diff options
| author | liuwentan <[email protected]> | 2023-09-22 17:55:14 +0800 |
|---|---|---|
| committer | liuwentan <[email protected]> | 2023-09-22 17:55:14 +0800 |
| commit | e5eea6f61059a047301fce59d7cc742b1c15140f (patch) | |
| tree | 969aee05f4a7b5fcecb856f054f4663ba40c41e1 | |
| parent | d55ca3595a8bdc9281a765a5b39b49135e7e415d (diff) | |
[OPTIMIZE]optimize hyperscan callback performance
| -rw-r--r-- | scanner/expr_matcher/adapter_hs/adapter_hs.cpp | 13 | ||||
| -rw-r--r-- | scanner/expr_matcher/adapter_rs/adapter_rs.cpp | 15 |
2 files changed, 10 insertions, 18 deletions
diff --git a/scanner/expr_matcher/adapter_hs/adapter_hs.cpp b/scanner/expr_matcher/adapter_hs/adapter_hs.cpp index 4d57dcf..11df9cf 100644 --- a/scanner/expr_matcher/adapter_hs/adapter_hs.cpp +++ b/scanner/expr_matcher/adapter_hs/adapter_hs.cpp @@ -22,9 +22,9 @@ #include "maat_utils.h" #include "../../bool_matcher/bool_matcher.h" -#define MAX_HIT_PATTERN_NUM 512 +#define MAX_HIT_PATTERN_NUM 1024 -pid_t hs_gettid() +pid_t hs_gettid() { return syscall(SYS_gettid); } @@ -584,11 +584,6 @@ static int matched_event_cb(unsigned int id, unsigned long long from, if (utarray_len(matched_pat->pattern_ids) >= MAX_HIT_PATTERN_NUM) { return 0; } - - // duplicate pattern_id - if (utarray_find(matched_pat->pattern_ids, &pattern_id, compare_pattern_id)) { - return 0; - } int ret = 0; struct pattern_attribute pat_attr = matched_pat->ref_hs_attr[id]; @@ -640,7 +635,6 @@ static int matched_event_cb(unsigned int id, unsigned long long from, if (1 == ret) { utarray_push_back(matched_pat->pattern_ids, &pattern_id); - utarray_sort(matched_pat->pattern_ids, compare_pattern_id); } return 0; @@ -834,8 +828,9 @@ int adapter_hs_scan_stream(void *hs_stream, const char *data, size_t data_len, return 0; } - unsigned long long pattern_ids[n_pattern_id]; + utarray_sort(stream->matched_pat->pattern_ids, compare_pattern_id); + unsigned long long pattern_ids[n_pattern_id]; for (size_t i = 0; i < n_pattern_id; i++) { pattern_ids[i] = *(unsigned long long *)utarray_eltptr(stream->matched_pat->pattern_ids, i); } diff --git a/scanner/expr_matcher/adapter_rs/adapter_rs.cpp b/scanner/expr_matcher/adapter_rs/adapter_rs.cpp index 1459ab1..1489dca 100644 --- a/scanner/expr_matcher/adapter_rs/adapter_rs.cpp +++ b/scanner/expr_matcher/adapter_rs/adapter_rs.cpp @@ -22,9 +22,9 @@ #include "maat_utils.h" #include "../../bool_matcher/bool_matcher.h" -#define MAX_HIT_PATTERN_NUM 512 +#define MAX_HIT_PATTERN_NUM 1024 -pid_t rs_gettid() +pid_t rs_gettid() { return syscall(SYS_gettid); } @@ -430,11 +430,6 @@ static int matched_event_cb(unsigned int id, int pos_offset, int from, int to, if (utarray_len(matched_pat->pattern_ids) >= MAX_HIT_PATTERN_NUM) { return 0; } - - // duplicate pattern_id - if (utarray_find(matched_pat->pattern_ids, &pattern_id, compare_pattern_id)) { - return 0; - } int ret = 0; struct pattern_attribute pat_attr = matched_pat->ref_rs_attr[id]; @@ -487,7 +482,6 @@ static int matched_event_cb(unsigned int id, int pos_offset, int from, int to, if (1 == ret) { utarray_push_back(matched_pat->pattern_ids, &pattern_id); - utarray_sort(matched_pat->pattern_ids, compare_pattern_id); } return 0; @@ -609,8 +603,9 @@ int adapter_rs_scan_stream(void *rs_stream, const char *data, size_t data_len, return 0; } - unsigned long long pattern_ids[n_pattern_id]; + utarray_sort(matched_pat->pattern_ids, compare_pattern_id); + unsigned long long pattern_ids[n_pattern_id]; for (size_t i = 0; i < n_pattern_id; i++) { pattern_ids[i] = *(unsigned long long *)utarray_eltptr(matched_pat->pattern_ids, i); } @@ -678,6 +673,8 @@ int adapter_rs_scan(void *rs_instance, int thread_id, const char *data, size_t d return 0; } + utarray_sort(matched_pat->pattern_ids, compare_pattern_id); + unsigned long long pattern_ids[n_pattern_id]; for (size_t i = 0; i < n_pattern_id; i++) { pattern_ids[i] = *(unsigned long long *)utarray_eltptr(matched_pat->pattern_ids, i); |