detect/prefilter: use sig mask to exclude pkt engines

Add an argument to the packet prefilter registration function to include
`SignatureMask` flags. This will be used at runtime to only call these
prefilter engines when the mask check passes.

diff --git a/src/detect-app-layer-protocol.c b/src/detect-app-layer-protocol.c
index cdef7db532c4185710b5b4f3f38ceec1576d1ab0..938b96a5b45407578d40ef6f518f19db2fbe39ef 100644 (file)
--- a/src/detect-app-layer-protocol.c
+++ b/src/detect-app-layer-protocol.c
@@ -316,9 +316,8 @@ PrefilterPacketAppProtoCompare(PrefilterPacketHeaderValue v, void *smctx)
 static int PrefilterSetupAppProto(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
 {
     return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_AL_APP_LAYER_PROTOCOL,
-        PrefilterPacketAppProtoSet,
-        PrefilterPacketAppProtoCompare,
-        PrefilterPacketAppProtoMatch);
+            SIG_MASK_REQUIRE_FLOW, PrefilterPacketAppProtoSet, PrefilterPacketAppProtoCompare,
+            PrefilterPacketAppProtoMatch);
 }
 
 static bool PrefilterAppProtoIsPrefilterable(const Signature *s)

diff --git a/src/detect-dsize.c b/src/detect-dsize.c
index e518a59696801dc3eb528642de4e9ca78e129956..e1b5bfeb231fe5efcd12ddad32866646850eb02b 100644 (file)
--- a/src/detect-dsize.c
+++ b/src/detect-dsize.c
@@ -195,8 +195,8 @@ PrefilterPacketDsizeMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const void
 
 static int PrefilterSetupDsize(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
 {
-    return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_DSIZE, PrefilterPacketU16Set,
-            PrefilterPacketU16Compare, PrefilterPacketDsizeMatch);
+    return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_DSIZE, SIG_MASK_REQUIRE_REAL_PKT,
+            PrefilterPacketU16Set, PrefilterPacketU16Compare, PrefilterPacketDsizeMatch);
 }
 
 static bool PrefilterDsizeIsPrefilterable(const Signature *s)

diff --git a/src/detect-engine-prefilter-common.c b/src/detect-engine-prefilter-common.c
index 15df839b0c94defcd75c36b8fb0422933d5a25c0..3c3321b8f58fabf30e8f775c39555a09d36c57a2 100644 (file)
--- a/src/detect-engine-prefilter-common.c
+++ b/src/detect-engine-prefilter-common.c
@@ -93,9 +93,8 @@ static void GetExtraMatch(const Signature *s, uint16_t *type, uint16_t *value)
 
 /** \internal
  */
-static int
-SetupEngineForPacketHeader(DetectEngineCtx *de_ctx, SigGroupHead *sgh,
-        int sm_type, PrefilterPacketHeaderHashCtx *hctx,
+static int SetupEngineForPacketHeader(DetectEngineCtx *de_ctx, SigGroupHead *sgh, int sm_type,
+        SignatureMask mask, PrefilterPacketHeaderHashCtx *hctx,
         bool (*Compare)(PrefilterPacketHeaderValue v, void *),
         void (*Match)(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx))
 {
@@ -143,8 +142,8 @@ SetupEngineForPacketHeader(DetectEngineCtx *de_ctx, SigGroupHead *sgh,
     SCLogDebug("%s: ctx %p extra type %u extra value %u, sig cnt %u",
             sigmatch_table[sm_type].name, ctx, ctx->type, ctx->value,
             ctx->sigs_cnt);
-    PrefilterAppendEngine(de_ctx, sgh, Match, ctx,
-            PrefilterPacketHeaderFree, sigmatch_table[sm_type].name);
+    PrefilterAppendEngine(
+            de_ctx, sgh, Match, mask, ctx, PrefilterPacketHeaderFree, sigmatch_table[sm_type].name);
     return 0;
 }
 
@@ -197,9 +196,8 @@ static void ApplyToU8Hash(PrefilterPacketU8HashCtx *ctx, PrefilterPacketHeaderVa
  *  \todo improve error handling
  *  \todo deduplicate sigs arrays
  */
-static int
-SetupEngineForPacketHeaderPrefilterPacketU8HashCtx(DetectEngineCtx *de_ctx,
-        SigGroupHead *sgh, int sm_type, uint32_t *counts,
+static int SetupEngineForPacketHeaderPrefilterPacketU8HashCtx(DetectEngineCtx *de_ctx,
+        SigGroupHead *sgh, int sm_type, SignatureMask mask, uint32_t *counts,
         void (*Set)(PrefilterPacketHeaderValue *v, void *),
         bool (*Compare)(PrefilterPacketHeaderValue v, void *),
         void (*Match)(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx))
@@ -247,8 +245,7 @@ SetupEngineForPacketHeaderPrefilterPacketU8HashCtx(DetectEngineCtx *de_ctx,
     }
 
