detect/flowbits: only walk over array if needed

For setting s->init_data for flowbit rules impacted by `set`, we can
first check whether this will be needed, and *then* walk over the
flowbits array.

diff --git a/src/detect-flowbits.c b/src/detect-flowbits.c
index 937743dc054983eb50ab578fd0339931a8ec25d1..8efb93ed793fac6a0b0d8e45dc4dfac665d6c51a 100644 (file)
--- a/src/detect-flowbits.c
+++ b/src/detect-flowbits.c
@@ -624,11 +624,11 @@ int DetectFlowbitsAnalyze(DetectEngineCtx *de_ctx)
             SCLogDebug("SET flowbit %s/%u: SID %u", varname, i,
                     de_ctx->sig_array[array[i].set_sids[x]]->id);
         }
-        for (uint32_t x = 0; x < array[i].isset_sids_idx; x++) {
-            Signature *s = de_ctx->sig_array[array[i].isset_sids[x]];
-            SCLogDebug("GET flowbit %s/%u: SID %u", varname, i, s->id);
+        if (to_state) {
+            for (uint32_t x = 0; x < array[i].isset_sids_idx; x++) {
+                Signature *s = de_ctx->sig_array[array[i].isset_sids[x]];
+                SCLogDebug("GET flowbit %s/%u: SID %u", varname, i, s->id);
 
-            if (to_state) {
                 s->init_data->init_flags |= SIG_FLAG_INIT_STATE_MATCH;
                 SCLogDebug("made SID %u stateful because it depends on "
                         "stateful rules that set flowbit %s", s->id, varname);