Merge branch 'topic/christian/fix-rulematcher-iteration'

* topic/christian/fix-rulematcher-iteration: Order rule traversal in RuleMatcher::Match() operations by Rule index
2025-10-02 06:38:20 +00:00 · 2024-11-18 10:13:00 -08:00 · 2024-11-18 10:13:00 -08:00 · 96273b4550
commit 96273b4550
parent 5e0e2a8bd8 b24c5c0e46
5 changed files with 15 additions and 21 deletions
--- a/4
+++ b/4
@ -1,3 +1,7 @@
+7.1.0-dev.579 | 2024-11-18 10:13:00 -0800
+
+  * Order rule traversal in RuleMatcher::Match() operations by Rule index (Christian Kreibich, Corelight)
+
 7.1.0-dev.577 | 2024-11-18 09:39:05 -0800

  * Define ordering on Rule instances and use on sets in RuleMatcher (Christian Kreibich, Corelight)
--- a/2
+++ b/2
@ -1 +1 @@
-7.1.0-dev.577
+7.1.0-dev.579
--- a/src/Rule.h
+++ b/src/Rule.h
@ -59,9 +59,6 @@ public:

    void PrintDebug();

-    bool operator==(const Rule& other) { return strcmp(ID(), other.ID()) == 0; }
-    bool operator<(const Rule& other) { return strcmp(ID(), other.ID()) < 0; }
-
    static const char* TypeToString(Rule::PatternType type);

 private:
--- a/src/RuleMatcher.cc
+++ b/src/RuleMatcher.cc
@ -657,8 +657,7 @@ RuleMatcher::MIME_Matches* RuleMatcher::Match(RuleFileMagicState* state, const u
    }

    // Find rules for which patterns have matched.
-    auto cmp = [](Rule* a, Rule* b) { return *a < *b; };
-    set<Rule*, decltype(cmp)> rule_matches(cmp);
+    map<decltype(Rule::idx), Rule*> rule_matches;

    for ( AcceptingMatchSet::const_iterator it = accepted_matches.begin(); it != accepted_matches.end(); ++it ) {
        auto [aidx, mpos] = *it;
@ -666,11 +665,11 @@ RuleMatcher::MIME_Matches* RuleMatcher::Match(RuleFileMagicState* state, const u
        Rule* r = Rule::rule_table[aidx - 1];

        if ( AllRulePatternsMatched(r, mpos, accepted_matches) )
-            rule_matches.insert(r);
+            rule_matches[r->Index()] = r;
    }

-    for ( set<Rule*>::const_iterator it = rule_matches.begin(); it != rule_matches.end(); ++it ) {
-        Rule* r = *it;
+    for ( const auto& entry : rule_matches ) {
+        Rule* r = entry.second;

        for ( const auto& action : r->actions ) {
            const RuleActionMIME* ram = dynamic_cast<const RuleActionMIME*>(action);
@ -842,12 +841,7 @@ void RuleMatcher::Match(RuleEndpointState* state, Rule::PatternType type, const
    // matched patterns per connection (which is a plausible assumption).

    // Find rules for which patterns have matched.
-    auto cmp = [](pair<Rule*, MatchPos> a, pair<Rule*, MatchPos> b) {
-        if ( *a.first == *b.first )
-            return a.second < b.second;
-        return *a.first < *b.first;
-    };
-    set<pair<Rule*, MatchPos>, decltype(cmp)> rule_matches(cmp);
+    map<decltype(Rule::idx), std::pair<Rule*, MatchPos>> rule_matches;

    for ( AcceptingMatchSet::const_iterator it = accepted_matches.begin(); it != accepted_matches.end(); ++it ) {
        AcceptIdx aidx = it->first;
@ -856,13 +850,12 @@ void RuleMatcher::Match(RuleEndpointState* state, Rule::PatternType type, const
        Rule* r = Rule::rule_table[aidx - 1];

        if ( AllRulePatternsMatched(r, mpos, accepted_matches) )
-            rule_matches.insert(make_pair(r, mpos));
+            rule_matches[r->Index()] = make_pair(r, mpos);
    }

    // Check which of the matching rules really belong to any of our nodes.
-
-    for ( set<pair<Rule*, MatchPos>>::const_iterator it = rule_matches.begin(); it != rule_matches.end(); ++it ) {
-        auto [r, match_end_pos] = *it;
+    for ( const auto& entry : rule_matches ) {
+        auto [r, match_end_pos] = entry.second;

        DBG_LOG(DBG_RULES, "Accepted rule: %s", r->id);

--- a/testing/btest/Baseline/signatures.tcp-end-of-match/.stdout
+++ b/testing/btest/Baseline/signatures.tcp-end-of-match/.stdout
@ -1,7 +1,7 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+signature_match, message, 1448
+signature_match with end_of_match, message, 1448,    rather than all. (Robin Sommer)\x0a\x0a  * Fix parallel make portability
 portability_match with end_of_match, 1448,    rather than all. (Robin Sommer)\x0a\x0a  * Fix parallel make portability
 portability_match, 1448
 portability_match_with_msg with end_of_match, custom message, 1448, 69,    rather than all. (Robin Sommer)\x0a\x0a  * Fix parallel make portability
 portability_match_with_msg, custom message, 1448
-signature_match, message, 1448
-signature_match with end_of_match, message, 1448,    rather than all. (Robin Sommer)\x0a\x0a  * Fix parallel make portability