From: Victor Julien <victor@inliniac.net>
Date: Thu, 9 Aug 2018 22:06:24 +0000 (+0200)
Subject: detect/prefilter: speed up setup
X-Git-Tag: suricata-4.1.0-rc2~133
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F3451%2Fhead;p=thirdparty%2Fsuricata.git

detect/prefilter: speed up setup

If the global detect.prefilter.default setting is not "auto", it is
wasteful to run each prefilter setup routine. This patch tracks which
of the engines have been explicitly enabled in the rules and only
runs those.
---

diff --git a/src/detect-engine-prefilter.c b/src/detect-engine-prefilter.c
index e0b04159b7..f683e7d5f9 100644
--- a/src/detect-engine-prefilter.c
+++ b/src/detect-engine-prefilter.c
@@ -348,11 +348,16 @@ void PrefilterSetupRuleGroup(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
 {
     BUG_ON(PatternMatchPrepareGroup(de_ctx, sgh) != 0);
 
-    /* set up engines if needed - independent of 'detect.prefilter.default'
-     * setting as the prefilter keyword may have enabled individual sigs */
+    /* set up engines if needed - when prefilter is set to auto we run
+     * all engines, otherwise only those that have been forced by the
+     * prefilter keyword. */
+    const enum DetectEnginePrefilterSetting setting = de_ctx->prefilter_setting;
     for (int i = 0; i < DETECT_TBLSIZE; i++)
     {
-        if (sigmatch_table[i].SetupPrefilter != NULL) {
+        if (sigmatch_table[i].SetupPrefilter != NULL &&
+                (setting == DETECT_PREFILTER_AUTO ||
+                 de_ctx->sm_types_prefilter[i]))
+        {
             sigmatch_table[i].SetupPrefilter(de_ctx, sgh);
         }
     }
diff --git a/src/detect-prefilter.c b/src/detect-prefilter.c
index 8eca6efb70..9f60d84d1f 100644
--- a/src/detect-prefilter.c
+++ b/src/detect-prefilter.c
@@ -94,6 +94,9 @@ static int DetectPrefilterSetup (DetectEngineCtx *de_ctx, Signature *s, const ch
         cd->flags |= DETECT_CONTENT_FAST_PATTERN;
     } else {
         s->flags |= SIG_FLAG_PREFILTER;
+
+        /* make sure setup function runs for this type. */
+        de_ctx->sm_types_prefilter[sm->type] = true;
     }
 
     SCReturnInt(0);
diff --git a/src/detect.h b/src/detect.h
index ada0d15326..10746e3ea2 100644
--- a/src/detect.h
+++ b/src/detect.h
@@ -892,6 +892,11 @@ typedef struct DetectEngineCtx_ {
     /** signatures stats */
     SigFileLoaderStat sig_stat;
 
+    /** per keyword flag indicating if a prefilter has been
+     *  set for it. If true, the setup function will have to
+     *  run. */
+    bool sm_types_prefilter[DETECT_TBLSIZE];
+
 } DetectEngineCtx;
 
 /* Engine groups profiles (low, medium, high, custom) */