detect: clarify and slightly cleanup non-pf logic

diff --git a/src/detect.c b/src/detect.c
index 2530dc87a6b4dcfca10f4b91d1170bce3d5aec84..9aa0a279aca17312d830fe36a5e178fdff9f9698 100644 (file)
--- a/src/detect.c
+++ b/src/detect.c
@@ -349,11 +349,14 @@ static inline void DetectPrefilterMergeSort(DetectEngineCtx *de_ctx,
     DEBUG_VALIDATE_BUG_ON((det_ctx->pmq.rule_id_array_cnt + det_ctx->non_pf_id_cnt) < det_ctx->match_array_cnt);
 }
 
+/** \internal
+ *  \brief build non-prefilter list based on the rule group list we've set.
+ */
 static inline void
-DetectPrefilterBuildNonPrefilterList(DetectEngineThreadCtx *det_ctx, SignatureMask mask, uint8_t alproto)
+DetectPrefilterBuildNonPrefilterList(DetectEngineThreadCtx *det_ctx,
+        const SignatureMask mask, const uint8_t alproto)
 {
-    uint32_t x = 0;
-    for (x = 0; x < det_ctx->non_pf_store_cnt; x++) {
+    for (uint32_t x = 0; x < det_ctx->non_pf_store_cnt; x++) {
         /* only if the mask matches this rule can possibly match,
          * so build the non_mpm array only for match candidates */
         const SignatureMask rule_mask = det_ctx->non_pf_store_ptr[x].mask;

diff --git a/src/detect.h b/src/detect.h
index 537be909433a8fd946900e0362fbed5640b6e9c1..8d6d66559198508ebcb26c04883ee5966db56a46 100644 (file)
--- a/src/detect.h
+++ b/src/detect.h
@@ -1012,6 +1012,8 @@ typedef struct DetectEngineThreadCtx_ {
     /* the thread to which this detection engine thread belongs */
     ThreadVars *tv;
 
+    /** Array of non-prefiltered sigs that need to be evaluated. Updated
+     *  per packet based on the rule group and traffic properties. */
     SigIntId *non_pf_id_array;
     uint32_t non_pf_id_cnt; // size is cnt * sizeof(uint32_t)