diff --git a/src/detect-engine-siggroup.c b/src/detect-engine-siggroup.c index 22019a3d36..b021a89773 100644 --- a/src/detect-engine-siggroup.c +++ b/src/detect-engine-siggroup.c @@ -151,16 +151,16 @@ void SigGroupHeadFree(SigGroupHead *sgh) sgh->match_array = NULL; } - if (sgh->non_mpm_other_store_array != NULL) { - SCFree(sgh->non_mpm_other_store_array); - sgh->non_mpm_other_store_array = NULL; - sgh->non_mpm_other_store_cnt = 0; + if (sgh->non_pf_other_store_array != NULL) { + SCFree(sgh->non_pf_other_store_array); + sgh->non_pf_other_store_array = NULL; + sgh->non_pf_other_store_cnt = 0; } - if (sgh->non_mpm_syn_store_array != NULL) { - SCFree(sgh->non_mpm_syn_store_array); - sgh->non_mpm_syn_store_array = NULL; - sgh->non_mpm_syn_store_cnt = 0; + if (sgh->non_pf_syn_store_array != NULL) { + SCFree(sgh->non_pf_syn_store_array); + sgh->non_pf_syn_store_array = NULL; + sgh->non_pf_syn_store_cnt = 0; } sgh->sig_cnt = 0; @@ -675,20 +675,20 @@ void SigGroupHeadSetFilestoreCount(DetectEngineCtx *de_ctx, SigGroupHead *sgh) return; } -/** \brief build an array of rule id's for sigs with no mpm - * Also updated de_ctx::non_mpm_store_cnt_max to track the highest cnt +/** \brief build an array of rule id's for sigs with no prefilter + * Also updated de_ctx::non_pf_store_cnt_max to track the highest cnt */ -int SigGroupHeadBuildNonMpmArray(DetectEngineCtx *de_ctx, SigGroupHead *sgh) +int SigGroupHeadBuildNonPrefilterArray(DetectEngineCtx *de_ctx, SigGroupHead *sgh) { Signature *s = NULL; uint32_t sig = 0; - uint32_t non_mpm = 0; - uint32_t non_mpm_syn = 0; + uint32_t non_pf = 0; + uint32_t non_pf_syn = 0; if (sgh == NULL) return 0; - BUG_ON(sgh->non_mpm_other_store_array != NULL); + BUG_ON(sgh->non_pf_other_store_array != NULL); for (sig = 0; sig < sgh->sig_cnt; sig++) { s = sgh->match_array[sig]; @@ -697,28 +697,28 @@ int SigGroupHeadBuildNonMpmArray(DetectEngineCtx *de_ctx, SigGroupHead *sgh) if (s->mpm_sm == NULL || (s->flags & SIG_FLAG_MPM_NEG)) { if (!(DetectFlagsSignatureNeedsSynPackets(s))) { - non_mpm++; + non_pf++; } - non_mpm_syn++; + non_pf_syn++; } } - if (non_mpm == 0 && non_mpm_syn == 0) { - sgh->non_mpm_other_store_array = NULL; - sgh->non_mpm_syn_store_array = NULL; + if (non_pf == 0 && non_pf_syn == 0) { + sgh->non_pf_other_store_array = NULL; + sgh->non_pf_syn_store_array = NULL; return 0; } - if (non_mpm > 0) { - sgh->non_mpm_other_store_array = SCMalloc(non_mpm * sizeof(SignatureNonMpmStore)); - BUG_ON(sgh->non_mpm_other_store_array == NULL); - memset(sgh->non_mpm_other_store_array, 0, non_mpm * sizeof(SignatureNonMpmStore)); + if (non_pf > 0) { + sgh->non_pf_other_store_array = SCMalloc(non_pf * sizeof(SignatureNonMpmStore)); + BUG_ON(sgh->non_pf_other_store_array == NULL); + memset(sgh->non_pf_other_store_array, 0, non_pf * sizeof(SignatureNonMpmStore)); } - if (non_mpm_syn > 0) { - sgh->non_mpm_syn_store_array = SCMalloc(non_mpm_syn * sizeof(SignatureNonMpmStore)); - BUG_ON(sgh->non_mpm_syn_store_array == NULL); - memset(sgh->non_mpm_syn_store_array, 0, non_mpm_syn * sizeof(SignatureNonMpmStore)); + if (non_pf_syn > 0) { + sgh->non_pf_syn_store_array = SCMalloc(non_pf_syn * sizeof(SignatureNonMpmStore)); + BUG_ON(sgh->non_pf_syn_store_array == NULL); + memset(sgh->non_pf_syn_store_array, 0, non_pf_syn * sizeof(SignatureNonMpmStore)); } for (sig = 0; sig < sgh->sig_cnt; sig++) { @@ -728,25 +728,25 @@ int SigGroupHeadBuildNonMpmArray(DetectEngineCtx *de_ctx, SigGroupHead *sgh) if (s->mpm_sm == NULL || (s->flags & SIG_FLAG_MPM_NEG)) { if (!(DetectFlagsSignatureNeedsSynPackets(s))) { - BUG_ON(sgh->non_mpm_other_store_cnt >= non_mpm); - BUG_ON(sgh->non_mpm_other_store_array == NULL); - sgh->non_mpm_other_store_array[sgh->non_mpm_other_store_cnt].id = s->num; - sgh->non_mpm_other_store_array[sgh->non_mpm_other_store_cnt].mask = s->mask; - sgh->non_mpm_other_store_cnt++; + BUG_ON(sgh->non_pf_other_store_cnt >= non_pf); + BUG_ON(sgh->non_pf_other_store_array == NULL); + sgh->non_pf_other_store_array[sgh->non_pf_other_store_cnt].id = s->num; + sgh->non_pf_other_store_array[sgh->non_pf_other_store_cnt].mask = s->mask; + sgh->non_pf_other_store_cnt++; } - BUG_ON(sgh->non_mpm_syn_store_cnt >= non_mpm_syn); - BUG_ON(sgh->non_mpm_syn_store_array == NULL); - sgh->non_mpm_syn_store_array[sgh->non_mpm_syn_store_cnt].id = s->num; - sgh->non_mpm_syn_store_array[sgh->non_mpm_syn_store_cnt].mask = s->mask; - sgh->non_mpm_syn_store_cnt++; + BUG_ON(sgh->non_pf_syn_store_cnt >= non_pf_syn); + BUG_ON(sgh->non_pf_syn_store_array == NULL); + sgh->non_pf_syn_store_array[sgh->non_pf_syn_store_cnt].id = s->num; + sgh->non_pf_syn_store_array[sgh->non_pf_syn_store_cnt].mask = s->mask; + sgh->non_pf_syn_store_cnt++; } } /* track highest cnt for any sgh in our de_ctx */ - uint32_t max = MAX(sgh->non_mpm_other_store_cnt, sgh->non_mpm_syn_store_cnt); - if (max > de_ctx->non_mpm_store_cnt_max) - de_ctx->non_mpm_store_cnt_max = max; + uint32_t max = MAX(sgh->non_pf_other_store_cnt, sgh->non_pf_syn_store_cnt); + if (max > de_ctx->non_pf_store_cnt_max) + de_ctx->non_pf_store_cnt_max = max; return 0; } diff --git a/src/detect-engine-siggroup.h b/src/detect-engine-siggroup.h index b8dd6b1c9f..a5b2480826 100644 --- a/src/detect-engine-siggroup.h +++ b/src/detect-engine-siggroup.h @@ -72,6 +72,6 @@ void SigGroupHeadSetFilesizeFlag(DetectEngineCtx *, SigGroupHead *); uint16_t SigGroupHeadGetMinMpmSize(DetectEngineCtx *de_ctx, SigGroupHead *sgh, int list); -int SigGroupHeadBuildNonMpmArray(DetectEngineCtx *de_ctx, SigGroupHead *sgh); +int SigGroupHeadBuildNonPrefilterArray(DetectEngineCtx *de_ctx, SigGroupHead *sgh); #endif /* __DETECT_ENGINE_SIGGROUP_H__ */ diff --git a/src/detect-engine.c b/src/detect-engine.c index 638ebf0702..f734abb975 100644 --- a/src/detect-engine.c +++ b/src/detect-engine.c @@ -1526,10 +1526,10 @@ static TmEcode ThreadCtxDoInit (DetectEngineCtx *de_ctx, DetectEngineThreadCtx * } /* sized to the max