detect/prefilter: speed up setup

If the global detect.prefilter.default setting is not "auto", it is
wasteful to run each prefilter setup routine. This patch tracks which
of the engines have been explicitly enabled in the rules and only
runs those.

diff --git a/src/detect-engine-prefilter.c b/src/detect-engine-prefilter.c
index b289bc136927718b006720a9361b20fb241ce470..75cee3ea10c4e7987670b567fc12eedc87597bdc 100644 (file)
--- a/src/detect-engine-prefilter.c
+++ b/src/detect-engine-prefilter.c
@@ -380,11 +380,16 @@ void PrefilterSetupRuleGroup(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
 {
     BUG_ON(PatternMatchPrepareGroup(de_ctx, sgh) != 0);
 
-    /* set up engines if needed - independent of 'detect.prefilter.default'
-     * setting as the prefilter keyword may have enabled individual sigs */
+    /* set up engines if needed - when prefilter is set to auto we run
+     * all engines, otherwise only those that have been forced by the
+     * prefilter keyword. */
+    const enum DetectEnginePrefilterSetting setting = de_ctx->prefilter_setting;
     for (int i = 0; i < DETECT_TBLSIZE; i++)
     {
-        if (sigmatch_table[i].SetupPrefilter != NULL) {
+        if (sigmatch_table[i].SetupPrefilter != NULL &&
+                (setting == DETECT_PREFILTER_AUTO ||
+                 (de_ctx->sm_types_prefilter && de_ctx->sm_types_prefilter[i])))
+        {
             sigmatch_table[i].SetupPrefilter(sgh);
         }
     }

diff --git a/src/detect-prefilter.c b/src/detect-prefilter.c
index 8eca6efb708ae238d2c7ac293a7267d4139084c3..ed1397bf4e93c6121bc7010c5ba83969e0b69bce 100644 (file)
--- a/src/detect-prefilter.c
+++ b/src/detect-prefilter.c
@@ -94,6 +94,13 @@ static int DetectPrefilterSetup (DetectEngineCtx *de_ctx, Signature *s, const ch
         cd->flags |= DETECT_CONTENT_FAST_PATTERN;
     } else {
         s->flags |= SIG_FLAG_PREFILTER;
+
+        /* make sure setup function runs for this type. */
+        if (de_ctx->sm_types_prefilter == NULL)
+            de_ctx->sm_types_prefilter = SCCalloc(sizeof(bool), DETECT_TBLSIZE);
+        if (de_ctx->sm_types_prefilter == NULL)
+            FatalError(SC_ERR_MEM_ALLOC, "failed to allocate sm_types_prefilter memory");
+        de_ctx->sm_types_prefilter[sm->type] = true;
     }
 
     SCReturnInt(0);

diff --git a/src/detect.h b/src/detect.h
index 458baf01e93df22708df7da308327554216b80b6..efa43ba220a5a46d0be893248dbb4268a90e8fef 100644 (file)
--- a/src/detect.h
+++ b/src/detect.h
@@ -738,6 +738,12 @@ typedef struct DetectEngineCtx_ {
      *  \todo we only need this at init, so perhaps this
      *        can move to a DetectEngineCtx 'init' struct */
     DetectMpmAppLayerKeyword *app_mpms;
+
+    /** per keyword flag indicating if a prefilter has been
+     *  set for it. If true, the setup function will have to
+     *  run. Will be alloc'd to DETECT_TBLSIZE if used. */
+    bool *sm_types_prefilter;
+
 } DetectEngineCtx;
 
 /* Engine groups profiles (low, medium, high, custom) */