1, the role of Ktrie. For scanning the data of a certain Field (head/body etc..) of HTTP Request, we hope that the corresponding data can quickly find the rule set that pays attention to this field. Ktrie solves this problem. We parse the HTTP body data and find the "y" leaf node by matching the "body" path in the Ktrie.
Initialization: Each path of Ktrie (that is, from the root node to the leaf node) is a certain HTTP Field (such as body/header/args etc..) used for scanning, and the leaf node stores all rule IDs concerned with this Field (sorted), the address of the rule content
Create an AC node. Pure regular rules are combined for hyperscan matching without involving AC algorithm. Extract the pattern string in the rule with the pattern string and add it to the AC node as a Pattern.
According to all patterns, build goto table, fail table and output table. Number of states = sum of all Pattern characters + 1 (representing state 0); state table = goto[256 characters] + failstate+matchlist; initialize all state tables to -1.
goto table: its building is similar to building a dictionary tree. A state is determined for each character in each Pattern, establishing state s + the next state of the character jump in the Pattern.
Output table: For each Pattern, the last state records the relationship between the state and Pattern
The fail table for state 0 is initialized to 0, previously it was -1
fail表: