-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Detect cleanups/v3 #9949
Detect cleanups/v3 #9949
Commits on Dec 2, 2023
-
Since the asn1 keyword is processing payload data, move the handling of the keyword into the PMATCH with content inspection. Use u32 as buffer length in the Rust FFI
Configuration menu - View commit details
-
Copy full SHA for 8786fe5 - Browse repository at this point
Copy the full SHA 8786fe5View commit details -
Configuration menu - View commit details
-
Copy full SHA for 9835616 - Browse repository at this point
Copy the full SHA 9835616View commit details -
Configuration menu - View commit details
-
Copy full SHA for 87035de - Browse repository at this point
Copy the full SHA 87035deView commit details -
Configuration menu - View commit details
-
Copy full SHA for e314204 - Browse repository at this point
Copy the full SHA e314204View commit details -
detect/content-inspect: assist branch prediction
Hitting the recursion limit should be rare.
Configuration menu - View commit details
-
Copy full SHA for bf72be6 - Browse repository at this point
Copy the full SHA bf72be6View commit details -
Configuration menu - View commit details
-
Copy full SHA for bd78cad - Browse repository at this point
Copy the full SHA bd78cadView commit details -
Configuration menu - View commit details
-
Copy full SHA for 37be35f - Browse repository at this point
Copy the full SHA 37be35fView commit details -
Configuration menu - View commit details
-
Copy full SHA for e047564 - Browse repository at this point
Copy the full SHA e047564View commit details -
Configuration menu - View commit details
-
Copy full SHA for eb456d7 - Browse repository at this point
Copy the full SHA eb456d7View commit details -
detect/base64: move content inspection logic
Integrate with rest of content inspect code.
Configuration menu - View commit details
-
Copy full SHA for 687c778 - Browse repository at this point
Copy the full SHA 687c778View commit details -
Configuration menu - View commit details
-
Copy full SHA for b71ce03 - Browse repository at this point
Copy the full SHA b71ce03View commit details -
detect/content-inspect: localize recursion counting
Use stack local var instead of DetectEngineThreadCtx member. Make sure the limit is a const so we can avoid rereading it.
Configuration menu - View commit details
-
Copy full SHA for b5b0682 - Browse repository at this point
Copy the full SHA b5b0682View commit details -
detect/content-inspect: flatten branches
Flatten else branches after terminating ifs.
Configuration menu - View commit details
-
Copy full SHA for c82356a - Browse repository at this point
Copy the full SHA c82356aView commit details -
detect/isdataat: optimize recursion mismatches
Since recursive content matching goes through the buffer from left to right, it is possible to bail early when isdataat is part of the recursive checking. If `isdataat:50,relative` fails for offset 10, it will surely also fail for offset 20. So break inspection in such cases. The exception is for dynamic isdataat, where the value is determined by a prior byte_extract that may be updated during the recursion.
Configuration menu - View commit details
-
Copy full SHA for a10776e - Browse repository at this point
Copy the full SHA a10776eView commit details -
detect/payload: remove unneeded pointer reset
DetectEngineThreadCtx::replist is managed elsewhere.
Configuration menu - View commit details
-
Copy full SHA for 542f3fd - Browse repository at this point
Copy the full SHA 542f3fdView commit details -
detect/bytemath: pass match ctx directly
Adjust includes to enable this.
Configuration menu - View commit details
-
Copy full SHA for e277d92 - Browse repository at this point
Copy the full SHA e277d92View commit details -
detect: optimize struct layout
Move reference count to top of DetectEngineThreadCtx, to move it to the same cache line as the other members that are checked first in Detect().
Configuration menu - View commit details
-
Copy full SHA for a06b3be - Browse repository at this point
Copy the full SHA a06b3beView commit details -
detect/content-inspect: optimize struct layout
Move members used by DetectEngineContentInspection() to the same cache line.
Configuration menu - View commit details
-
Copy full SHA for 7d23ed2 - Browse repository at this point
Copy the full SHA 7d23ed2View commit details -
detect/uri: remove tests that are now done elsewhere
Core logic of the tests moved to content inspection code in separate commit.
Configuration menu - View commit details
-
Copy full SHA for 3583b42 - Browse repository at this point
Copy the full SHA 3583b42View commit details