     if (cnt) {
-        PrefilterAppendEngine(de_ctx, sgh, Match, ctx,
-                PrefilterPacketU8HashCtxFree,
+        PrefilterAppendEngine(de_ctx, sgh, Match, mask, ctx, PrefilterPacketU8HashCtxFree,
                 sigmatch_table[sm_type].name);
     } else {
         PrefilterPacketU8HashCtxFree(ctx);
@@ -259,30 +256,25 @@ SetupEngineForPacketHeaderPrefilterPacketU8HashCtx(DetectEngineCtx *de_ctx,
 /** \internal
  *  \brief setup a engine for each unique value
  */
-static void SetupSingle(DetectEngineCtx *de_ctx, HashListTable *hash_table,
-        SigGroupHead *sgh, int sm_type,
-        bool (*Compare)(PrefilterPacketHeaderValue v, void *),
-        void (*Match)(DetectEngineThreadCtx *det_ctx,
-            Packet *p, const void *pectx))
+static void SetupSingle(DetectEngineCtx *de_ctx, HashListTable *hash_table, SigGroupHead *sgh,
+        int sm_type, SignatureMask mask, bool (*Compare)(PrefilterPacketHeaderValue v, void *),
+        void (*Match)(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx))
 {
     HashListTableBucket *hb = HashListTableGetListHead(hash_table);
     for ( ; hb != NULL; hb = HashListTableGetListNext(hb)) {
         PrefilterPacketHeaderHashCtx *ctx = HashListTableGetListData(hb);
 
-        SetupEngineForPacketHeader(de_ctx, sgh, sm_type,
-                ctx, Compare, Match);
+        SetupEngineForPacketHeader(de_ctx, sgh, sm_type, mask, ctx, Compare, Match);
     }
 }
 
 /** \internal
  *  \brief setup a single engine with a hash map for u8 values
  */
-static void SetupU8Hash(DetectEngineCtx *de_ctx, HashListTable *hash_table,
-        SigGroupHead *sgh, int sm_type,
-        void (*Set)(PrefilterPacketHeaderValue *v, void *),
+static void SetupU8Hash(DetectEngineCtx *de_ctx, HashListTable *hash_table, SigGroupHead *sgh,
+        int sm_type, SignatureMask mask, void (*Set)(PrefilterPacketHeaderValue *v, void *),
         bool (*Compare)(PrefilterPacketHeaderValue v, void *),
-        void (*Match)(DetectEngineThreadCtx *det_ctx,
-            Packet *p, const void *pectx))
+        void (*Match)(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx))
 {
     uint32_t counts[256];
     memset(&counts, 0, sizeof(counts));
@@ -330,17 +322,14 @@ static void SetupU8Hash(DetectEngineCtx *de_ctx, HashListTable *hash_table,
         }
     }
 
-    SetupEngineForPacketHeaderPrefilterPacketU8HashCtx(de_ctx, sgh, sm_type,
-            counts, Set, Compare, Match);
+    SetupEngineForPacketHeaderPrefilterPacketU8HashCtx(
+            de_ctx, sgh, sm_type, mask, counts, Set, Compare, Match);
 }
 
-static int PrefilterSetupPacketHeaderCommon(DetectEngineCtx *de_ctx,
-        SigGroupHead *sgh, int sm_type,
-        void (*Set)(PrefilterPacketHeaderValue *v, void *),
+static int PrefilterSetupPacketHeaderCommon(DetectEngineCtx *de_ctx, SigGroupHead *sgh, int sm_type,
+        SignatureMask mask, void (*Set)(PrefilterPacketHeaderValue *v, void *),
         bool (*Compare)(PrefilterPacketHeaderValue v, void *),
-        void (*Match)(DetectEngineThreadCtx *det_ctx,
-                      Packet *p, const void *pectx),
-        bool u8hash)
+        void (*Match)(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx), bool u8hash)
 {
     Signature *s = NULL;
     uint32_t sig = 0;
@@ -392,9 +381,9 @@ static int PrefilterSetupPacketHeaderCommon(DetectEngineCtx *de_ctx,
     }
 
     if (!u8hash) {
-        SetupSingle(de_ctx, hash_table, sgh, sm_type, Compare, Match);
+        SetupSingle(de_ctx, hash_table, sgh, sm_type, mask, Compare, Match);
     } else {
-        SetupU8Hash(de_ctx, hash_table, sgh, sm_type, Set, Compare, Match);
+        SetupU8Hash(de_ctx, hash_table, sgh, sm_type, mask, Set, Compare, Match);
     }
 