of our sgh settings. A max setting of 0 implies that all - * sgh's have: sgh->non_mpm_store_cnt == 0 */ - if (de_ctx->non_mpm_store_cnt_max > 0) { - det_ctx->non_mpm_id_array = SCCalloc(de_ctx->non_mpm_store_cnt_max, sizeof(SigIntId)); - BUG_ON(det_ctx->non_mpm_id_array == NULL); + * sgh's have: sgh->non_pf_store_cnt == 0 */ + if (de_ctx->non_pf_store_cnt_max > 0) { + det_ctx->non_pf_id_array = SCCalloc(de_ctx->non_pf_store_cnt_max, sizeof(SigIntId)); + BUG_ON(det_ctx->non_pf_id_array == NULL); } /* IP-ONLY */ @@ -1744,8 +1744,8 @@ void DetectEngineThreadCtxFree(DetectEngineThreadCtx *det_ctx) SpmDestroyThreadCtx(det_ctx->spm_thread_ctx); } - if (det_ctx->non_mpm_id_array != NULL) - SCFree(det_ctx->non_mpm_id_array); + if (det_ctx->non_pf_id_array != NULL) + SCFree(det_ctx->non_pf_id_array); if (det_ctx->de_state_sig_array != NULL) SCFree(det_ctx->de_state_sig_array); diff --git a/src/detect.c b/src/detect.c index 3ce90ff6f4..3d78875d44 100644 --- a/src/detect.c +++ b/src/detect.c @@ -705,9 +705,9 @@ static inline void DetectPrefilterMergeSort(DetectEngineCtx *de_ctx, SigIntId mpm, nonmpm; det_ctx->match_array_cnt = 0; SigIntId *mpm_ptr = det_ctx->pmq.rule_id_array; - SigIntId *nonmpm_ptr = det_ctx->non_mpm_id_array; + SigIntId *nonmpm_ptr = det_ctx->non_pf_id_array; uint32_t m_cnt = det_ctx->pmq.rule_id_array_cnt; - uint32_t n_cnt = det_ctx->non_mpm_id_cnt; + uint32_t n_cnt = det_ctx->non_pf_id_cnt; SigIntId *final_ptr; uint32_t final_cnt; SigIntId id; @@ -820,7 +820,7 @@ static inline void DetectPrefilterMergeSort(DetectEngineCtx *de_ctx, det_ctx->match_array_cnt = match_array - det_ctx->match_array; - BUG_ON((det_ctx->pmq.rule_id_array_cnt + det_ctx->non_mpm_id_cnt) < det_ctx->match_array_cnt); + BUG_ON((det_ctx->pmq.rule_id_array_cnt + det_ctx->non_pf_id_cnt) < det_ctx->match_array_cnt); } /* Return true is the list is sorted smallest to largest */ @@ -1227,15 +1227,16 @@ static void AlertDebugLogModeSyncFlowbitsNamesToPacketStruct(Packet *p, DetectEn return; } -static inline void DetectPrefilterBuildNonMpmList(DetectEngineThreadCtx *det_ctx, SignatureMask mask) +static inline void +DetectPrefilterBuildNonPrefilterList(DetectEngineThreadCtx *det_ctx, SignatureMask mask) { uint32_t x = 0; - for (x = 0; x < det_ctx->non_mpm_store_cnt; x++) { + for (x = 0; x < det_ctx->non_pf_store_cnt; x++) { /* only if the mask matches this rule can possibly match, * so build the non_mpm array only for match candidates */ - SignatureMask rule_mask = det_ctx->non_mpm_store_ptr[x].mask; + SignatureMask rule_mask = det_ctx->non_pf_store_ptr[x].mask; if ((rule_mask & mask) == rule_mask) { - det_ctx->non_mpm_id_array[det_ctx->non_mpm_id_cnt++] = det_ctx->non_mpm_store_ptr[x].id; + det_ctx->non_pf_id_array[det_ctx->non_pf_id_cnt++] = det_ctx->non_pf_store_ptr[x].id; } } } @@ -1243,19 +1244,20 @@ static inline void DetectPrefilterBuildNonMpmList(DetectEngineThreadCtx *det_ctx /** \internal * \brief select non-mpm list * Based on the packet properties, select the non-mpm list to use */ -static inline void DetectPrefilterSetNonMpmList(const Packet *p, DetectEngineThreadCtx *det_ctx) +static inline void +DetectPrefilterSetNonPrefilterList(const Packet *p, DetectEngineThreadCtx *det_ctx) { if ((p->proto == IPPROTO_TCP) && (p->tcph != NULL) && (p->tcph->th_flags & TH_SYN)) { - det_ctx->non_mpm_store_ptr = det_ctx->sgh->non_mpm_syn_store_array; - det_ctx->non_mpm_store_cnt = det_ctx->sgh->non_mpm_syn_store_cnt; + det_ctx->non_pf_store_ptr = det_ctx->sgh->non_pf_syn_store_array; + det_ctx->non_pf_store_cnt = det_ctx->sgh->non_pf_syn_store_cnt; } else { - det_ctx->non_mpm_store_ptr = det_ctx->sgh->non_mpm_other_store_array; - det_ctx->non_mpm_store_cnt = det_ctx->sgh->non_mpm_other_store_cnt; + det_ctx->non_pf_store_ptr = det_ctx->sgh->non_pf_other_store_array; + det_ctx->non_pf_store_cnt = det_ctx->sgh->non_pf_other_store_cnt; } - SCLogDebug("sgh non_mpm ptr %p cnt %u (syn %p/%u, other %p/%u)", - det_ctx->non_mpm_store_ptr, det_ctx->non_mpm_store_cnt, - det_ctx->sgh->non_mpm_syn_store_array, det_ctx->sgh->non_mpm_syn_store_cnt, - det_ctx->sgh->non_mpm_other_store_array, det_ctx->sgh->non_mpm_other_store_cnt); + SCLogDebug("sgh non_pf ptr %p cnt %u (syn %p/%u, other %p/%u)", + det_ctx->non_pf_store_ptr, det_ctx->non_pf_store_cnt, + det_ctx->sgh->non_pf_syn_store_array, det_ctx->sgh->non_pf_syn_store_cnt, + det_ctx->sgh->non_pf_other_store_array, det_ctx->sgh->non_pf_other_store_cnt); } /** @@ -1459,7 +1461,7 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh goto end; } - DetectPrefilterSetNonMpmList(p, det_ctx); + DetectPrefilterSetNonPrefilterList(p, det_ctx); PACKET_PROFILING_DETECT_START(p, PROF_DETECT_STATEFUL); /* stateful app layer detection */ @@ -1481,11 +1483,11 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh SignatureMask mask = 0; PacketCreateMask(p, &mask, alproto, has_state, smsg, app_decoder_events); - /* build and prefilter non_mpm list against the mask of the packet */ + /* build and prefilter non_pf list against the mask of the packet */ PACKET_PROFILING_DETECT_START(p, PROF_DETECT_NONMPMLIST); - det_ctx->non_mpm_id_cnt = 0; - if (likely(det_ctx->non_mpm_store_cnt > 0)) { - DetectPrefilterBuildNonMpmList(det_ctx, mask); + det_ctx->non_pf_id_cnt = 0; + if (likely(det_ctx->non_pf_store_cnt > 0)) { + DetectPrefilterBuildNonPrefilterList(det_ctx, mask); } PACKET_PROFILING_DETECT_END(p, PROF_DETECT_NONMPMLIST); @@ -1498,10 +1500,10 @@ int SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineTh StatsAddUI64(th_v, det_ctx->counter_mpm_list, (uint64_t)det_ctx->pmq.rule_id_array_cnt); StatsAddUI64(th_v, det_ctx->counter_nonmpm_list, - (uint64_t)det_ctx->non_mpm_store_cnt); + (uint64_t)det_ctx->non_pf_store_cnt); /* non mpm sigs after mask prefilter */ StatsAddUI64(th_v, det_ctx->counter_fnonmpm_list, - (uint64_t)det_ctx->non_mpm_id_cnt); + (uint64_t)det_ctx->non_pf_id_cnt); } #endif @@ -4067,7 +4069,7 @@ int SigAddressPrepareStage4(DetectEngineCtx *de_ctx) SCLogDebug("filestore count %u", sgh->filestore_cnt); BUG_ON(PatternMatchPrepareGroup(de_ctx, sgh) != 0); - SigGroupHeadBuildNonMpmArray(de_ctx, sgh); + SigGroupHeadBuildNonPrefilterArray(de_ctx, sgh); sgh->id = idx; cnt++; diff --git a/src/detect.h b/src/detect.h index 014a1c1acf..70b924e386 100644 --- a/src/detect.h +++ b/src/detect.h @@ -565,7 +565,7 @@ typedef struct DetectEngineCtx_ { /** Maximum value of all our sgh's non_mpm_store_cnt setting, * used to alloc det_ctx::non_mpm_id_array */ - uint32_t non_mpm_store_cnt_max; + uint32_t non_pf_store_cnt_max; /* used by the signature ordering module */ struct SCSigOrderFunc_ *sc_sig_order_funcs; @@ -737,8 +737,8 @@ typedef struct DetectEngineThreadCtx_ { /* the thread to which this detection engine thread belongs */ ThreadVars *tv; - SigIntId *non_mpm_id_array; - uint32_t non_mpm_id_cnt; // size is cnt * sizeof(uint32_t) + SigIntId *non_pf_id_array; + uint32_t non_pf_id_cnt; // size is cnt * sizeof(uint32_t) uint32_t mt_det_ctxs_cnt; struct DetectEngineThreadCtx_ **mt_det_ctxs; @@ -823,8 +823,8 @@ typedef struct DetectEngineThreadCtx_ { struct SigGroupHead_ *sgh; - SignatureNonMpmStore *non_mpm_store_ptr; - uint32_t non_mpm_store_cnt; + SignatureNonMpmStore *non_pf_store_ptr; + uint32_t non_pf_store_cnt; /** pointer to the current mpm ctx that is stored * in a rule group head -- can be either a content @@ -997,12 +997,12 @@ typedef struct SigGroupHead_ { /* number of sigs in this head */ SigIntId sig_cnt; - /* non mpm list excluding SYN rules */ - uint32_t non_mpm_other_store_cnt; - uint32_t non_mpm_syn_store_cnt; - SignatureNonMpmStore *non_mpm_other_store_array; // size is non_mpm_store_cnt * sizeof(SignatureNonMpmStore) + /* non prefilter list excluding SYN rules */ + uint32_t non_pf_other_store_cnt; + uint32_t non_pf_syn_store_cnt; + SignatureNonMpmStore *non_pf_other_store_array; // size is non_mpm_store_cnt * sizeof(SignatureNonMpmStore) /* non mpm list including SYN rules */ - SignatureNonMpmStore *non_mpm_syn_store_array; // size is non_mpm_syn_store_cnt * sizeof(SignatureNonMpmStore) + SignatureNonMpmStore *non_pf_syn_store_array; // size is non_mpm_syn_store_cnt * sizeof(SignatureNonMpmStore) /** the number of signatures in this sgh that have the filestore keyword * set. */ diff --git a/src/util-profiling-rulegroups.c b/src/util-profiling-rulegroups.c index 8f55e717fb..1bbf4f7961 100644 --- a/src/util-profiling-rulegroups.c +++ b/src/util-profiling-rulegroups.c @@ -286,8 +286,8 @@ SCProfilingSghUpdateCounter(DetectEngineThreadCtx *det_ctx, const SigGroupHead * SCProfileSghData *p = &det_ctx->sgh_perf_data[sgh->id]; p->checks++; - if (det_ctx->non_mpm_store_cnt > 0) { - if (det_ctx->non_mpm_store_ptr == sgh->non_mpm_syn_store_array) + if (det_ctx->non_pf_store_cnt > 0) { + if (det_ctx->non_pf_store_ptr == sgh->non_pf_syn_store_array) p->non_mpm_syn++; else p->non_mpm_generic++;