From: Philippe Antoine <pantoine@oisf.net>
Date: Mon, 18 Sep 2023 11:29:08 +0000 (+0200)
Subject: detect: do not store state without flags
X-Git-Tag: suricata-8.0.0-beta1~1814
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2fb5059;p=thirdparty%2Fsuricata.git

detect: do not store state without flags

If flags are zero, there is nothing to store and remember.

Stored signatures will be reused on a later packet, and
qsorted (which may be expensive), with newer matches candidates.

Avoiding to store, leads to avoid the call to qsort.
---

diff --git a/src/detect.c b/src/detect.c
index 659f96441b..72e40eaff3 100644
--- a/src/detect.c
+++ b/src/detect.c
@@ -1218,7 +1218,7 @@ static bool DetectRunTxInspectRule(ThreadVars *tv,
         } else if ((inspect_flags & DE_STATE_FLAG_FULL_INSPECT) == 0 && mpm_in_progress) {
             TRACE_SID_TXS(s->id, tx, "no need to store no-match sig, "
                     "mpm will revisit it");
-        } else {
+        } else if (inspect_flags != 0 || file_no_match != 0) {
             TRACE_SID_TXS(s->id, tx, "storing state: flags %08x", inspect_flags);
             DetectRunStoreStateTx(scratch->sgh, f, tx->tx_ptr, tx->tx_id, s,
                     inspect_flags, flow_flags, file_no_match);