     HashListTableFree(hash_table);
@@ -404,22 +393,18 @@ error:
     return -1;
 }
 
-int PrefilterSetupPacketHeaderU8Hash(DetectEngineCtx *de_ctx,
-        SigGroupHead *sgh, int sm_type,
-        void (*Set)(PrefilterPacketHeaderValue *v, void *),
+int PrefilterSetupPacketHeaderU8Hash(DetectEngineCtx *de_ctx, SigGroupHead *sgh, int sm_type,
+        SignatureMask mask, void (*Set)(PrefilterPacketHeaderValue *v, void *),
         bool (*Compare)(PrefilterPacketHeaderValue v, void *),
-        void (*Match)(DetectEngineThreadCtx *det_ctx,
-                      Packet *p, const void *pectx))
+        void (*Match)(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx))
 {
-    return PrefilterSetupPacketHeaderCommon(de_ctx, sgh, sm_type, Set, Compare, Match, true);
+    return PrefilterSetupPacketHeaderCommon(de_ctx, sgh, sm_type, mask, Set, Compare, Match, true);
 }
 
-int PrefilterSetupPacketHeader(DetectEngineCtx *de_ctx,
-        SigGroupHead *sgh, int sm_type,
-        void (*Set)(PrefilterPacketHeaderValue *v, void *),
+int PrefilterSetupPacketHeader(DetectEngineCtx *de_ctx, SigGroupHead *sgh, int sm_type,
+        SignatureMask mask, void (*Set)(PrefilterPacketHeaderValue *v, void *),
         bool (*Compare)(PrefilterPacketHeaderValue v, void *),
-        void (*Match)(DetectEngineThreadCtx *det_ctx,
-        Packet *p, const void *pectx))
+        void (*Match)(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx))
 {
-    return PrefilterSetupPacketHeaderCommon(de_ctx, sgh, sm_type, Set, Compare, Match, false);
+    return PrefilterSetupPacketHeaderCommon(de_ctx, sgh, sm_type, mask, Set, Compare, Match, false);
 }

diff --git a/src/detect-engine-prefilter-common.h b/src/detect-engine-prefilter-common.h
index 8ef3bb5b15e11ef11bdaa0f381d375557fd18608..e24f22fc7b4c6f4b8359f8d9236226c32f196581 100644 (file)
--- a/src/detect-engine-prefilter-common.h
+++ b/src/detect-engine-prefilter-common.h
@@ -58,19 +58,15 @@ typedef struct PrefilterPacketU8HashCtx_ {
 #define PREFILTER_U8HASH_MODE_GT DetectUintModeGt
 #define PREFILTER_U8HASH_MODE_RA DetectUintModeRange
 
-int PrefilterSetupPacketHeader(DetectEngineCtx *de_ctx,
-        SigGroupHead *sgh, int sm_type,
-        void (*Set)(PrefilterPacketHeaderValue *v, void *),
+int PrefilterSetupPacketHeader(DetectEngineCtx *de_ctx, SigGroupHead *sgh, int sm_type,
+        SignatureMask mask, void (*Set)(PrefilterPacketHeaderValue *v, void *),
         bool (*Compare)(PrefilterPacketHeaderValue v, void *),
-        void (*Match)(DetectEngineThreadCtx *det_ctx,
-            Packet *p, const void *pectx));
+        void (*Match)(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx));
 
-int PrefilterSetupPacketHeaderU8Hash(DetectEngineCtx *de_ctx,
-        SigGroupHead *sgh, int sm_type,
-        void (*Set)(PrefilterPacketHeaderValue *v, void *),
+int PrefilterSetupPacketHeaderU8Hash(DetectEngineCtx *de_ctx, SigGroupHead *sgh, int sm_type,
+        SignatureMask mask, void (*Set)(PrefilterPacketHeaderValue *v, void *),
         bool (*Compare)(PrefilterPacketHeaderValue v, void *),
-        void (*Match)(DetectEngineThreadCtx *det_ctx,
-            Packet *p, const void *pectx));
+        void (*Match)(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx));
 
 static inline bool
 PrefilterPacketHeaderExtraMatch(const PrefilterPacketHeaderCtx *ctx,

diff --git a/src/detect-engine-prefilter.c b/src/detect-engine-prefilter.c
index 7d593bcfe8463f9fdc00d4ad5645158821354115..83ccb2afb2912f79b2e2b5f5cec91576f59cadab 100644 (file)
--- a/src/detect-engine-prefilter.c
+++ b/src/detect-engine-prefilter.c
@@ -140,8 +140,8 @@ void DetectRunPrefilterTx(DetectEngineThreadCtx *det_ctx,
     }
 }
 
