New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Detect cleanups/v3 #9949

Closed

victorjulien wants to merge 19 commits into OISF:master from victorjulien:detect-cleanups/v3

Commits on Dec 2, 2023

detect/asn1: handle in PMATCH
```
Since the asn1 keyword is processing payload data, move the handling of
the keyword into the PMATCH with content inspection.

Use u32 as buffer length in the Rust FFI
```
victorjulien committed Dec 2, 2023
Configuration menu
View commit details

Copy full SHA for 8786fe5

Browse repository at this point
Copy the full SHA

8786fe5 View commit details

Browse the repository at this point in the history
detect/content-inspect: reduce scope of variables

victorjulien committed Dec 2, 2023
Configuration menu
View commit details

Copy full SHA for 9835616

Browse repository at this point
Copy the full SHA

9835616 View commit details

Browse the repository at this point in the history
detect/content-inspect: pass const to inspect func

victorjulien committed Dec 2, 2023
Configuration menu
View commit details

Copy full SHA for 87035de

Browse repository at this point
Copy the full SHA

87035de View commit details

Browse the repository at this point in the history
detect/content-inspect: remove const casting

victorjulien committed Dec 2, 2023
Configuration menu
View commit details

Copy full SHA for e314204

Browse repository at this point
Copy the full SHA

e314204 View commit details

Browse the repository at this point in the history
detect/content-inspect: assist branch prediction
```
Hitting the recursion limit should be rare.
```
victorjulien committed Dec 2, 2023
Configuration menu
View commit details

Copy full SHA for bf72be6

Browse repository at this point
Copy the full SHA

bf72be6 View commit details

Browse the repository at this point in the history
detect/content-inspect: switch type of enum

victorjulien committed Dec 2, 2023
Configuration menu
View commit details

Copy full SHA for bd78cad

Browse repository at this point
Copy the full SHA

bd78cad View commit details

Browse the repository at this point in the history
detect/content-inspect: add entry for InspectionBuffer

victorjulien committed Dec 2, 2023
Configuration menu
View commit details

Copy full SHA for 37be35f

Browse repository at this point
Copy the full SHA

37be35f View commit details

Browse the repository at this point in the history
detect/dns.query: use new content inspect entry

victorjulien committed Dec 2, 2023
Configuration menu
View commit details

Copy full SHA for e047564

Browse repository at this point
Copy the full SHA

e047564 View commit details

Browse the repository at this point in the history
detect/krb5.sname: use new content inspect entry

victorjulien committed Dec 2, 2023
Configuration menu
View commit details

Copy full SHA for eb456d7

Browse repository at this point
Copy the full SHA

eb456d7 View commit details

Browse the repository at this point in the history
detect/base64: move content inspection logic
```
Integrate with rest of content inspect code.
```
victorjulien committed Dec 2, 2023
Configuration menu
View commit details

Copy full SHA for 687c778

Browse repository at this point
Copy the full SHA

687c778 View commit details

Browse the repository at this point in the history
detect/content-inspect: reduce scope of internal func

victorjulien committed Dec 2, 2023
Configuration menu
View commit details

Copy full SHA for b71ce03

Browse repository at this point
Copy the full SHA

b71ce03 View commit details

Browse the repository at this point in the history
detect/content-inspect: localize recursion counting
```
Use stack local var instead of DetectEngineThreadCtx member.

Make sure the limit is a const so we can avoid rereading it.
```
victorjulien committed Dec 2, 2023
Configuration menu
View commit details

Copy full SHA for b5b0682

Browse repository at this point
Copy the full SHA

b5b0682 View commit details

Browse the repository at this point in the history
detect/content-inspect: flatten branches
```
Flatten else branches after terminating ifs.
```
victorjulien committed Dec 2, 2023
Configuration menu
View commit details

Copy full SHA for c82356a

Browse repository at this point
Copy the full SHA

c82356a View commit details

Browse the repository at this point in the history

detect/isdataat: optimize recursion mismatches

Since recursive content matching goes through the buffer from left to
right, it is possible to bail early when isdataat is part of the
recursive checking. If `isdataat:50,relative` fails for offset 10, it
will surely also fail for offset 20. So break inspection in such cases.

The exception is for dynamic isdataat, where the value is determined
by a prior byte_extract that may be updated during the recursion.

victorjulien committed Dec 2, 2023

a10776e

detect/payload: remove unneeded pointer reset
```
DetectEngineThreadCtx::replist is managed elsewhere.
```
victorjulien committed Dec 2, 2023
Configuration menu
View commit details

Copy full SHA for 542f3fd

Browse repository at this point
Copy the full SHA

542f3fd View commit details

Browse the repository at this point in the history
detect/bytemath: pass match ctx directly
```
Adjust includes to enable this.
```
victorjulien committed Dec 2, 2023
Configuration menu
View commit details

Copy full SHA for e277d92

Browse repository at this point
Copy the full SHA

e277d92 View commit details

Browse the repository at this point in the history
detect: optimize struct layout
```
Move reference count to top of DetectEngineThreadCtx, to move it to the
same cache line as the other members that are checked first in Detect().
```
victorjulien committed Dec 2, 2023
Configuration menu
View commit details

Copy full SHA for a06b3be

Browse repository at this point
Copy the full SHA

a06b3be View commit details

Browse the repository at this point in the history
detect/content-inspect: optimize struct layout
```
Move members used by DetectEngineContentInspection() to the same cache line.
```
victorjulien committed Dec 2, 2023
Configuration menu
View commit details

Copy full SHA for 7d23ed2

Browse repository at this point
Copy the full SHA

7d23ed2 View commit details

Browse the repository at this point in the history
detect/uri: remove tests that are now done elsewhere
```
Core logic of the tests moved to content inspection code in separate commit.
```
victorjulien committed Dec 2, 2023
Configuration menu
View commit details

Copy full SHA for 3583b42

Browse repository at this point
Copy the full SHA

3583b42 View commit details

Browse the repository at this point in the history

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Detect cleanups/v3 #9949

Detect cleanups/v3 #9949

Commits on Dec 2, 2023