detect/threshold: Improve threshold.config perf

This commit improves performance when parsing threshold.config by
removing a loop-invariant to create a one-time object with the parsed
address(es).

Then, as needed, copies of this object are made as the suppression
rule(s) are processed.

(cherry picked from commit 02ceac8b8d4473de5f373a4785a1c143778b06e1)

diff --git a/src/util-threshold-config.c b/src/util-threshold-config.c
index d47eebbaf9d9418036eeb5f7f987da44400d8953..2f4a5fae538ca9141efe64ea4a03a4290ed2c439 100644 (file)
--- a/src/util-threshold-config.c
+++ b/src/util-threshold-config.c
@@ -295,6 +295,25 @@ static int SetupSuppressRule(DetectEngineCtx *de_ctx, uint32_t id, uint32_t gid,
 
     BUG_ON(parsed_type != TYPE_SUPPRESS);
 
+    DetectThresholdData *orig_de = NULL;
+    if (parsed_track != TRACK_RULE) {
+        orig_de = SCCalloc(1, sizeof(DetectThresholdData));
+        if (unlikely(orig_de == NULL))
+            goto error;
+
+        orig_de->type = TYPE_SUPPRESS;
+        orig_de->track = parsed_track;
+        orig_de->count = parsed_count;
+        orig_de->seconds = parsed_seconds;
+        orig_de->new_action = parsed_new_action;
+        orig_de->timeout = parsed_timeout;
+        if (DetectAddressParse((const DetectEngineCtx *)de_ctx, &orig_de->addrs, (char *)th_ip) <
+                0) {
+            SCLogError(SC_ERR_INVALID_IP_NETBLOCK, "failed to parse %s", th_ip);
+            goto error;
+        }
+    }
+
     /* Install it */
     if (id == 0 && gid == 0) {
         if (parsed_track == TRACK_RULE) {
@@ -309,24 +328,9 @@ static int SetupSuppressRule(DetectEngineCtx *de_ctx, uint32_t id, uint32_t gid,
                 continue;
             }
 
-            de = SCMalloc(sizeof(DetectThresholdData));
+            de = DetectThresholdDataCopy(orig_de);
             if (unlikely(de == NULL))
                 goto error;
-            memset(de,0,sizeof(DetectThresholdData));
-
-            de->type = TYPE_SUPPRESS;
-            de->track = parsed_track;
-            de->count = parsed_count;
-            de->seconds = parsed_seconds;
-            de->new_action = parsed_new_action;
-            de->timeout = parsed_timeout;
-
-            if (parsed_track != TRACK_RULE) {
-                if (DetectAddressParse((const DetectEngineCtx *)de_ctx, &de->addrs, (char *)th_ip) < 0) {
-                    SCLogError(SC_ERR_INVALID_IP_NETBLOCK, "failed to parse %s", th_ip);
-                    goto error;
-                }
-            }
 
             sm = SigMatchAlloc();
             if (sm == NULL) {
@@ -353,26 +357,10 @@ static int SetupSuppressRule(DetectEngineCtx *de_ctx, uint32_t id, uint32_t gid,
                 continue;
             }
 
-            de = SCMalloc(sizeof(DetectThresholdData));
+            de = DetectThresholdDataCopy(orig_de);
             if (unlikely(de == NULL))
                 goto error;
 
-            memset(de,0,sizeof(DetectThresholdData));
-
-            de->type = TYPE_SUPPRESS;
-            de->track = parsed_track;
-            de->count = parsed_count;
-            de->seconds = parsed_seconds;
-            de->new_action = parsed_new_action;
-            de->timeout = parsed_timeout;
-
-            if (parsed_track != TRACK_RULE) {
-                if (DetectAddressParse((const DetectEngineCtx *)de_ctx, &de->addrs, (char *)th_ip) < 0) {
-                    SCLogError(SC_ERR_INVALID_IP_NETBLOCK, "failed to parse %s", th_ip);
-                    goto error;
-                }
-            }
-
             sm = SigMatchAlloc();
             if (sm == NULL) {
                 SCLogError(SC_ERR_MEM_ALLOC, "Error allocating SigMatch");
@@ -400,22 +388,9 @@ static int SetupSuppressRule(DetectEngineCtx *de_ctx, uint32_t id, uint32_t gid,
                 goto end;
             }
 
-            de = SCMalloc(sizeof(DetectThresholdData));
+            de = DetectThresholdDataCopy(orig_de);
             if (unlikely(de == NULL))
                 goto error;
-            memset(de,0,sizeof(DetectThresholdData));
-
-            de->type = TYPE_SUPPRESS;
-            de->track = parsed_track;
-            de->count = parsed_count;
-            de->seconds = parsed_seconds;
-            de->new_action = parsed_new_action;
-            de->timeout = parsed_timeout;
-
-            if (DetectAddressParse((const DetectEngineCtx *)de_ctx, &de->addrs, (char *)th_ip) < 0) {
-                SCLogError(SC_ERR_INVALID_IP_NETBLOCK, "failed to parse %s", th_ip);
-                goto error;
-            }
 
             sm = SigMatchAlloc();
             if (sm == NULL) {
@@ -431,8 +406,16 @@ static int SetupSuppressRule(DetectEngineCtx *de_ctx, uint32_t id, uint32_t gid,
     }
 
 end:
+    if (orig_de != NULL) {
+        DetectAddressHeadCleanup(&orig_de->addrs);
+        SCFree(orig_de);
+    }
     return 0;
 error:
+    if (orig_de != NULL) {
+        DetectAddressHeadCleanup(&orig_de->addrs);
+        SCFree(orig_de);
+    }
     if (de != NULL) {
         DetectAddressHeadCleanup(&de->addrs);
         SCFree(de);