mirror of https://github.com/OISF/suricata
cybersecurityidsintrusion-detection-systemintrusion-prevention-systemipsnetwork-monitornetwork-monitoringnsmsecuritysuricatathreat-hunting
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
29074af9a6
Use a local pattern bit array to making sure we don't match more than once, in addition to the pmq bitarray that is still used for results validation higher up in the rule matching process. Why: pmq->pattern_id_bitarray is currently sometimes used in a 'stateful' way, meaning that for a single packet we run multiple MPM's on the same pmq w/o resetting it. The new bitarray is used to determine wherther we need to append the patterns associated 'sids' list to the pmq rule_id_array. It has been observed that MPM1 matches for PAT1, and MPM2 matches for PAT1 as well. However, in MPM1 PAT1 doesn't have the same sids list. In this case MPM2 would not add it's sids to the list, leading to missed detection. |
11 years ago | |
|---|---|---|
| benches | ||
| contrib | 12 years ago | |
| doc | 13 years ago | |
| lua | 11 years ago | |
| m4 | ||
| qa | 11 years ago | |
| rules | 11 years ago | |
| scripts | 11 years ago | |
| src | 11 years ago | |
| .gitignore | 13 years ago | |
| .travis.yml | 12 years ago | |
| COPYING | ||
| ChangeLog | 11 years ago | |
| LICENSE | ||
| Makefile.am | 11 years ago | |
| Makefile.cvs | ||
| acsite.m4 | ||
| autogen.sh | 13 years ago | |
| classification.config | 16 years ago | |
| config.rpath | 13 years ago | |
| configure.ac | 11 years ago | |
| doxygen.cfg | 12 years ago | |
| reference.config | 11 years ago | |
| suricata.yaml.in | 11 years ago | |
| threshold.config | 13 years ago | |