
17 years ago
mpm factory: include alproto In preparation of spliting out mpm's for keywords shared by multiple protocols, like file.data.
2 years ago
#include "app-layer-protos.h"
prefilter: rename PatternMatcherQueue datatype In preparation of the introduction of more general purpose prefilter engines, rename PatternMatcherQueue to PrefilterRuleStore. The new engines will fill this structure a similar way to the current mpm prefilters.
9 years ago
#include "util-prefilter.h"
mpm: unify & localize mpm pattern (id) handling So far, the patterns as passed to the mpm's would use global id's that were shared among all buffers, directions. This would lead to a fairly large pattern id space. As the mpm algo's use the pattern id's to prevent duplicate matching through a pattern id based bitarray, shrinking this space will optimize performance. This patch implements this. It sets a flag before adding the pattern to the mpm ctx, instructing the mpm to ignore the provided pid and handle pids management itself. This leads to a shrinking of the bitarray size. This is made possible by the previous work that removes the pid logic from the code. Next to this, this patch moves the pattern setup stage to common util functions. This avoids code duplication. Update ac, ac-bs and ac-ks to use this.
10 years ago
#define MPM_INIT_HASH_SIZE 65536
Initial add of the files.
17 years ago
enum {
- Fix pattern matchers b2g and b3g not being able to deal with a single pattern of the max pattern length (32 bytes by default). - Fix the setting of the correct pattern matcher when it was set in the detection ctx. - Add tests for the fixes.
16 years ago
MPM_NOTSET = 0,
aho-corasick for the cpu. We have 2 versions of ac. The first MPM_AC uses the delta table and the secone one MPM_AC_GFBS uses the goto-failure table
15 years ago
/* aho-corasick */
MPM_AC,
mpm: rename internal id for ac-tile to ac-ks
7 years ago
MPM_AC_KS,
mpm: add Hyperscan integration This adds an MPM implementation that uses the Hyperscan regex engine library from Intel, accessible as the "hs" mpm-algo.
10 years ago
MPM_HS,
Large detection engine update.
17 years ago
/* table size */
Initial add of the files.
17 years ago
MPM_TABLE_SIZE,
};
In AC-Tile, convert from using pids for indexing to pattern index Use an MPM specific pattern index, which is simply an index starting at zero and incremented for each pattern added to the MPM, rather than the externally provided Pattern ID (pid), since that can be much larger than the number of patterns. The Pattern ID is shared across at MPMs. For example, an MPM with one pattern with pid=8000 would result in a max_pid of 8000, so the pid_pat_list would have 8000 entries. The pid_pat_list[] is replaced by a array of pattern indexes. The PID is moved to the SCACTilePatternList as a single value. The PatternList is also indexed by the Pattern Index. max_pat_id is no longer needed and mpm_ctx->pattern_cnt is used instead. The local bitarray is then also indexed by pattern index instead of PID, making it much smaller. The local bit array sets a bit for each pattern found for this MPM. It is only kept during one MPM search (stack allocated). One note, the local bit array is checked first and if the pattern has already been found, it will stop checking, but count a match. This could result in over counting matches of case-sensitve matches, since following case-insensitive matches will also be counted. For example, finding "Foo" in "foo Foo foo" would report finding "Foo" 2 times, mis-counting the third word as "Foo".
11 years ago
/* Internal Pattern Index: 0 to pattern_cnt-1 */
typedef uint32_t MpmPatternIndex;
Rename all structure definitions in the "typedef struct _SomeStruct" format to "typedef struct SomeStruct_" to make the Doxygen output more useful. Remove the Trie multi pattern matcher code. It wasn't used anymore.
16 years ago
typedef struct MpmThreadCtx_ {
Initial add of the files.
17 years ago
void *ctx;
64 bit cleanup part2
16 years ago
uint32_t memory_cnt;
uint32_t memory_size;
Version 1 of AC Cuda.
13 years ago
Initial add of the files.
17 years ago
} MpmThreadCtx;
mpm: unify & localize mpm pattern (id) handling So far, the patterns as passed to the mpm's would use global id's that were shared among all buffers, directions. This would lead to a fairly large pattern id space. As the mpm algo's use the pattern id's to prevent duplicate matching through a pattern id based bitarray, shrinking this space will optimize performance. This patch implements this. It sets a flag before adding the pattern to the mpm ctx, instructing the mpm to ignore the provided pid and handle pids management itself. This leads to a shrinking of the bitarray size. This is made possible by the previous work that removes the pid logic from the code. Next to this, this patch moves the pattern setup stage to common util functions. This avoids code duplication. Update ac, ac-bs and ac-ks to use this.
