Merge branch 'topic/christian/fix-rulematcher-iteration'

* topic/christian/fix-rulematcher-iteration: Define ordering on Rule instances and use on sets in RuleMatcher
2025-10-13 12:08:20 +00:00 · 2024-11-18 09:39:05 -08:00 · 2024-11-18 09:39:05 -08:00 · 5e0e2a8bd8
commit 5e0e2a8bd8
parent 7ae52ea4d2 2e03fbb8b0
5 changed files with 18 additions and 5 deletions
--- a/4
+++ b/4
@ -1,3 +1,7 @@
+7.1.0-dev.577 | 2024-11-18 09:39:05 -0800
+
+  * Define ordering on Rule instances and use on sets in RuleMatcher (Christian Kreibich, Corelight)
+
 7.1.0-dev.575 | 2024-11-18 17:28:18 +0100

  * communityid: Use GetField() over GetFieldAs() (Arne Welzel, Corelight)
--- a/2
+++ b/2
@ -1 +1 @@
-7.1.0-dev.575
+7.1.0-dev.577
--- a/src/Rule.h
+++ b/src/Rule.h
@ -59,6 +59,9 @@ public:

    void PrintDebug();

+    bool operator==(const Rule& other) { return strcmp(ID(), other.ID()) == 0; }
+    bool operator<(const Rule& other) { return strcmp(ID(), other.ID()) < 0; }
+
    static const char* TypeToString(Rule::PatternType type);

 private:
--- a/src/RuleMatcher.cc
+++ b/src/RuleMatcher.cc
@ -657,7 +657,8 @@ RuleMatcher::MIME_Matches* RuleMatcher::Match(RuleFileMagicState* state, const u
    }

    // Find rules for which patterns have matched.
-    set<Rule*> rule_matches;
+    auto cmp = [](Rule* a, Rule* b) { return *a < *b; };
+    set<Rule*, decltype(cmp)> rule_matches(cmp);

    for ( AcceptingMatchSet::const_iterator it = accepted_matches.begin(); it != accepted_matches.end(); ++it ) {
        auto [aidx, mpos] = *it;
@ -841,7 +842,12 @@ void RuleMatcher::Match(RuleEndpointState* state, Rule::PatternType type, const
    // matched patterns per connection (which is a plausible assumption).

    // Find rules for which patterns have matched.
-    set<pair<Rule*, MatchPos>> rule_matches;
+    auto cmp = [](pair<Rule*, MatchPos> a, pair<Rule*, MatchPos> b) {
+        if ( *a.first == *b.first )
+            return a.second < b.second;
+        return *a.first < *b.first;
+    };
+    set<pair<Rule*, MatchPos>, decltype(cmp)> rule_matches(cmp);

    for ( AcceptingMatchSet::const_iterator it = accepted_matches.begin(); it != accepted_matches.end(); ++it ) {
        AcceptIdx aidx = it->first;
--- a/testing/btest/Baseline/signatures.tcp-end-of-match/.stdout
+++ b/testing/btest/Baseline/signatures.tcp-end-of-match/.stdout
@ -1,7 +1,7 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
-signature_match, message, 1448
-signature_match with end_of_match, message, 1448,    rather than all. (Robin Sommer)\x0a\x0a  * Fix parallel make portability
 portability_match with end_of_match, 1448,    rather than all. (Robin Sommer)\x0a\x0a  * Fix parallel make portability
 portability_match, 1448
 portability_match_with_msg with end_of_match, custom message, 1448, 69,    rather than all. (Robin Sommer)\x0a\x0a  * Fix parallel make portability
 portability_match_with_msg, custom message, 1448
+signature_match, message, 1448
+signature_match with end_of_match, message, 1448,    rather than all. (Robin Sommer)\x0a\x0a  * Fix parallel make portability