-void Prefilter(DetectEngineThreadCtx *det_ctx, const SigGroupHead *sgh,
-        Packet *p, const uint8_t flags)
+void Prefilter(DetectEngineThreadCtx *det_ctx, const SigGroupHead *sgh, Packet *p,
+        const uint8_t flags, const SignatureMask mask)
 {
     SCEnter();
 #if 0
@@ -159,9 +159,11 @@ void Prefilter(DetectEngineThreadCtx *det_ctx, const SigGroupHead *sgh,
         /* run packet engines */
         PrefilterEngine *engine = sgh->pkt_engines;
         do {
-            PREFILTER_PROFILING_START(det_ctx);
-            engine->cb.Prefilter(det_ctx, p, engine->pectx);
-            PREFILTER_PROFILING_END(det_ctx, engine->gid);
+            if ((engine->ctx.pkt_mask & mask) == engine->ctx.pkt_mask) {
+                PREFILTER_PROFILING_START(det_ctx);
+                engine->cb.Prefilter(det_ctx, p, engine->pectx);
+                PREFILTER_PROFILING_END(det_ctx, engine->gid);
+            }
 
             if (engine->is_last)
                 break;
@@ -200,7 +202,7 @@ void Prefilter(DetectEngineThreadCtx *det_ctx, const SigGroupHead *sgh,
 }
 
 int PrefilterAppendEngine(DetectEngineCtx *de_ctx, SigGroupHead *sgh, PrefilterPktFn PrefilterFunc,
-        void *pectx, void (*FreeFunc)(void *pectx), const char *name)
+        SignatureMask mask, void *pectx, void (*FreeFunc)(void *pectx), const char *name)
 {
     if (sgh == NULL || PrefilterFunc == NULL || pectx == NULL)
         return -1;
@@ -213,6 +215,7 @@ int PrefilterAppendEngine(DetectEngineCtx *de_ctx, SigGroupHead *sgh, PrefilterP
     e->Prefilter = PrefilterFunc;
     e->pectx = pectx;
     e->Free = FreeFunc;
+    e->pkt_mask = mask;
 
     if (sgh->init->pkt_engines == NULL) {
         sgh->init->pkt_engines = e;
@@ -445,6 +448,7 @@ void PrefilterSetupRuleGroup(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
         for (el = sgh->init->pkt_engines ; el != NULL; el = el->next) {
             e->local_id = el->id;
             e->cb.Prefilter = el->Prefilter;
+            e->ctx.pkt_mask = el->pkt_mask;
             e->pectx = el->pectx;
             el->pectx = NULL; // e now owns the ctx
             e->gid = el->gid;
@@ -469,6 +473,7 @@ void PrefilterSetupRuleGroup(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
         for (el = sgh->init->payload_engines ; el != NULL; el = el->next) {
             e->local_id = el->id;
             e->cb.Prefilter = el->Prefilter;
+            e->ctx.pkt_mask = el->pkt_mask;
             e->pectx = el->pectx;
             el->pectx = NULL; // e now owns the ctx
             e->gid = el->gid;
@@ -873,8 +878,8 @@ int PrefilterGenericMpmPktRegister(DetectEngineCtx *de_ctx, SigGroupHead *sgh, M
     pectx->mpm_ctx = mpm_ctx;
     pectx->transforms = &mpm_reg->transforms;
 
-    int r = PrefilterAppendEngine(de_ctx, sgh, PrefilterMpmPkt,
-        pectx, PrefilterMpmPktFree, mpm_reg->pname);
+    int r = PrefilterAppendEngine(
+            de_ctx, sgh, PrefilterMpmPkt, 0, pectx, PrefilterMpmPktFree, mpm_reg->pname);
     if (r != 0) {
         SCFree(pectx);
     }

diff --git a/src/detect-engine-prefilter.h b/src/detect-engine-prefilter.h
index 2a8bdf765ee3a442885b0704f545c08f24467c87..ec58594b9b00591aa35bf764bbd21322bb0fa1eb 100644 (file)
--- a/src/detect-engine-prefilter.h
+++ b/src/detect-engine-prefilter.h
@@ -47,11 +47,11 @@ typedef struct PrefilterStore_ {
     uint32_t id;
 } PrefilterStore;
 
-void Prefilter(DetectEngineThreadCtx *, const SigGroupHead *, Packet *p,
-        const uint8_t flags);
+void Prefilter(DetectEngineThreadCtx *, const SigGroupHead *, Packet *p, const uint8_t flags,
+        const SignatureMask mask);
 
 int PrefilterAppendEngine(DetectEngineCtx *de_ctx, SigGroupHead *sgh, PrefilterPktFn PrefilterFunc,
-        void *pectx, void (*FreeFunc)(void *pectx), const char *name);
+        SignatureMask mask, void *pectx, void (*FreeFunc)(void *pectx), const char *name);
 int PrefilterAppendPayloadEngine(DetectEngineCtx *de_ctx, SigGroupHead *sgh,
         PrefilterPktFn PrefilterFunc, void *pectx, void (*FreeFunc)(void *pectx), const char *name);
 int PrefilterAppendTxEngine(DetectEngineCtx *de_ctx, SigGroupHead *sgh,

diff --git a/src/detect-flow-age.c b/src/detect-flow-age.c
index 06ea3d9f931565708b9bdd196eb9a73fb5f40b77..a9ec15b3ff6340d76ea4ab854c07052b6bb2f762 100644 (file)
--- a/src/detect-flow-age.c
+++ b/src/detect-flow-age.c
@@ -74,8 +74,8 @@ static void PrefilterPacketFlowAgeMatch(
 
