detect: do not store state without flags

If flags are zero, there is nothing to store and remember.

Stored signatures will be reused on a later packet, and
qsorted (which may be expensive), with newer matches candidates.

Avoiding to store, leads to avoid the call to qsort.

diff --git a/src/detect.c b/src/detect.c
index 659f96441b298fd311989dca741c1e9658d3c689..72e40eaff3fde39348fa87ad18dd221307f0d745 100644 (file)
--- a/src/detect.c
+++ b/src/detect.c
@@ -1218,7 +1218,7 @@ static bool DetectRunTxInspectRule(ThreadVars *tv,
         } else if ((inspect_flags & DE_STATE_FLAG_FULL_INSPECT) == 0 && mpm_in_progress) {
             TRACE_SID_TXS(s->id, tx, "no need to store no-match sig, "
                     "mpm will revisit it");
-        } else {
+        } else if (inspect_flags != 0 || file_no_match != 0) {
             TRACE_SID_TXS(s->id, tx, "storing state: flags %08x", inspect_flags);
             DetectRunStoreStateTx(scratch->sgh, f, tx->tx_ptr, tx->tx_id, s,
                     inspect_flags, flow_flags, file_no_match);