From: Victor Julien <victor@inliniac.net>
Date: Thu, 9 Aug 2018 22:06:24 +0000 (+0200)
Subject: detect/prefilter: speed up setup
X-Git-Tag: suricata-4.0.6~43
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=530203bfd57fe1d3a2cee0245d73f0a7745f86cd;p=thirdparty%2Fsuricata.git

detect/prefilter: speed up setup

If the global detect.prefilter.default setting is not "auto", it is
wasteful to run each prefilter setup routine. This patch tracks which
of the engines have been explicitly enabled in the rules and only
runs those.
---

diff --git a/src/detect-engine-prefilter.c b/src/detect-engine-prefilter.c
index b289bc1369..75cee3ea10 100644
--- a/src/detect-engine-prefilter.c
+++ b/src/detect-engine-prefilter.c
@@ -380,11 +380,16 @@ void PrefilterSetupRuleGroup(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
 {
     BUG_ON(PatternMatchPrepareGroup(de_ctx, sgh) != 0);
 
-    /* set up engines if needed - independent of 'detect.prefilter.default'
-     * setting as the prefilter keyword may have enabled individual sigs */
+    /* set up engines if needed - when prefilter is set to auto we run
+     * all engines, otherwise only those that have been forced by the
+     * prefilter keyword. */
+    const enum DetectEnginePrefilterSetting setting = de_ctx->prefilter_setting;
     for (int i = 0; i < DETECT_TBLSIZE; i++)
     {
-        if (sigmatch_table[i].SetupPrefilter != NULL) {
+        if (sigmatch_table[i].SetupPrefilter != NULL &&
+                (setting == DETECT_PREFILTER_AUTO ||
+                 (de_ctx->sm_types_prefilter && de_ctx->sm_types_prefilter[i])))
+        {
             sigmatch_table[i].SetupPrefilter(sgh);
         }
     }
diff --git a/src/detect-prefilter.c b/src/detect-prefilter.c
index 8eca6efb70..ed1397bf4e 100644
--- a/src/detect-prefilter.c
+++ b/src/detect-prefilter.c
@@ -94,6 +94,13 @@ static int DetectPrefilterSetup (DetectEngineCtx *de_ctx, Signature *s, const ch
         cd->flags |= DETECT_CONTENT_FAST_PATTERN;
     } else {
         s->flags |= SIG_FLAG_PREFILTER;
+
+        /* make sure setup function runs for this type. */
+        if (de_ctx->sm_types_prefilter == NULL)
+            de_ctx->sm_types_prefilter = SCCalloc(sizeof(bool), DETECT_TBLSIZE);
+        if (de_ctx->sm_types_prefilter == NULL)
+            FatalError(SC_ERR_MEM_ALLOC, "failed to allocate sm_types_prefilter memory");
+        de_ctx->sm_types_prefilter[sm->type] = true;
     }
 
     SCReturnInt(0);
diff --git a/src/detect.h b/src/detect.h
index 458baf01e9..efa43ba220 100644
--- a/src/detect.h
+++ b/src/detect.h
@@ -738,6 +738,12 @@ typedef struct DetectEngineCtx_ {
      *  \todo we only need this at init, so perhaps this
      *        can move to a DetectEngineCtx 'init' struct */
     DetectMpmAppLayerKeyword *app_mpms;
+
+    /** per keyword flag indicating if a prefilter has been
+     *  set for it. If true, the setup function will have to
+     *  run. Will be alloc'd to DETECT_TBLSIZE if used. */
+    bool *sm_types_prefilter;
+
 } DetectEngineCtx;
 
 /* Engine groups profiles (low, medium, high, custom) */