10 years ago
typedef struct MpmPattern_ {
/* length of the pattern */
uint16_t len;
mpm/spm: spelling
2 years ago
/* flags describing the pattern */
mpm: unify & localize mpm pattern (id) handling So far, the patterns as passed to the mpm's would use global id's that were shared among all buffers, directions. This would lead to a fairly large pattern id space. As the mpm algo's use the pattern id's to prevent duplicate matching through a pattern id based bitarray, shrinking this space will optimize performance. This patch implements this. It sets a flag before adding the pattern to the mpm ctx, instructing the mpm to ignore the provided pid and handle pids management itself. This leads to a shrinking of the bitarray size. This is made possible by the previous work that removes the pid logic from the code. Next to this, this patch moves the pattern setup stage to common util functions. This avoids code duplication. Update ac, ac-bs and ac-ks to use this.
10 years ago
uint8_t flags;
mpm: add depth/offset support
8 years ago
/* offset into the buffer where match may start */
uint16_t offset;
/* offset into the buffer before which match much complete */
uint16_t depth;
mpm: unify & localize mpm pattern (id) handling So far, the patterns as passed to the mpm's would use global id's that were shared among all buffers, directions. This would lead to a fairly large pattern id space. As the mpm algo's use the pattern id's to prevent duplicate matching through a pattern id based bitarray, shrinking this space will optimize performance. This patch implements this. It sets a flag before adding the pattern to the mpm ctx, instructing the mpm to ignore the provided pid and handle pids management itself. This leads to a shrinking of the bitarray size. This is made possible by the previous work that removes the pid logic from the code. Next to this, this patch moves the pattern setup stage to common util functions. This avoids code duplication. Update ac, ac-bs and ac-ks to use this.
10 years ago
/* holds the original pattern that was added */
uint8_t *original_pat;
/* case sensitive */
uint8_t *cs;
src: various comment spelling fixes Thanks to Josh Soref.
2 years ago
/* case insensitive */
mpm: unify & localize mpm pattern (id) handling So far, the patterns as passed to the mpm's would use global id's that were shared among all buffers, directions. This would lead to a fairly large pattern id space. As the mpm algo's use the pattern id's to prevent duplicate matching through a pattern id based bitarray, shrinking this space will optimize performance. This patch implements this. It sets a flag before adding the pattern to the mpm ctx, instructing the mpm to ignore the provided pid and handle pids management itself. This leads to a shrinking of the bitarray size. This is made possible by the previous work that removes the pid logic from the code. Next to this, this patch moves the pattern setup stage to common util functions. This avoids code duplication. Update ac, ac-bs and ac-ks to use this.
10 years ago
uint8_t *ci;
/* pattern id */
uint32_t id;
/* sid(s) for this pattern */
uint32_t sids_size;
SigIntId *sids;
struct MpmPattern_ *next;
} MpmPattern;
mpm: track maxdepth Track max depth setting per MpmCtx. To make sure the data structure doesn't increase in size change global bool to use a flags field.
7 years ago
/* Indicates if this a global mpm_ctx. Global mpm_ctx is the one that
* is instantiated when we use "single". Non-global is "full", i.e.
* one per sgh. */
#define MPMCTX_FLAGS_GLOBAL BIT_U8(0)
#define MPMCTX_FLAGS_NODEPTH BIT_U8(1)
Rename all structure definitions in the "typedef struct _SomeStruct" format to "typedef struct SomeStruct_" to make the Doxygen output more useful. Remove the Trie multi pattern matcher code. It wasn't used anymore.
16 years ago
typedef struct MpmCtx_ {
Initial add of the files.
17 years ago
void *ctx;
mpm: track maxdepth Track max depth setting per MpmCtx. To make sure the data structure doesn't increase in size change global bool to use a flags field.
7 years ago
uint8_t mpm_type;
uint8_t flags;
Initial add of the files.
17 years ago
mpm: track maxdepth Track max depth setting per MpmCtx. To make sure the data structure doesn't increase in size change global bool to use a flags field.
7 years ago
uint16_t maxdepth;
make mpm ctx container de_ctx specific. Also introduce global variable in mpm_ctx. this is a workaround for cleaning non global mpm_ctx's since we now don't supply the de_ctx around the detection engine API
13 years ago
Removed unused function MpmMatcherGetMaxPatternLength.
12 years ago
/* unique patterns */
uint32_t pattern_cnt;
Initial add of the files.
17 years ago
Remove all references to the scan phase from the pattern matchers and it's api.
16 years ago
uint16_t minlen;
uint16_t maxlen;
Further improve B2gc. Add B2gm. Improve memory layout.