 static int PrefilterSetupFlowAge(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
 {
-    return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_FLOW_AGE, PrefilterPacketU32Set,
-            PrefilterPacketU32Compare, PrefilterPacketFlowAgeMatch);
+    return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_FLOW_AGE, SIG_MASK_REQUIRE_FLOW,
+            PrefilterPacketU32Set, PrefilterPacketU32Compare, PrefilterPacketFlowAgeMatch);
 }
 
 static bool PrefilterFlowAgeIsPrefilterable(const Signature *s)

diff --git a/src/detect-flow-pkts.c b/src/detect-flow-pkts.c
index ef5ab2d32a448fa2c4c4b44c2902f42d0d6ce071..ef8fed369cd93ce7f075bca7a69f1d4af0b495b5 100644 (file)
--- a/src/detect-flow-pkts.c
+++ b/src/detect-flow-pkts.c
@@ -75,7 +75,8 @@ static void PrefilterPacketFlowPktsToClientMatch(
 static int PrefilterSetupFlowPktsToClient(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
 {
     return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_FLOW_PKTS_TO_CLIENT,
-            PrefilterPacketU32Set, PrefilterPacketU32Compare, PrefilterPacketFlowPktsToClientMatch);
+            SIG_MASK_REQUIRE_FLOW, PrefilterPacketU32Set, PrefilterPacketU32Compare,
+            PrefilterPacketFlowPktsToClientMatch);
 }
 
 static bool PrefilterFlowPktsToClientIsPrefilterable(const Signature *s)
@@ -148,7 +149,8 @@ static void PrefilterPacketFlowPktsToServerMatch(
 static int PrefilterSetupFlowPktsToServer(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
 {
     return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_FLOW_PKTS_TO_SERVER,
-            PrefilterPacketU32Set, PrefilterPacketU32Compare, PrefilterPacketFlowPktsToServerMatch);
+            SIG_MASK_REQUIRE_FLOW, PrefilterPacketU32Set, PrefilterPacketU32Compare,
+            PrefilterPacketFlowPktsToServerMatch);
 }
 
 static bool PrefilterFlowPktsToServerIsPrefilterable(const Signature *s)

diff --git a/src/detect-flow.c b/src/detect-flow.c
index 696e5013a03ec3319418db5ca1bb832830183a9e..0395b55f0018ac89358e9672b3097624415c23dc 100644 (file)
--- a/src/detect-flow.c
+++ b/src/detect-flow.c
@@ -475,10 +475,8 @@ PrefilterPacketFlowCompare(PrefilterPacketHeaderValue v, void *smctx)
 
 static int PrefilterSetupFlow(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
 {
-    return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_FLOW,
-        PrefilterPacketFlowSet,
-        PrefilterPacketFlowCompare,
-        PrefilterPacketFlowMatch);
+    return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_FLOW, 0, PrefilterPacketFlowSet,
+            PrefilterPacketFlowCompare, PrefilterPacketFlowMatch);
 }
 
 static bool PrefilterFlowIsPrefilterable(const Signature *s)

diff --git a/src/detect-fragbits.c b/src/detect-fragbits.c
index 1799eff05cff92bba2a12e22d833e546e6f7eb9e..50112224c6595db3ab83f76570d1c2b76e275f0b 100644 (file)
--- a/src/detect-fragbits.c
+++ b/src/detect-fragbits.c
@@ -364,10 +364,9 @@ PrefilterPacketFragBitsCompare(PrefilterPacketHeaderValue v, void *smctx)
 
 static int PrefilterSetupFragBits(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
 {
-    return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_FRAGBITS,
-        PrefilterPacketFragBitsSet,
-        PrefilterPacketFragBitsCompare,
-        PrefilterPacketFragBitsMatch);
+    return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_FRAGBITS, SIG_MASK_REQUIRE_REAL_PKT,
+            PrefilterPacketFragBitsSet, PrefilterPacketFragBitsCompare,
+            PrefilterPacketFragBitsMatch);
 }
 
 static bool PrefilterFragBitsIsPrefilterable(const Signature *s)

diff --git a/src/detect-fragoffset.c b/src/detect-fragoffset.c
index 93def9400cb752746a6adf7eee53ce90a6185b72..ac2482cd75fc2d254d37fef3d646062b3c1ffc7b 100644 (file)
--- a/src/detect-fragoffset.c
+++ b/src/detect-fragoffset.c
@@ -310,10 +310,9 @@ PrefilterPacketFragOffsetCompare(PrefilterPacketHeaderValue v, void *smctx)
 
 static int PrefilterSetupFragOffset(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
 {
-    return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_FRAGOFFSET,
-        PrefilterPacketFragOffsetSet,
-        PrefilterPacketFragOffsetCompare,
-        PrefilterPacketFragOffsetMatch);
+    return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_FRAGOFFSET, SIG_MASK_REQUIRE_REAL_PKT,
+            PrefilterPacketFragOffsetSet, PrefilterPacketFragOffsetCompare,
+            PrefilterPacketFragOffsetMatch);
 }
 
