From: Victor Julien <victor@inliniac.net>
Date: Mon, 1 Jun 2020 10:16:40 +0000 (+0200)
Subject: detect: clarify and slightly cleanup non-pf logic
X-Git-Tag: suricata-6.0.0-beta1~396
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=de6c9b9441e5a5c547e99cf5fc6d74f4d1397a18;p=thirdparty%2Fsuricata.git

detect: clarify and slightly cleanup non-pf logic
---

diff --git a/src/detect.c b/src/detect.c
index 2530dc87a6..9aa0a279ac 100644
--- a/src/detect.c
+++ b/src/detect.c
@@ -349,11 +349,14 @@ static inline void DetectPrefilterMergeSort(DetectEngineCtx *de_ctx,
     DEBUG_VALIDATE_BUG_ON((det_ctx->pmq.rule_id_array_cnt + det_ctx->non_pf_id_cnt) < det_ctx->match_array_cnt);
 }
 
+/** \internal
+ *  \brief build non-prefilter list based on the rule group list we've set.
+ */
 static inline void
-DetectPrefilterBuildNonPrefilterList(DetectEngineThreadCtx *det_ctx, SignatureMask mask, uint8_t alproto)
+DetectPrefilterBuildNonPrefilterList(DetectEngineThreadCtx *det_ctx,
+        const SignatureMask mask, const uint8_t alproto)
 {
-    uint32_t x = 0;
-    for (x = 0; x < det_ctx->non_pf_store_cnt; x++) {
+    for (uint32_t x = 0; x < det_ctx->non_pf_store_cnt; x++) {
         /* only if the mask matches this rule can possibly match,
          * so build the non_mpm array only for match candidates */
         const SignatureMask rule_mask = det_ctx->non_pf_store_ptr[x].mask;
diff --git a/src/detect.h b/src/detect.h
index 537be90943..8d6d665591 100644
--- a/src/detect.h
+++ b/src/detect.h
@@ -1012,6 +1012,8 @@ typedef struct DetectEngineThreadCtx_ {
     /* the thread to which this detection engine thread belongs */
     ThreadVars *tv;
 
+    /** Array of non-prefiltered sigs that need to be evaluated. Updated
+     *  per packet based on the rule group and traffic properties. */
     SigIntId *non_pf_id_array;
     uint32_t non_pf_id_cnt; // size is cnt * sizeof(uint32_t)