detect: introduce 'minimal' detect engine

The minimal detect engine has only the minimal memory use and setup
time. It's to be used for 'delayed' detect where the first detection
engine is essentially empty.

The threads setup are also minimal.

diff --git a/src/detect-engine-mpm.c b/src/detect-engine-mpm.c
index bff9ca8de79192bd88040119112492351403d11b..6da966a12daf9959110ded0ca331ee37e46c6c99 100644 (file)
--- a/src/detect-engine-mpm.c
+++ b/src/detect-engine-mpm.c
@@ -817,7 +817,8 @@ void PatternMatchThreadPrint(MpmThreadCtx *mpm_thread_ctx, uint16_t mpm_matcher)
 void PatternMatchThreadDestroy(MpmThreadCtx *mpm_thread_ctx, uint16_t mpm_matcher)
 {
     SCLogDebug("mpm_thread_ctx %p, mpm_matcher %"PRIu16"", mpm_thread_ctx, mpm_matcher);
-    mpm_table[mpm_matcher].DestroyThreadCtx(NULL, mpm_thread_ctx);
+    if (mpm_table[mpm_matcher].DestroyThreadCtx != NULL)
+        mpm_table[mpm_matcher].DestroyThreadCtx(NULL, mpm_thread_ctx);
 }
 void PatternMatchThreadPrepare(MpmThreadCtx *mpm_thread_ctx, uint16_t mpm_matcher, uint32_t max_id)
 {

diff --git a/src/detect-engine.c b/src/detect-engine.c
index 8abf373de29f29ede249a1ffe7dfb8dd89aa1162..8d0b301ab5d0d0017b0848e30ef36862ee7c022d 100644 (file)
--- a/src/detect-engine.c
+++ b/src/detect-engine.c
@@ -966,7 +966,7 @@ void DetectEngineSpawnLiveRuleSwapMgmtThread(void)
     SCReturn;
 }
 
-DetectEngineCtx *DetectEngineCtxInit(void)
+static DetectEngineCtx *DetectEngineCtxInitReal(int minimal)
 {
     DetectEngineCtx *de_ctx;
 
@@ -981,6 +981,12 @@ DetectEngineCtx *DetectEngineCtxInit(void)
 
     memset(de_ctx,0,sizeof(DetectEngineCtx));
 
+    if (minimal) {
+        de_ctx->minimal = 1;
+        de_ctx->id = detect_engine_ctx_id++;
+        return de_ctx;
+    }
+
     if (ConfGetBool("engine.init-failure-fatal", (int *)&(de_ctx->failure_fatal)) != 1) {
         SCLogDebug("ConfGetBool could not load the value.");
     }
@@ -1037,8 +1043,6 @@ DetectEngineCtx *DetectEngineCtxInit(void)
         goto error;
     }
 
-    de_ctx->id = detect_engine_ctx_id++;
-
     /* init iprep... ignore errors for now */
     (void)SRepInit(de_ctx);
 
@@ -1053,9 +1057,21 @@ DetectEngineCtx *DetectEngineCtxInit(void)
         goto error;
     }
 
+    de_ctx->id = detect_engine_ctx_id++;
     return de_ctx;
 error:
     return NULL;
+
+}
+
+DetectEngineCtx *DetectEngineCtxInitMinimal(void)
+{
+    return DetectEngineCtxInitReal(1);
+}
+
+DetectEngineCtx *DetectEngineCtxInit(void)
+{
+    return DetectEngineCtxInitReal(0);
 }
 
 static void DetectEngineCtxFreeThreadKeywordData(DetectEngineCtx *de_ctx)
@@ -1572,9 +1588,11 @@ TmEcode DetectEngineThreadCtxInit(ThreadVars *tv, void *initdata, void **data)
 #endif
     }
 
-    if (ThreadCtxDoInit(det_ctx->de_ctx, det_ctx) != TM_ECODE_OK) {
-        DetectEngineThreadCtxDeinit(tv, det_ctx);
-        return TM_ECODE_FAILED;
+    if (det_ctx->de_ctx->minimal == 0) {
+        if (ThreadCtxDoInit(det_ctx->de_ctx, det_ctx) != TM_ECODE_OK) {
+            DetectEngineThreadCtxDeinit(tv, det_ctx);
+            return TM_ECODE_FAILED;
+        }
     }
 
     /** alert counter setup */

diff --git a/src/detect-engine.h b/src/detect-engine.h
index 1b6d55398415abf44204c990db88022e49f0a27c..f500aa094fdde7a2466b4a25476f46060bbfed0f 100644 (file)
--- a/src/detect-engine.h
+++ b/src/detect-engine.h
@@ -57,6 +57,7 @@ extern DetectEngineAppInspectionEngine *app_inspection_engine[FLOW_PROTO_DEFAULT
 void DetectEngineRegisterAppInspectionEngines(void);
 void DetectEngineSpawnLiveRuleSwapMgmtThread(void);
 DetectEngineCtx *DetectEngineCtxInit(void);
+DetectEngineCtx *DetectEngineCtxInitMinimal(void);
 void DetectEngineCtxFree(DetectEngineCtx *);
 
 TmEcode DetectEngineThreadCtxInit(ThreadVars *, void *, void **);

diff --git a/src/detect.h b/src/detect.h
index 557b03c6052c2467901c077de0b849f0596ceaec..5d87616137ec2d70d5648aa3508c85b2e6683e70 100644 (file)
--- a/src/detect.h
+++ b/src/detect.h
@@ -732,6 +732,9 @@ typedef struct DetectEngineCtx_ {
     struct SCProfileKeywordDetectCtx_ *profile_keyword_ctx_per_list[DETECT_SM_LIST_MAX];
 #endif
 
+    /** minimal: essentially a stub */
+    int minimal;
+
     /** how many de_ctx' are referencing this */
     uint32_t ref_cnt;
     /** list in master: either active or freelist */

diff --git a/src/suricata.c b/src/suricata.c
index 35501129d5e23c26899ad3fc0347bbfe7d25b4b0..839c08adae5eeee5e794bf79b9fbcb706fd22383 100644 (file)
--- a/src/suricata.c
+++ b/src/suricata.c
@@ -2303,7 +2303,12 @@ int main(int argc, char **argv)
 
     DetectEngineCtx *de_ctx = NULL;
     if (!suri.disabled_detect) {
-        de_ctx = DetectEngineCtxInit();
+        SetupDelayedDetect(&suri);
+        if (!suri.delayed_detect) {
+            de_ctx = DetectEngineCtxInit();
+        } else {
+            de_ctx = DetectEngineCtxInitMinimal();
+        }
         if (de_ctx == NULL) {
             SCLogError(SC_ERR_INITIALIZATION, "initializing detection engine "
                     "context failed.");
@@ -2315,7 +2320,6 @@ int main(int argc, char **argv)
             CudaVarsSetDeCtx(de_ctx);
 #endif /* __SC_CUDA_SUPPORT__ */
 
-        SetupDelayedDetect(&suri);
         if (!suri.delayed_detect) {
             if (LoadSignatures(de_ctx, &suri) != TM_ECODE_OK)
                 exit(EXIT_FAILURE);