 static bool PrefilterFragOffsetIsPrefilterable(const Signature *s)

diff --git a/src/detect-icmp-id.c b/src/detect-icmp-id.c
index b35839a765504bab040e4dfb028cf9a676089eb4..d8727c7aa47c96752631212c7303897a388e7919 100644 (file)
--- a/src/detect-icmp-id.c
+++ b/src/detect-icmp-id.c
@@ -307,10 +307,8 @@ PrefilterPacketIcmpIdCompare(PrefilterPacketHeaderValue v, void *smctx)
 
 static int PrefilterSetupIcmpId(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
 {
-    return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_ICMP_ID,
-        PrefilterPacketIcmpIdSet,
-        PrefilterPacketIcmpIdCompare,
-        PrefilterPacketIcmpIdMatch);
+    return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_ICMP_ID, SIG_MASK_REQUIRE_REAL_PKT,
+            PrefilterPacketIcmpIdSet, PrefilterPacketIcmpIdCompare, PrefilterPacketIcmpIdMatch);
 }
 
 static bool PrefilterIcmpIdIsPrefilterable(const Signature *s)

diff --git a/src/detect-icmp-seq.c b/src/detect-icmp-seq.c
index acedba4b28574d7bce155af93bf166ae475634a3..321517fbcb8ecd816df8cd74ddad650d65d2727b 100644 (file)
--- a/src/detect-icmp-seq.c
+++ b/src/detect-icmp-seq.c
@@ -308,10 +308,8 @@ PrefilterPacketIcmpSeqCompare(PrefilterPacketHeaderValue v, void *smctx)
 
 static int PrefilterSetupIcmpSeq(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
 {
-    return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_ICMP_SEQ,
-        PrefilterPacketIcmpSeqSet,
-        PrefilterPacketIcmpSeqCompare,
-        PrefilterPacketIcmpSeqMatch);
+    return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_ICMP_SEQ, SIG_MASK_REQUIRE_REAL_PKT,
+            PrefilterPacketIcmpSeqSet, PrefilterPacketIcmpSeqCompare, PrefilterPacketIcmpSeqMatch);
 }
 
 static bool PrefilterIcmpSeqIsPrefilterable(const Signature *s)

diff --git a/src/detect-icmpv6-mtu.c b/src/detect-icmpv6-mtu.c
index 59b40fee484e4f765e85e2db33d919d1e16beb06..0d6724b1a6b288f271df53b51dcef1b051b2f4b4 100644 (file)
--- a/src/detect-icmpv6-mtu.c
+++ b/src/detect-icmpv6-mtu.c
@@ -170,10 +170,8 @@ PrefilterPacketIcmpv6mtuMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const v
 
 static int PrefilterSetupIcmpv6mtu(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
 {
-    return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_ICMPV6MTU,
-            PrefilterPacketU32Set,
-            PrefilterPacketU32Compare,
-            PrefilterPacketIcmpv6mtuMatch);
+    return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_ICMPV6MTU, SIG_MASK_REQUIRE_REAL_PKT,
+            PrefilterPacketU32Set, PrefilterPacketU32Compare, PrefilterPacketIcmpv6mtuMatch);
 }
 
 static bool PrefilterIcmpv6mtuIsPrefilterable(const Signature *s)

diff --git a/src/detect-icode.c b/src/detect-icode.c
index 2acfcda5286dc3c5b386ceb8f55994fc6094aa90..1634e4a9767078d8db20b2492a9e153e41c407a3 100644 (file)
--- a/src/detect-icode.c
+++ b/src/detect-icode.c
@@ -173,8 +173,8 @@ static void PrefilterPacketICodeMatch(DetectEngineThreadCtx *det_ctx,
 
 static int PrefilterSetupICode(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
 {
-    return PrefilterSetupPacketHeaderU8Hash(de_ctx, sgh, DETECT_ICODE, PrefilterPacketU8Set,
-            PrefilterPacketU8Compare, PrefilterPacketICodeMatch);
+    return PrefilterSetupPacketHeaderU8Hash(de_ctx, sgh, DETECT_ICODE, SIG_MASK_REQUIRE_REAL_PKT,
+            PrefilterPacketU8Set, PrefilterPacketU8Compare, PrefilterPacketICodeMatch);
 }
 
 static bool PrefilterICodeIsPrefilterable(const Signature *s)

diff --git a/src/detect-id.c b/src/detect-id.c
index 27703b4dbc8fcdaba3d0aaae9efea8eeb9f14ee1..8a10195727e0a9af420b09a63da8b6482a12de84 100644 (file)
--- a/src/detect-id.c
+++ b/src/detect-id.c
@@ -261,10 +261,8 @@ PrefilterPacketIdCompare(PrefilterPacketHeaderValue v, void *smctx)
 