15 years ago
uint32_t memory_cnt;
uint32_t memory_size;
mpm: unify & localize mpm pattern (id) handling So far, the patterns as passed to the mpm's would use global id's that were shared among all buffers, directions. This would lead to a fairly large pattern id space. As the mpm algo's use the pattern id's to prevent duplicate matching through a pattern id based bitarray, shrinking this space will optimize performance. This patch implements this. It sets a flag before adding the pattern to the mpm ctx, instructing the mpm to ignore the provided pid and handle pids management itself. This leads to a shrinking of the bitarray size. This is made possible by the previous work that removes the pid logic from the code. Next to this, this patch moves the pattern setup stage to common util functions. This avoids code duplication. Update ac, ac-bs and ac-ks to use this.
10 years ago
uint32_t max_pat_id;
/* hash used during ctx initialization */
MpmPattern **init_hash;
Initial add of the files.
17 years ago
} MpmCtx;
support single mpm context distribution across sghs in staging. Also see to it that ac works fine with this setup
15 years ago
/* if we want to retrieve an unique mpm context from the mpm context factory
* we should supply this as the key */
#define MPM_CTX_FACTORY_UNIQUE_CONTEXT -1
detect/mpm: turn factory array into list
5 years ago
typedef struct MpmCtxFactoryItem {
mpm: in factory register, consider name const
10 years ago
const char *name;
support splitting mpm ctxs based on direction v2
14 years ago
MpmCtx *mpm_ctx_ts;
MpmCtx *mpm_ctx_tc;
support single mpm context distribution across sghs in staging. Also see to it that ac works fine with this setup
15 years ago
int32_t id;
detect/mpm: improve transforms handling Make sure keywords with transforms get their own mpm ctx, instead of sharing it with the 'pure' version of the keyword.
5 years ago
int32_t sm_list;
mpm factory: include alproto In preparation of spliting out mpm's for keywords shared by multiple protocols, like file.data.
2 years ago
AppProto alproto; /**< ALPROTO_UNKNOWN is not an app item */
detect/mpm: turn factory array into list
5 years ago
struct MpmCtxFactoryItem *next;
support single mpm context distribution across sghs in staging. Also see to it that ac works fine with this setup
15 years ago
} MpmCtxFactoryItem;
typedef struct MpmCtxFactoryContainer_ {
MpmCtxFactoryItem *items;
int32_t no_of_items;
detect/mpm: fix id confusion in mpm_ctx sharing Mixing of dynamic id's and hardcoded config values could possibly lead to the settings not getting applied properly.
5 years ago
int32_t max_id;
support single mpm context distribution across sghs in staging. Also see to it that ac works fine with this setup
15 years ago
} MpmCtxFactoryContainer;
Remove nosearch flag from pattern api and add a generic bitwise flags field.
16 years ago
/** pattern is case insensitive */
all: remove unused literals
2 years ago
#define MPM_PATTERN_FLAG_NOCASE 0x01
Remove nosearch flag from pattern api and add a generic bitwise flags field.
16 years ago
/** pattern has a depth setting */
#define MPM_PATTERN_FLAG_DEPTH 0x04
/** pattern has an offset setting */
all: remove unused literals
2 years ago
#define MPM_PATTERN_FLAG_OFFSET 0x08
mpm: unify & localize mpm pattern (id) handling So far, the patterns as passed to the mpm's would use global id's that were shared among all buffers, directions. This would lead to a fairly large pattern id space. As the mpm algo's use the pattern id's to prevent duplicate matching through a pattern id based bitarray, shrinking this space will optimize performance. This patch implements this. It sets a flag before adding the pattern to the mpm ctx, instructing the mpm to ignore the provided pid and handle pids management itself. This leads to a shrinking of the bitarray size. This is made possible by the previous work that removes the pid logic from the code. Next to this, this patch moves the pattern setup stage to common util functions. This avoids code duplication. Update ac, ac-bs and ac-ks to use this.
10 years ago
/** the ctx uses it's own internal id instead of
* what is passed through the API */
#define MPM_PATTERN_CTX_OWNS_ID 0x20
mpm/ac: implement endswith When a pattern is using endswith, only consider it a match when it is the end of the data. Ticket: #6852.
2 years ago
#define MPM_PATTERN_FLAG_ENDSWITH 0x40
Remove nosearch flag from pattern api and add a generic bitwise flags field.
16 years ago
mpm/ac: implement endswith When a pattern is using endswith, only consider it a match when it is the end of the data. Ticket: #6852.
