From: Victor Julien <vjulien@oisf.net>
Date: Thu, 15 Sep 2022 08:54:02 +0000 (+0200)
Subject: detect/files: optimize file.data by skipping non-file txs
X-Git-Tag: suricata-7.0.0-beta1~135
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=41265a859e63bf8c417bf7352ca579ec2e1e8528;p=thirdparty%2Fsuricata.git

detect/files: optimize file.data by skipping non-file txs

As well as 'file' txs not in our direction.

Implement the same logic for file.name and file.magic prefilter engines.
---

diff --git a/src/detect-file-data.c b/src/detect-file-data.c
index 891bc4111e..4307a69c19 100644
--- a/src/detect-file-data.c
+++ b/src/detect-file-data.c
@@ -654,10 +654,13 @@ static uint8_t DetectEngineInspectFiledata(DetectEngineCtx *de_ctx, DetectEngine
  *  \param flags STREAM_* flags including direction
  */
 static void PrefilterTxFiledata(DetectEngineThreadCtx *det_ctx, const void *pectx, Packet *p,
-        Flow *f, void *txv, const uint64_t idx, const AppLayerTxData *_txd, const uint8_t flags)
+        Flow *f, void *txv, const uint64_t idx, const AppLayerTxData *txd, const uint8_t flags)
 {
     SCEnter();
 
+    if (!AppLayerParserHasFilesInDir(txd, flags))
+        return;
+
     const PrefilterMpmFiledata *ctx = (const PrefilterMpmFiledata *)pectx;
     const MpmCtx *mpm_ctx = ctx->mpm_ctx;
     const int list_id = ctx->list_id;
diff --git a/src/detect-filemagic.c b/src/detect-filemagic.c
index 82d5784a35..cccd44ebb2 100644
--- a/src/detect-filemagic.c
+++ b/src/detect-filemagic.c
@@ -531,10 +531,13 @@ typedef struct PrefilterMpmFilemagic {
  *  \param pectx inspection context
  */
 static void PrefilterTxFilemagic(DetectEngineThreadCtx *det_ctx, const void *pectx, Packet *p,
-        Flow *f, void *txv, const uint64_t idx, const AppLayerTxData *_txd, const uint8_t flags)
+        Flow *f, void *txv, const uint64_t idx, const AppLayerTxData *txd, const uint8_t flags)
 {
     SCEnter();
 
+    if (!AppLayerParserHasFilesInDir(txd, flags))
+        return;
+
     const PrefilterMpmFilemagic *ctx = (const PrefilterMpmFilemagic *)pectx;
     const MpmCtx *mpm_ctx = ctx->mpm_ctx;
     const int list_id = ctx->list_id;
diff --git a/src/detect-filename.c b/src/detect-filename.c
index 35b568234a..11c8b69231 100644
--- a/src/detect-filename.c
+++ b/src/detect-filename.c
@@ -427,10 +427,13 @@ typedef struct PrefilterMpmFilename {
  *  \param pectx inspection context
  */
 static void PrefilterTxFilename(DetectEngineThreadCtx *det_ctx, const void *pectx, Packet *p,
-        Flow *f, void *txv, const uint64_t idx, const AppLayerTxData *_txd, const uint8_t flags)
+        Flow *f, void *txv, const uint64_t idx, const AppLayerTxData *txd, const uint8_t flags)
 {
     SCEnter();
 
+    if (!AppLayerParserHasFilesInDir(txd, flags))
+        return;
+
     const PrefilterMpmFilename *ctx = (const PrefilterMpmFilename *)pectx;
     const MpmCtx *mpm_ctx = ctx->mpm_ctx;
     const int list_id = ctx->list_id;