 static int PrefilterSetupId(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
 {
-    return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_ID,
-        PrefilterPacketIdSet,
-        PrefilterPacketIdCompare,
-        PrefilterPacketIdMatch);
+    return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_ID, SIG_MASK_REQUIRE_REAL_PKT,
+            PrefilterPacketIdSet, PrefilterPacketIdCompare, PrefilterPacketIdMatch);
 }
 
 static bool PrefilterIdIsPrefilterable(const Signature *s)

diff --git a/src/detect-itype.c b/src/detect-itype.c
index 5b432c6f570fa568772a97333954018a7651351c..42f9144f44690140aafc8fc42f1210af416d2e70 100644 (file)
--- a/src/detect-itype.c
+++ b/src/detect-itype.c
@@ -189,8 +189,8 @@ static void PrefilterPacketITypeMatch(DetectEngineThreadCtx *det_ctx,
 
 static int PrefilterSetupIType(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
 {
-    return PrefilterSetupPacketHeaderU8Hash(de_ctx, sgh, DETECT_ITYPE, PrefilterPacketU8Set,
-            PrefilterPacketU8Compare, PrefilterPacketITypeMatch);
+    return PrefilterSetupPacketHeaderU8Hash(de_ctx, sgh, DETECT_ITYPE, SIG_MASK_REQUIRE_REAL_PKT,
+            PrefilterPacketU8Set, PrefilterPacketU8Compare, PrefilterPacketITypeMatch);
 }
 
 static bool PrefilterITypeIsPrefilterable(const Signature *s)

diff --git a/src/detect-stream_size.c b/src/detect-stream_size.c
index 79ee4b5fb4131f7011e0afc18913e95e5599c1eb..7597b71b135aff87060a6bdd29351c365c4503fa 100644 (file)
--- a/src/detect-stream_size.c
+++ b/src/detect-stream_size.c
@@ -214,7 +214,8 @@ static bool PrefilterPacketStreamSizeCompare(PrefilterPacketHeaderValue v, void
 
 static int PrefilterSetupStreamSize(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
 {
-    return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_STREAM_SIZE, PrefilterPacketStreamSizeSet,
+    return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_STREAM_SIZE,
+            SIG_MASK_REQUIRE_FLOW | SIG_MASK_REQUIRE_REAL_PKT, PrefilterPacketStreamSizeSet,
             PrefilterPacketStreamSizeCompare, PrefilterPacketStreamsizeMatch);
 }
 

diff --git a/src/detect-tcp-ack.c b/src/detect-tcp-ack.c
index 84a13f7f8efa05300fa39e4b06febd48310fe28d..d58ac4008add205f014eee4ec58539b13c6aaf57 100644 (file)
--- a/src/detect-tcp-ack.c
+++ b/src/detect-tcp-ack.c
@@ -183,10 +183,8 @@ PrefilterPacketAckCompare(PrefilterPacketHeaderValue v, void *smctx)
 
 static int PrefilterSetupTcpAck(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
 {
-    return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_ACK,
-        PrefilterPacketAckSet,
-        PrefilterPacketAckCompare,
-        PrefilterPacketAckMatch);
+    return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_ACK, SIG_MASK_REQUIRE_REAL_PKT,
+            PrefilterPacketAckSet, PrefilterPacketAckCompare, PrefilterPacketAckMatch);
 }
 
 static bool PrefilterTcpAckIsPrefilterable(const Signature *s)

diff --git a/src/detect-tcp-flags.c b/src/detect-tcp-flags.c
index 57488e38608b4abbe164df19e3626bbce4990eb8..472ebcad5d7698095dde245b8f75e2346d1ce399 100644 (file)
--- a/src/detect-tcp-flags.c
+++ b/src/detect-tcp-flags.c
@@ -595,11 +595,8 @@ PrefilterPacketFlagsCompare(PrefilterPacketHeaderValue v, void *smctx)
 
 static int PrefilterSetupTcpFlags(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
 {
-    return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_FLAGS,
-            PrefilterPacketFlagsSet,
-            PrefilterPacketFlagsCompare,
-            PrefilterPacketFlagsMatch);
-
+    return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_FLAGS, SIG_MASK_REQUIRE_REAL_PKT,
+            PrefilterPacketFlagsSet, PrefilterPacketFlagsCompare, PrefilterPacketFlagsMatch);
 }
 
 static bool PrefilterTcpFlagsIsPrefilterable(const Signature *s)

diff --git a/src/detect-tcp-seq.c b/src/detect-tcp-seq.c
index 91d6799c10aae3e77f1b386874631d4fa16c40dc..660e2717c8f5d8344b920f4aed4db99669b02f35 100644 (file)
--- a/src/detect-tcp-seq.c
+++ b/src/detect-tcp-seq.c
@@ -178,10 +178,8 @@ PrefilterPacketSeqCompare(PrefilterPacketHeaderValue v, void *smctx)
 