2 years ago
#define MPM_FEATURE_FLAG_DEPTH BIT_U8(0)
#define MPM_FEATURE_FLAG_OFFSET BIT_U8(1)
#define MPM_FEATURE_FLAG_ENDSWITH BIT_U8(2)
mpm: register algo features This is so patterns can reply on mpm match meaning a full match. Not yet used.
2 years ago
Rename all structure definitions in the "typedef struct _SomeStruct" format to "typedef struct SomeStruct_" to make the Doxygen output more useful. Remove the Trie multi pattern matcher code. It wasn't used anymore.
16 years ago
typedef struct MpmTableElmt_ {
mpm: remove unused max pattern len field
10 years ago
const char *name;
Update mpm init ctx to not accept the final cuda_rc_module argument. It was a part of our older architecture and is no longer used.
12 years ago
void (*InitCtx)(struct MpmCtx_ *);
detect/mpm: remove unused max_id param from API
10 years ago
void (*InitThreadCtx)(struct MpmCtx_ *, struct MpmThreadCtx_ *);
Rename all structure definitions in the "typedef struct _SomeStruct" format to "typedef struct SomeStruct_" to make the Doxygen output more useful. Remove the Trie multi pattern matcher code. It wasn't used anymore.
16 years ago
void (*DestroyCtx)(struct MpmCtx_ *);
void (*DestroyThreadCtx)(struct MpmCtx_ *, struct MpmThreadCtx_ *);
Remove nosearch flag from pattern api and add a generic bitwise flags field.
16 years ago
/** function pointers for adding patterns to the mpm ctx.
*
* \param mpm_ctx Mpm context to add the pattern to
* \param pattern pointer to the pattern
* \param pattern_len length of the pattern in bytes
* \param offset pattern offset setting
* \param depth pattern depth setting
* \param pid pattern id
* \param sid signature _internal_ id
* \param flags pattern flags
*/
Use SigIntId as the type for storing signature IDs (Internal) Previously using uint32_t, but SigIntId is currently uint16_t, so arrays will take less memory.
11 years ago
int (*AddPattern)(struct MpmCtx_ *, uint8_t *, uint16_t, uint16_t, uint16_t, uint32_t, SigIntId, uint8_t);
int (*AddPatternNocase)(struct MpmCtx_ *, uint8_t *, uint16_t, uint16_t, uint16_t, uint32_t, SigIntId, uint8_t);
Rename all structure definitions in the "typedef struct _SomeStruct" format to "typedef struct SomeStruct_" to make the Doxygen output more useful. Remove the Trie multi pattern matcher code. It wasn't used anymore.
16 years ago
int (*Prepare)(struct MpmCtx_ *);
mpm: document Search callback return value
2 years ago
/** \retval cnt number of patterns that matches: once per pattern max. */
detect: fix buffer length to uint32 There is a difference in the size of the buffer length as passed from the content buffers (cfr HttpReassembledBody.buffer_len) and the buflen variable passed to mpm primitives. This can cause a misdetection whenever the bufferlen is multiple of 65536 (as uint16(X*65536) == 0). Increasing the buflen variable type to uint32 solves the issue (this does not cause any issue with primitives, they all accept uint32).
7 years ago
uint32_t (*Search)(const struct MpmCtx_ *, struct MpmThreadCtx_ *, PrefilterRuleStore *, const uint8_t *, uint32_t);
Rename all structure definitions in the "typedef struct _SomeStruct" format to "typedef struct SomeStruct_" to make the Doxygen output more useful. Remove the Trie multi pattern matcher code. It wasn't used anymore.
16 years ago
void (*PrintCtx)(struct MpmCtx_ *);
void (*PrintThreadCtx)(struct MpmThreadCtx_ *);
mpm: UNITTESTS guard for RegisterUnittests func
2 years ago
#ifdef UNITTESTS
Initial add of the files.
17 years ago
void (*RegisterUnittests)(void);
mpm: UNITTESTS guard for RegisterUnittests func
2 years ago
#endif
mpm: register algo features This is so patterns can reply on mpm match meaning a full match. Not yet used.
2 years ago
uint8_t feature_flags;
Initial add of the files.
17 years ago
} MpmTableElmt;
mpm: fix global declarations
6 years ago
extern MpmTableElmt mpm_table[MPM_TABLE_SIZE];
util: fix int warnings Ticket: 4516
4 years ago
extern uint8_t mpm_default_matcher;
Improvements to content keyword memory handling. First version of a simple pattern based L7 proto detection engine. Currently just works by matching a single pattern in the initial data. Implemented HTTP, SSL, MSN, JABBER, SMTP and a few more. Couple of pattern matcher cleanups.
16 years ago
make mpm ctx container de_ctx specific. Also introduce global variable in mpm_ctx. this is a workaround for cleaning non global mpm_ctx's since we now don't supply the de_ctx around the detection engine API
13 years ago
struct DetectEngineCtx_;
mpm factory: include alproto In preparation of spliting out mpm's for keywords shared by multiple protocols, like file.data.
2 years ago
int32_t MpmFactoryRegisterMpmCtxProfile(
struct DetectEngineCtx_ *, const char *, const int, const AppProto);
detect: constify mpm/detect funcs
10 years ago
void MpmFactoryReClaimMpmCtx(const struct DetectEngineCtx_ *, MpmCtx *);
MpmCtx *MpmFactoryGetMpmCtxForProfile(const struct DetectEngineCtx_ *, int32_t, int);
make mpm ctx container de_ctx specific. Also introduce global variable in mpm_ctx. this is a workaround for cleaning non global mpm_ctx's since we now don't supply the de_ctx around the detection engine API
13 years ago
void MpmFactoryDeRegisterAllMpmCtxProfiles(struct DetectEngineCtx_ *);
detect: constify mpm/detect funcs
10 years ago
int32_t MpmFactoryIsMpmCtxAvailable(const struct DetectEngineCtx_ *, const MpmCtx *);
support single mpm context distribution across sghs in staging. Also see to it that ac works fine with this setup
15 years ago
Initial add of the files.
17 years ago
void MpmTableSetup(void);
void MpmRegisterTests(void);
util: fix int warnings Ticket: 4516
4 years ago
void MpmInitCtx(MpmCtx *mpm_ctx, uint8_t matcher);
detect/mpm: remove unused max_id param from API
10 years ago
void MpmInitThreadCtx(MpmThreadCtx *mpm_thread_ctx, uint16_t);
mpm: thread ctx cleanups Remove unused thread ctx' from AC variants Use single thread store in detection. Minor cleanups.
2 years ago
void MpmDestroyThreadCtx(MpmThreadCtx *mpm_thread_ctx, const uint16_t matcher);
Initial add of the files.
17 years ago
Code cleanup. Use the MpmAddPattern[CS|CI] wrapper to add patterns to the mpm context. Also use MpmInitCtx() to init the mpm context.
12 years ago
int MpmAddPatternCS(struct MpmCtx_ *mpm_ctx, uint8_t *pat, uint16_t patlen,
uint16_t offset, uint16_t depth,
Use SigIntId as the type for storing signature IDs (Internal) Previously using uint32_t, but SigIntId is currently uint16_t, so arrays will take less memory.
11 years ago
uint32_t pid, SigIntId sid, uint8_t flags);
Code cleanup. Use the MpmAddPattern[CS|CI] wrapper to add patterns to the mpm context. Also use MpmInitCtx() to init the mpm context.
12 years ago
int MpmAddPatternCI(struct MpmCtx_ *mpm_ctx, uint8_t *pat, uint16_t patlen,
uint16_t offset, uint16_t depth,
Use SigIntId as the type for storing signature IDs (Internal) Previously using uint32_t, but SigIntId is currently uint16_t, so arrays will take less memory.
11 years ago
uint32_t pid, SigIntId sid, uint8_t flags);
Code cleanup. Use the MpmAddPattern[CS|CI] wrapper to add patterns to the mpm context. Also use MpmInitCtx() to init the mpm context.
12 years ago
mpm: unify & localize mpm pattern (id) handling So far, the patterns as passed to the mpm's would use global id's that were shared among all buffers, directions. This would lead to a fairly large pattern id space. As the mpm algo's use the pattern id's to prevent duplicate matching through a pattern id based bitarray, shrinking this space will optimize performance. This patch implements this. It sets a flag before adding the pattern to the mpm ctx, instructing the mpm to ignore the provided pid and handle pids management itself. This leads to a shrinking of the bitarray size. This is made possible by the previous work that removes the pid logic from the code. Next to this, this patch moves the pattern setup stage to common util functions. This avoids code duplication. Update ac, ac-bs and ac-ks to use this.
10 years ago
void MpmFreePattern(MpmCtx *mpm_ctx, MpmPattern *p);
int MpmAddPattern(MpmCtx *mpm_ctx, uint8_t *pat, uint16_t patlen,
uint16_t offset, uint16_t depth, uint32_t pid,
SigIntId sid, uint8_t flags);
src: make include guards more library friendly Include guards for libraries should use a prefix that is meaningful for the library to avoid conflicts with other user code. For Suricata, use SURICATA. Additionally, remove the pattern of leading and trailing underscores as these are reserved for the language implementation per the C and C++ standards.
1 year ago
#endif /* SURICATA_UTIL_MPM_H */