detect/prefilter: speed up setup

If the global detect.prefilter.default setting is not "auto", it is
wasteful to run each prefilter setup routine. This patch tracks which
of the engines have been explicitly enabled in the rules and only
runs those.

diff --git a/src/detect-engine-prefilter.c b/src/detect-engine-prefilter.c
index e0b04159b7368f91652c1a87db83a0981fdd225e..f683e7d5f9f8e49c1744e9a4ff08422b3dab027f 100644 (file)
--- a/src/detect-engine-prefilter.c
+++ b/src/detect-engine-prefilter.c
@@ -348,11 +348,16 @@ void PrefilterSetupRuleGroup(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
 {
     BUG_ON(PatternMatchPrepareGroup(de_ctx, sgh) != 0);
 
-    /* set up engines if needed - independent of 'detect.prefilter.default'
-     * setting as the prefilter keyword may have enabled individual sigs */
+    /* set up engines if needed - when prefilter is set to auto we run
+     * all engines, otherwise only those that have been forced by the
+     * prefilter keyword. */
+    const enum DetectEnginePrefilterSetting setting = de_ctx->prefilter_setting;
     for (int i = 0; i < DETECT_TBLSIZE; i++)
     {
-        if (sigmatch_table[i].SetupPrefilter != NULL) {
+        if (sigmatch_table[i].SetupPrefilter != NULL &&
+                (setting == DETECT_PREFILTER_AUTO ||
+                 de_ctx->sm_types_prefilter[i]))
+        {
             sigmatch_table[i].SetupPrefilter(de_ctx, sgh);
         }
     }

diff --git a/src/detect-prefilter.c b/src/detect-prefilter.c
index 8eca6efb708ae238d2c7ac293a7267d4139084c3..9f60d84d1fa18f87ecf00de50cadcd3dfce165c5 100644 (file)
--- a/src/detect-prefilter.c
+++ b/src/detect-prefilter.c
@@ -94,6 +94,9 @@ static int DetectPrefilterSetup (DetectEngineCtx *de_ctx, Signature *s, const ch
         cd->flags |= DETECT_CONTENT_FAST_PATTERN;
     } else {
         s->flags |= SIG_FLAG_PREFILTER;
+
+        /* make sure setup function runs for this type. */
+        de_ctx->sm_types_prefilter[sm->type] = true;
     }
 
     SCReturnInt(0);

diff --git a/src/detect.h b/src/detect.h
index ada0d153268a3df9ca9d9200e874cdde1c35958b..10746e3ea2249825fd76318935ba1d3d4bc7b10a 100644 (file)
--- a/src/detect.h
+++ b/src/detect.h
@@ -892,6 +892,11 @@ typedef struct DetectEngineCtx_ {
     /** signatures stats */
     SigFileLoaderStat sig_stat;
 
+    /** per keyword flag indicating if a prefilter has been
+     *  set for it. If true, the setup function will have to
+     *  run. */
+    bool sm_types_prefilter[DETECT_TBLSIZE];
+
 } DetectEngineCtx;
 
 /* Engine groups profiles (low, medium, high, custom) */