 static int PrefilterSetupTcpSeq(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
 {
-    return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_SEQ,
-        PrefilterPacketSeqSet,
-        PrefilterPacketSeqCompare,
-        PrefilterPacketSeqMatch);
+    return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_SEQ, SIG_MASK_REQUIRE_REAL_PKT,
+            PrefilterPacketSeqSet, PrefilterPacketSeqCompare, PrefilterPacketSeqMatch);
 }
 
 static bool PrefilterTcpSeqIsPrefilterable(const Signature *s)

diff --git a/src/detect-tcpmss.c b/src/detect-tcpmss.c
index 0ecdd8910f555baf15b7e0259f475cbbe880fd9d..e4bf4aac93f10a4b3be110f7c0bf4daafef24722 100644 (file)
--- a/src/detect-tcpmss.c
+++ b/src/detect-tcpmss.c
@@ -158,8 +158,8 @@ PrefilterPacketTcpmssMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const void
 
 static int PrefilterSetupTcpmss(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
 {
-    return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_TCPMSS, PrefilterPacketU16Set,
-            PrefilterPacketU16Compare, PrefilterPacketTcpmssMatch);
+    return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_TCPMSS, SIG_MASK_REQUIRE_REAL_PKT,
+            PrefilterPacketU16Set, PrefilterPacketU16Compare, PrefilterPacketTcpmssMatch);
 }
 
 static bool PrefilterTcpmssIsPrefilterable(const Signature *s)

diff --git a/src/detect-template2.c b/src/detect-template2.c
index 45efa7e6a647f107adfa4a7ec40c50a9bcb10fef..da640064d401e3fa6707ff89ce7b4cf65f20ffe6 100644 (file)
--- a/src/detect-template2.c
+++ b/src/detect-template2.c
@@ -170,8 +170,8 @@ PrefilterPacketTemplate2Match(DetectEngineThreadCtx *det_ctx, Packet *p, const v
 
 static int PrefilterSetupTemplate2(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
 {
-    return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_TEMPLATE2, PrefilterPacketU8Set,
-            PrefilterPacketU8Compare, PrefilterPacketTemplate2Match);
+    return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_TEMPLATE2, SIG_MASK_REQUIRE_REAL_PKT,
+            PrefilterPacketU8Set, PrefilterPacketU8Compare, PrefilterPacketTemplate2Match);
 }
 
 static bool PrefilterTemplate2IsPrefilterable(const Signature *s)

diff --git a/src/detect-ttl.c b/src/detect-ttl.c
index efb86816d9bbef3d9dfcf024306365cc5bd9ba9a..3c7f60eb0f6bd361695df3ffeedca279ebe0dffa 100644 (file)
--- a/src/detect-ttl.c
+++ b/src/detect-ttl.c
@@ -169,8 +169,8 @@ PrefilterPacketTtlMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const void *p
 
 static int PrefilterSetupTtl(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
 {
-    return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_TTL, PrefilterPacketU8Set,
-            PrefilterPacketU8Compare, PrefilterPacketTtlMatch);
+    return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_TTL, SIG_MASK_REQUIRE_REAL_PKT,
+            PrefilterPacketU8Set, PrefilterPacketU8Compare, PrefilterPacketTtlMatch);
 }
 
 static bool PrefilterTtlIsPrefilterable(const Signature *s)

diff --git a/src/detect.c b/src/detect.c
index 7c7536a22709e7373b27b4a3d6b496ffce2248a7..440ede976736bf4c99946139c59bfd72833e47c9 100644 (file)
--- a/src/detect.c
+++ b/src/detect.c
@@ -696,7 +696,7 @@ static inline void DetectRunPrefilterPkt(
     PACKET_PROFILING_DETECT_END(p, PROF_DETECT_NONMPMLIST);
 
     /* run the prefilter engines */
-    Prefilter(det_ctx, scratch->sgh, p, scratch->flow_flags);
+    Prefilter(det_ctx, scratch->sgh, p, scratch->flow_flags, scratch->pkt_mask);
     /* create match list if we have non-pf and/or pf */
     if (det_ctx->non_pf_store_cnt || det_ctx->pmq.rule_id_array_cnt) {
 #ifdef PROFILING

diff --git a/src/detect.h b/src/detect.h
index d0eb931fb5fca8cbb802b4feb6eb4ac3c62ebfef..6a2d9c2792db267fc2d42628faa6fa1213074f3f 100644 (file)
--- a/src/detect.h
+++ b/src/detect.h
@@ -1394,6 +1394,8 @@ typedef struct PrefilterEngineList_ {
 
     uint8_t frame_type;
 
+    SignatureMask pkt_mask; /**< mask for pkt engines */
+
     /** Context for matching. Might be MpmCtx for MPM engines, other ctx'
      *  for other engines. */
     void *pectx;
@@ -1419,6 +1421,7 @@ typedef struct PrefilterEngine_ {
     AppProto alproto;
 
     union {
+        SignatureMask pkt_mask; /**< mask for pkt engines */
         /** Minimal Tx progress we need before running the engine. Only used
          *  with Tx Engine */
         uint8_t tx_min_progress;