detect/prefilter: allow special engine for each app update

Allow registering the progress as -1, which means it will be invoked
each time the app prefilters are called.

diff --git a/src/detect-engine-prefilter.c b/src/detect-engine-prefilter.c
index ea000cc04ddb5fef015595d4e7b4009f0ef6d64d..5f6ab3f0171c18ed758bea2602b5e9f047dba88c 100644 (file)
--- a/src/detect-engine-prefilter.c
+++ b/src/detect-engine-prefilter.c
@@ -115,32 +115,40 @@ void DetectRunPrefilterTx(DetectEngineThreadCtx *det_ctx,
             // incompatible engine->alproto with flow alproto
             goto next;
         }
-        if (engine->ctx.tx_min_progress > tx->tx_progress)
-            break;
-        if (tx->tx_progress > engine->ctx.tx_min_progress) {
-            /* if state value is at or beyond engine state, we can skip it. It means we ran at
-             * least once already. */
-            if (tx->detect_progress > engine->ctx.tx_min_progress) {
-                SCLogDebug("tx already marked progress as beyond engine: %u > %u",
-                        tx->detect_progress, engine->ctx.tx_min_progress);
-                goto next;
+
+        if (engine->ctx.tx_min_progress != -1) {
+            if (engine->ctx.tx_min_progress > tx->tx_progress)
+                break;
+            if (tx->tx_progress > engine->ctx.tx_min_progress) {
+                /* if state value is at or beyond engine state, we can skip it. It means we ran at
+                 * least once already. */
+                if (tx->detect_progress > engine->ctx.tx_min_progress) {
+                    SCLogDebug("tx already marked progress as beyond engine: %u > %u",
+                            tx->detect_progress, engine->ctx.tx_min_progress);
+                    goto next;
+                }
             }
-        }
 
-        PREFILTER_PROFILING_START(det_ctx);
-        engine->cb.PrefilterTx(
-                det_ctx, engine->pectx, p, p->flow, tx_ptr, tx->tx_id, tx->tx_data_ptr, flow_flags);
-        PREFILTER_PROFILING_END(det_ctx, engine->gid);
-
-        if (tx->tx_progress > engine->ctx.tx_min_progress && engine->is_last_for_progress) {
-            /* track with an offset of one, so that tx->progress 0 complete is tracked
-             * as 1, progress 1 as 2, etc. This is to allow 0 to mean: nothing tracked, even
-             * though a parser may use 0 as a valid value. */
-            tx->detect_progress = engine->ctx.tx_min_progress + 1;
-            SCLogDebug("tx->tx_progress %d engine->ctx.tx_min_progress %d "
-                       "engine->is_last_for_progress %d => tx->detect_progress updated to %02x",
-                    tx->tx_progress, engine->ctx.tx_min_progress, engine->is_last_for_progress,
-                    tx->detect_progress);
+            PREFILTER_PROFILING_START(det_ctx);
+            engine->cb.PrefilterTx(det_ctx, engine->pectx, p, p->flow, tx_ptr, tx->tx_id,
+                    tx->tx_data_ptr, flow_flags);
+            PREFILTER_PROFILING_END(det_ctx, engine->gid);
+
+            if (tx->tx_progress > engine->ctx.tx_min_progress && engine->is_last_for_progress) {
+                /* track with an offset of one, so that tx->progress 0 complete is tracked
+                 * as 1, progress 1 as 2, etc. This is to allow 0 to mean: nothing tracked, even
+                 * though a parser may use 0 as a valid value. */
+                tx->detect_progress = engine->ctx.tx_min_progress + 1;
+                SCLogDebug("tx->tx_progress %d engine->ctx.tx_min_progress %d "
+                           "engine->is_last_for_progress %d => tx->detect_progress updated to %02x",
+                        tx->tx_progress, engine->ctx.tx_min_progress, engine->is_last_for_progress,
+                        tx->detect_progress);
+            }
+        } else {
+            PREFILTER_PROFILING_START(det_ctx);
+            engine->cb.PrefilterTx(det_ctx, engine->pectx, p, p->flow, tx_ptr, tx->tx_id,
+                    tx->tx_data_ptr, flow_flags);
+            PREFILTER_PROFILING_END(det_ctx, engine->gid);
         }
     next:
         if (engine->is_last)
@@ -338,7 +346,7 @@ int PrefilterAppendTxEngine(DetectEngineCtx *de_ctx, SigGroupHead *sgh,
     e->pectx = pectx;
     e->alproto = alproto;
     // TODO change function prototype ?
-    DEBUG_VALIDATE_BUG_ON(tx_min_progress > UINT8_MAX);
+    DEBUG_VALIDATE_BUG_ON(tx_min_progress > INT8_MAX);
     e->tx_min_progress = (uint8_t)tx_min_progress;
     e->Free = FreeFunc;
 
@@ -1236,7 +1244,8 @@ int PrefilterSetupRuleGroup(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
             PrefilterEngine *prev_engine = NULL;
             engine = sgh->tx_engines;
             do {
-                BUG_ON(engine->ctx.tx_min_progress < last_tx_progress);
+                if (engine->ctx.tx_min_progress != -1)
+                    BUG_ON(engine->ctx.tx_min_progress < last_tx_progress);
                 if (engine->alproto == a) {
                     if (last_tx_progress_set && engine->ctx.tx_min_progress > last_tx_progress) {
                         if (prev_engine) {

diff --git a/src/detect.h b/src/detect.h
index 4c353c1a6d12746954a74ee36968881f76116399..9abb96be9d469d7aedffbbf07cfb73e9d8702b9c 100644 (file)
--- a/src/detect.h
+++ b/src/detect.h
@@ -1454,8 +1454,8 @@ typedef struct PrefilterEngineList_ {
     /** App Proto this engine applies to: only used with Tx Engines */
     AppProto alproto;
     /** Minimal Tx progress we need before running the engine. Only used
-     *  with Tx Engine */
-    uint8_t tx_min_progress;
+     *  with Tx Engine. Set to -1 for all states. */
+    int8_t tx_min_progress;
 
     uint8_t frame_type;
 
@@ -1495,8 +1495,8 @@ typedef struct PrefilterEngine_ {
             uint8_t hook;       /**< enum SignatureHookPkt */
         } pkt;
         /** Minimal Tx progress we need before running the engine. Only used
-         *  with Tx Engine */
-        uint8_t tx_min_progress;
+         *  with Tx Engine. Set to -1 for all states. */
+        int8_t tx_min_progress;
         uint8_t frame_type;
     } ctx;