From 3c1cd0729623d81057f67b4a3baebb3840859db6 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Tue, 16 Sep 2008 00:14:25 +0200 Subject: [PATCH] todo file update --- TODO | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/TODO b/TODO index fd5e8a6e67..751a32bf7f 100644 --- a/TODO +++ b/TODO @@ -1,18 +1,13 @@ DETECTION ENGINE: -- create a detection_engine_ctx for storing the sig list, packet entry point, other stuff -- many group heads seem to have the same number of sigs. See if we can save memory by detecting similars... the savings are in the pattern matcher. - -> this is done, and works. However it can be taken further. It's not the group heads that should be compared, but the mpm contexts... - - implement flow as a prefilter - implement protocol as a prefilter -- implement src and dst ports as prefilters - -- speed up initialization with many address groups present -- do a sort-insert for the temp address lists: sort it big to small to speed up later inserts -- siggroup(uri)content comparison can benefit from a list size counter +- implement src ports as prefilters +- do a sort-insert for the temp address lists: sort it big to small to speed up later inserts: partly done +- deal with icmp & icmpv6 sigs +- ip only sigs only need to be checked once per flow direction, so put flags in packet to deal with that +- store a ptr to the rule group in the flow (the src,dst,sp,dp,proto will never change in a flow, so we can use that as a starting point) WU-MANBER: -- Consider using dynamic/variable hash sizes. A wm_ctx is quite big (512kb) even for small pattern sets. ADDRESSES: - support [1.2.3.4,2.3.4.5] notation: unittest @@ -20,6 +15,7 @@ ADDRESSES: MAIN: - move packet preallocation into it's own function - create a cleanup function +- consider a api for per module init/deinit functions per packet, for example to clean up flowvars & http_uri THREADING - Add pre-threading initialization API e.g. for Sig loading on Detect.