From: Victor Julien <victor@inliniac.net>
Date: Mon, 17 Apr 2017 07:53:50 +0000 (+0200)
Subject: detect: more detailed state profiling
X-Git-Tag: suricata-4.0.0-beta1~134
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e3bd5f371dc77a8d8ab9a2d29a8e2ad996be1aaf;p=thirdparty%2Fsuricata.git

detect: more detailed state profiling
---

diff --git a/src/detect.c b/src/detect.c
index f73157d7fa..cae56a007a 100644
--- a/src/detect.c
+++ b/src/detect.c
@@ -1075,7 +1075,7 @@ void SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineT
 
     DetectPrefilterSetNonPrefilterList(p, det_ctx);
 
-    PACKET_PROFILING_DETECT_START(p, PROF_DETECT_STATEFUL);
+    PACKET_PROFILING_DETECT_START(p, PROF_DETECT_STATEFUL_CONT);
     /* stateful app layer detection */
     if ((p->flags & PKT_HAS_FLOW) && has_state) {
         memset(det_ctx->de_state_sig_array, 0x00, det_ctx->de_state_sig_array_len);
@@ -1086,7 +1086,7 @@ void SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineT
                                            flow_flags, alproto);
         }
     }
-    PACKET_PROFILING_DETECT_END(p, PROF_DETECT_STATEFUL);
+    PACKET_PROFILING_DETECT_END(p, PROF_DETECT_STATEFUL_CONT);
 
     /* create our prefilter mask */
     SignatureMask mask = 0;
@@ -1344,10 +1344,10 @@ void SigMatchSignatures(ThreadVars *th_v, DetectEngineCtx *de_ctx, DetectEngineT
              * signature match. It will then call PacketAlertAppend
              * itself, so we can skip it below. This is done so it
              * can store the tx_id with the alert */
-            PACKET_PROFILING_DETECT_START(p, PROF_DETECT_STATEFUL);
+            PACKET_PROFILING_DETECT_START(p, PROF_DETECT_STATEFUL_START);
             state_alert = DeStateDetectStartDetection(th_v, de_ctx, det_ctx, s,
                                                       p, pflow, flow_flags, alproto);
-            PACKET_PROFILING_DETECT_END(p, PROF_DETECT_STATEFUL);
+            PACKET_PROFILING_DETECT_END(p, PROF_DETECT_STATEFUL_START);
             if (state_alert == 0)
                 goto next;
 
@@ -1389,9 +1389,9 @@ end:
 
     /* see if we need to increment the inspect_id and reset the de_state */
     if (has_state && AppLayerParserProtocolSupportsTxs(p->proto, alproto)) {
-        PACKET_PROFILING_DETECT_START(p, PROF_DETECT_STATEFUL);
+        PACKET_PROFILING_DETECT_START(p, PROF_DETECT_STATEFUL_UPDATE);
         DeStateUpdateInspectTransactionId(pflow, flow_flags);
-        PACKET_PROFILING_DETECT_END(p, PROF_DETECT_STATEFUL);
+        PACKET_PROFILING_DETECT_END(p, PROF_DETECT_STATEFUL_UPDATE);
     }
 
     /* so now let's iterate the alerts and remove the ones after a pass rule
diff --git a/src/suricata-common.h b/src/suricata-common.h
index e893630797..063e904a1f 100644
--- a/src/suricata-common.h
+++ b/src/suricata-common.h
@@ -357,7 +357,9 @@
 typedef enum PacketProfileDetectId_ {
     PROF_DETECT_IPONLY,
     PROF_DETECT_RULES,
-    PROF_DETECT_STATEFUL,
+    PROF_DETECT_STATEFUL_START,
+    PROF_DETECT_STATEFUL_CONT,
+    PROF_DETECT_STATEFUL_UPDATE,
     PROF_DETECT_PREFILTER,
     PROF_DETECT_PF_PKT,
     PROF_DETECT_PF_PAYLOAD,
diff --git a/src/util-profiling.c b/src/util-profiling.c
index 274805d01f..24ef3aca46 100644
--- a/src/util-profiling.c
+++ b/src/util-profiling.c
@@ -1312,7 +1312,9 @@ const char * PacketProfileDetectIdToString(PacketProfileDetectId id)
         CASE_CODE (PROF_DETECT_PF_TX);
         CASE_CODE (PROF_DETECT_PF_SORT1);
         CASE_CODE (PROF_DETECT_PF_SORT2);
-        CASE_CODE (PROF_DETECT_STATEFUL);
+        CASE_CODE (PROF_DETECT_STATEFUL_START);
+        CASE_CODE (PROF_DETECT_STATEFUL_CONT);
+        CASE_CODE (PROF_DETECT_STATEFUL_UPDATE);
         CASE_CODE (PROF_DETECT_ALERT);
         CASE_CODE (PROF_DETECT_CLEANUP);
         CASE_CODE (PROF_DETECT_GETSGH);