-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Detect cleanups/v6 #9986
Detect cleanups/v6 #9986
Commits on Dec 6, 2023
-
Configuration menu - View commit details
-
Copy full SHA for e19f162 - Browse repository at this point
Copy the full SHA e19f162View commit details -
Configuration menu - View commit details
-
Copy full SHA for 5ed3d74 - Browse repository at this point
Copy the full SHA 5ed3d74View commit details -
Configuration menu - View commit details
-
Copy full SHA for 0ebfcd3 - Browse repository at this point
Copy the full SHA 0ebfcd3View commit details -
detect/content-inspect: assist branch prediction
Hitting the recursion limit should be rare.
Configuration menu - View commit details
-
Copy full SHA for 4d43fe7 - Browse repository at this point
Copy the full SHA 4d43fe7View commit details -
Configuration menu - View commit details
-
Copy full SHA for 159ec36 - Browse repository at this point
Copy the full SHA 159ec36View commit details -
detect/content-inspect: add entry for InspectionBuffer
This is a convinience addition to abstract away the internals of the InspectionBuffer in keyword specific detection code.
Configuration menu - View commit details
-
Copy full SHA for e9ec240 - Browse repository at this point
Copy the full SHA e9ec240View commit details -
Configuration menu - View commit details
-
Copy full SHA for b2e782b - Browse repository at this point
Copy the full SHA b2e782bView commit details -
Configuration menu - View commit details
-
Copy full SHA for 521f04a - Browse repository at this point
Copy the full SHA 521f04aView commit details -
detect/base64: move content inspection logic
Integrate with rest of content inspect code.
Configuration menu - View commit details
-
Copy full SHA for aee5aa3 - Browse repository at this point
Copy the full SHA aee5aa3View commit details -
Configuration menu - View commit details
-
Copy full SHA for 94fd401 - Browse repository at this point
Copy the full SHA 94fd401View commit details -
detect/content-inspect: localize recursion counting
Use stack local var instead of DetectEngineThreadCtx member. Instead setup a stack local struct that both counts and holds the limit. Make sure the limit is a const so we can avoid rereading it. This is part of an effort to reduce the size of the DetectEngineThreadCtx structure and reduce the number of memory writes to it. Additionally, it is part of an effect to reduce the number of places where detection tracks various forms of state.
Configuration menu - View commit details
-
Copy full SHA for 895338c - Browse repository at this point
Copy the full SHA 895338cView commit details -
detect/content-inspect: flatten branches
Flatten else branches after terminating ifs.
Configuration menu - View commit details
-
Copy full SHA for d481537 - Browse repository at this point
Copy the full SHA d481537View commit details -
detect/isdataat: optimize recursion mismatches
Since recursive content matching goes through the buffer from left to right, it is possible to bail early when isdataat is part of the recursive checking. If `isdataat:50,relative` fails for offset 10, it will surely also fail for offset 20. So break inspection in such cases. The exception is for dynamic isdataat, where the value is determined by a prior byte_extract that may be updated during the recursion.
Configuration menu - View commit details
-
Copy full SHA for ff5f17f - Browse repository at this point
Copy the full SHA ff5f17fView commit details -
detect/payload: remove unneeded pointer reset
DetectEngineThreadCtx::replist is managed elsewhere.
Configuration menu - View commit details
-
Copy full SHA for 1ee360d - Browse repository at this point
Copy the full SHA 1ee360dView commit details -
detect/bytemath: pass match ctx directly
Adjust includes to enable this.
Configuration menu - View commit details
-
Copy full SHA for 8cbf4fa - Browse repository at this point
Copy the full SHA 8cbf4faView commit details -
detect: optimize struct layout
Move reference count to top of DetectEngineThreadCtx, to move it to the same cache line as the other members that are checked first in Detect().
Configuration menu - View commit details
-
Copy full SHA for 461b84c - Browse repository at this point
Copy the full SHA 461b84cView commit details -
detect/content-inspect: optimize struct layout
Move members used by DetectEngineContentInspection() to the same cache line.
Configuration menu - View commit details
-
Copy full SHA for 36100bc - Browse repository at this point
Copy the full SHA 36100bcView commit details -
Configuration menu - View commit details
-
Copy full SHA for 50e5666 - Browse repository at this point
Copy the full SHA 50e5666View commit details