engine events: prefilter sigs that need a event

diff --git a/src/detect.c b/src/detect.c
index 09492086a2da0d34e3a19e27df7057d7d1cdc899..c4686da41ea7b3a9eda4db9bc6701c28fea762ce 100644 (file)
--- a/src/detect.c
+++ b/src/detect.c
@@ -2339,6 +2339,11 @@ PacketCreateMask(Packet *p, SignatureMask *mask, uint16_t alproto, void *alstate
         (*mask) |= SIG_MASK_REQUIRE_NO_PAYLOAD;
     }
 
+    if (p->events.cnt > 0) {
+        SCLogDebug("packet has events set");
+        (*mask) |= SIG_MASK_REQUIRE_ENGINE_EVENT;
+    }
+
     if (PKT_IS_TCP(p)) {
         if ((p->tcph->th_flags & MASK_TCP_INITDEINIT_FLAGS) != 0) {
             (*mask) |= SIG_MASK_REQUIRE_FLAGS_INITDEINIT;
@@ -2529,6 +2534,9 @@ static int SignatureCreateMask(Signature *s) {
                 }
                 break;
             }
+            case DETECT_ENGINE_EVENT:
+                s->mask |= SIG_MASK_REQUIRE_ENGINE_EVENT;
+                break;
         }
     }
 

diff --git a/src/detect.h b/src/detect.h
index f24161df83cea1f13acd68794613efd7bc88773d..88e4b4d6717657542e23f5253368cc76c12dcf0b 100644 (file)
--- a/src/detect.h
+++ b/src/detect.h
@@ -273,14 +273,14 @@ typedef struct DetectPort_ {
 #define SIG_FLAG_INIT_FILE_DATA      (1<<5)  /**< file_data set */
 
 /* signature mask flags */
-#define SIG_MASK_REQUIRE_PAYLOAD            1
+#define SIG_MASK_REQUIRE_PAYLOAD            (1<<0)
 #define SIG_MASK_REQUIRE_FLOW               (1<<1)
 #define SIG_MASK_REQUIRE_FLAGS_INITDEINIT   (1<<2)    /* SYN, FIN, RST */
 #define SIG_MASK_REQUIRE_FLAGS_UNUSUAL      (1<<3)    /* URG, ECN, CWR */
 #define SIG_MASK_REQUIRE_NO_PAYLOAD         (1<<4)
-//
 #define SIG_MASK_REQUIRE_HTTP_STATE         (1<<5)
 #define SIG_MASK_REQUIRE_DCE_STATE          (1<<6)
+#define SIG_MASK_REQUIRE_ENGINE_EVENT       (1<<7)
 
 /* for now a uint8_t is enough */
 #define SignatureMask uint8_t