Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge branch 'topic/christian/fix-rulematcher-iteration'

Browse source 
* topic/christian/fix-rulematcher-iteration:
  Order rule traversal in RuleMatcher::Match() operations by Rule index
This commit is contained in:
Christian Kreibich 2024-11-18 10:13:00 -08:00
commit 96273b4550
5 changed files with 15 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

4
CHANGES
View file

@ -1,3 +1,7 @@
7.1.0-dev.579 | 2024-11-18 10:13:00 -0800
* Order rule traversal in RuleMatcher::Match() operations by Rule index (Christian Kreibich, Corelight)
7.1.0-dev.577 | 2024-11-18 09:39:05 -0800 7.1.0-dev.577 | 2024-11-18 09:39:05 -0800
* Define ordering on Rule instances and use on sets in RuleMatcher (Christian Kreibich, Corelight) * Define ordering on Rule instances and use on sets in RuleMatcher (Christian Kreibich, Corelight)

2
VERSION
View file

@ -1 +1 @@
7.1.0-dev.577 7.1.0-dev.579

3
src/Rule.h
View file

@ -59,9 +59,6 @@ public:
void PrintDebug(); void PrintDebug();
bool operator==(const Rule& other) { return strcmp(ID(), other.ID()) == 0; }
bool operator<(const Rule& other) { return strcmp(ID(), other.ID()) < 0; }
static const char* TypeToString(Rule::PatternType type); static const char* TypeToString(Rule::PatternType type);
private: private:

23
src/RuleMatcher.cc
View file

@ -657,8 +657,7 @@ RuleMatcher::MIME_Matches* RuleMatcher::Match(RuleFileMagicState* state, const u
} }
// Find rules for which patterns have matched. // Find rules for which patterns have matched.
auto cmp = [](Rule* a, Rule* b) { return *a < *b; }; map<decltype(Rule::idx), Rule*> rule_matches;
set<Rule*, decltype(cmp)> rule_matches(cmp);
for ( AcceptingMatchSet::const_iterator it = accepted_matches.begin(); it != accepted_matches.end(); ++it ) { for ( AcceptingMatchSet::const_iterator it = accepted_matches.begin(); it != accepted_matches.end(); ++it ) {
auto [aidx, mpos] = *it; auto [aidx, mpos] = *it;
@ -666,11 +665,11 @@ RuleMatcher::MIME_Matches* RuleMatcher::Match(RuleFileMagicState* state, const u
Rule* r = Rule::rule_table[aidx - 1]; Rule* r = Rule::rule_table[aidx - 1];
if ( AllRulePatternsMatched(r, mpos, accepted_matches) ) if ( AllRulePatternsMatched(r, mpos, accepted_matches) )
rule_matches.insert(r); rule_matches[r->Index()] = r;
} }
for ( set<Rule*>::const_iterator it = rule_matches.begin(); it != rule_matches.end(); ++it ) { for ( const auto& entry : rule_matches ) {
Rule* r = *it; Rule* r = entry.second;
for ( const auto& action : r->actions ) { for ( const auto& action : r->actions ) {
const RuleActionMIME* ram = dynamic_cast<const RuleActionMIME*>(action); const RuleActionMIME* ram = dynamic_cast<const RuleActionMIME*>(action);
@ -842,12 +841,7 @@ void RuleMatcher::Match(RuleEndpointState* state, Rule::PatternType type, const
// matched patterns per connection (which is a plausible assumption). // matched patterns per connection (which is a plausible assumption).
// Find rules for which patterns have matched. // Find rules for which patterns have matched.
auto cmp = [](pair<Rule*, MatchPos> a, pair<Rule*, MatchPos> b) { map<decltype(Rule::idx), std::pair<Rule*, MatchPos>> rule_matches;
if ( *a.first == *b.first )
return a.second < b.second;
return *a.first < *b.first;
};
set<pair<Rule*, MatchPos>, decltype(cmp)> rule_matches(cmp);
for ( AcceptingMatchSet::const_iterator it = accepted_matches.begin(); it != accepted_matches.end(); ++it ) { for ( AcceptingMatchSet::const_iterator it = accepted_matches.begin(); it != accepted_matches.end(); ++it ) {
AcceptIdx aidx = it->first; AcceptIdx aidx = it->first;
@ -856,13 +850,12 @@ void RuleMatcher::Match(RuleEndpointState* state, Rule::PatternType type, const
Rule* r = Rule::rule_table[aidx - 1]; Rule* r = Rule::rule_table[aidx - 1];
if ( AllRulePatternsMatched(r, mpos, accepted_matches) ) if ( AllRulePatternsMatched(r, mpos, accepted_matches) )
rule_matches.insert(make_pair(r, mpos)); rule_matches[r->Index()] = make_pair(r, mpos);
} }
// Check which of the matching rules really belong to any of our nodes. // Check which of the matching rules really belong to any of our nodes.
for ( const auto& entry : rule_matches ) {
for ( set<pair<Rule*, MatchPos>>::const_iterator it = rule_matches.begin(); it != rule_matches.end(); ++it ) { auto [r, match_end_pos] = entry.second;
auto [r, match_end_pos] = *it;
DBG_LOG(DBG_RULES, "Accepted rule: %s", r->id); DBG_LOG(DBG_RULES, "Accepted rule: %s", r->id);

4
testing/btest/Baseline/signatures.tcp-end-of-match/.stdout
View file

@ -1,7 +1,7 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
signature_match, message, 1448
signature_match with end_of_match, message, 1448, rather than all. (Robin Sommer)\x0a\x0a * Fix parallel make portability
portability_match with end_of_match, 1448, rather than all. (Robin Sommer)\x0a\x0a * Fix parallel make portability portability_match with end_of_match, 1448, rather than all. (Robin Sommer)\x0a\x0a * Fix parallel make portability
portability_match, 1448 portability_match, 1448
portability_match_with_msg with end_of_match, custom message, 1448, 69, rather than all. (Robin Sommer)\x0a\x0a * Fix parallel make portability portability_match_with_msg with end_of_match, custom message, 1448, 69, rather than all. (Robin Sommer)\x0a\x0a * Fix parallel make portability
portability_match_with_msg, custom message, 1448 portability_match_with_msg, custom message, 1448
signature_match, message, 1448
signature_match with end_of_match, message, 1448, rather than all. (Robin Sommer)\x0a\x0a * Fix parallel make portability