From 41265a859e63bf8c417bf7352ca579ec2e1e8528 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Thu, 15 Sep 2022 10:54:02 +0200 Subject: [PATCH] detect/files: optimize file.data by skipping non-file txs As well as 'file' txs not in our direction. Implement the same logic for file.name and file.magic prefilter engines. --- src/detect-file-data.c | 5 ++++- src/detect-filemagic.c | 5 ++++- src/detect-filename.c | 5 ++++- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/src/detect-file-data.c b/src/detect-file-data.c index 891bc4111e..4307a69c19 100644 --- a/src/detect-file-data.c +++ b/src/detect-file-data.c @@ -654,10 +654,13 @@ static uint8_t DetectEngineInspectFiledata(DetectEngineCtx *de_ctx, DetectEngine * \param flags STREAM_* flags including direction */ static void PrefilterTxFiledata(DetectEngineThreadCtx *det_ctx, const void *pectx, Packet *p, - Flow *f, void *txv, const uint64_t idx, const AppLayerTxData *_txd, const uint8_t flags) + Flow *f, void *txv, const uint64_t idx, const AppLayerTxData *txd, const uint8_t flags) { SCEnter(); + if (!AppLayerParserHasFilesInDir(txd, flags)) + return; + const PrefilterMpmFiledata *ctx = (const PrefilterMpmFiledata *)pectx; const MpmCtx *mpm_ctx = ctx->mpm_ctx; const int list_id = ctx->list_id; diff --git a/src/detect-filemagic.c b/src/detect-filemagic.c index 82d5784a35..cccd44ebb2 100644 --- a/src/detect-filemagic.c +++ b/src/detect-filemagic.c @@ -531,10 +531,13 @@ typedef struct PrefilterMpmFilemagic { * \param pectx inspection context */ static void PrefilterTxFilemagic(DetectEngineThreadCtx *det_ctx, const void *pectx, Packet *p, - Flow *f, void *txv, const uint64_t idx, const AppLayerTxData *_txd, const uint8_t flags) + Flow *f, void *txv, const uint64_t idx, const AppLayerTxData *txd, const uint8_t flags) { SCEnter(); + if (!AppLayerParserHasFilesInDir(txd, flags)) + return; + const PrefilterMpmFilemagic *ctx = (const PrefilterMpmFilemagic *)pectx; const MpmCtx *mpm_ctx = ctx->mpm_ctx; const int list_id = ctx->list_id; diff --git a/src/detect-filename.c b/src/detect-filename.c index 35b568234a..11c8b69231 100644 --- a/src/detect-filename.c +++ b/src/detect-filename.c @@ -427,10 +427,13 @@ typedef struct PrefilterMpmFilename { * \param pectx inspection context */ static void PrefilterTxFilename(DetectEngineThreadCtx *det_ctx, const void *pectx, Packet *p, - Flow *f, void *txv, const uint64_t idx, const AppLayerTxData *_txd, const uint8_t flags) + Flow *f, void *txv, const uint64_t idx, const AppLayerTxData *txd, const uint8_t flags) { SCEnter(); + if (!AppLayerParserHasFilesInDir(txd, flags)) + return; + const PrefilterMpmFilename *ctx = (const PrefilterMpmFilename *)pectx; const MpmCtx *mpm_ctx = ctx->mpm_ctx; const int list_id = ctx->list_id;