From e7882da178fcb8d8faf02557602e2d25139f800a Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Mon, 19 Jan 2015 14:54:11 +0100
Subject: [PATCH] detect: introduce 'minimal' detect engine

The minimal detect engine has only the minimal memory use and setup
time. It's to be used for 'delayed' detect where the first detection
engine is essentially empty.

The threads setup are also minimal.
---
 src/detect-engine-mpm.c |  3 ++-
 src/detect-engine.c     | 30 ++++++++++++++++++++++++------
 src/detect-engine.h     |  1 +
 src/detect.h            |  3 +++
 src/suricata.c          |  8 ++++++--
 5 files changed, 36 insertions(+), 9 deletions(-)

diff --git a/src/detect-engine-mpm.c b/src/detect-engine-mpm.c
index bff9ca8de7..6da966a12d 100644
--- a/src/detect-engine-mpm.c
+++ b/src/detect-engine-mpm.c
@@ -817,7 +817,8 @@ void PatternMatchThreadPrint(MpmThreadCtx *mpm_thread_ctx, uint16_t mpm_matcher)
 void PatternMatchThreadDestroy(MpmThreadCtx *mpm_thread_ctx, uint16_t mpm_matcher)
 {
     SCLogDebug("mpm_thread_ctx %p, mpm_matcher %"PRIu16"", mpm_thread_ctx, mpm_matcher);
-    mpm_table[mpm_matcher].DestroyThreadCtx(NULL, mpm_thread_ctx);
+    if (mpm_table[mpm_matcher].DestroyThreadCtx != NULL)
+        mpm_table[mpm_matcher].DestroyThreadCtx(NULL, mpm_thread_ctx);
 }
 void PatternMatchThreadPrepare(MpmThreadCtx *mpm_thread_ctx, uint16_t mpm_matcher, uint32_t max_id)
 {
diff --git a/src/detect-engine.c b/src/detect-engine.c
index 8abf373de2..8d0b301ab5 100644
--- a/src/detect-engine.c
+++ b/src/detect-engine.c
@@ -966,7 +966,7 @@ void DetectEngineSpawnLiveRuleSwapMgmtThread(void)
     SCReturn;
 }
 
-DetectEngineCtx *DetectEngineCtxInit(void)
+static DetectEngineCtx *DetectEngineCtxInitReal(int minimal)
 {
     DetectEngineCtx *de_ctx;
 
@@ -981,6 +981,12 @@ DetectEngineCtx *DetectEngineCtxInit(void)
 
     memset(de_ctx,0,sizeof(DetectEngineCtx));
 
+    if (minimal) {
+        de_ctx->minimal = 1;
+        de_ctx->id = detect_engine_ctx_id++;
+        return de_ctx;
+    }
+
     if (ConfGetBool("engine.init-failure-fatal", (int *)&(de_ctx->failure_fatal)) != 1) {
         SCLogDebug("ConfGetBool could not load the value.");
     }
@@ -1037,8 +1043,6 @@ DetectEngineCtx *DetectEngineCtxInit(void)
         goto error;
     }
 
-    de_ctx->id = detect_engine_ctx_id++;
-
     /* init iprep... ignore errors for now */
     (void)SRepInit(de_ctx);
 
@@ -1053,9 +1057,21 @@ DetectEngineCtx *DetectEngineCtxInit(void)
         goto error;
     }
 
+    de_ctx->id = detect_engine_ctx_id++;
     return de_ctx;
 error:
     return NULL;
+
+}
+
+DetectEngineCtx *DetectEngineCtxInitMinimal(void)
+{
+    return DetectEngineCtxInitReal(1);
+}
+
+DetectEngineCtx *DetectEngineCtxInit(void)
+{
+    return DetectEngineCtxInitReal(0);
 }
 
 static void DetectEngineCtxFreeThreadKeywordData(DetectEngineCtx *de_ctx)
@@ -1572,9 +1588,11 @@ TmEcode DetectEngineThreadCtxInit(ThreadVars *tv, void *initdata, void **data)
 #endif
     }
 
-    if (ThreadCtxDoInit(det_ctx->de_ctx, det_ctx) != TM_ECODE_OK) {
-        DetectEngineThreadCtxDeinit(tv, det_ctx);
-        return TM_ECODE_FAILED;
+    if (det_ctx->de_ctx->minimal == 0) {
+        if (ThreadCtxDoInit(det_ctx->de_ctx, det_ctx) != TM_ECODE_OK) {
+            DetectEngineThreadCtxDeinit(tv, det_ctx);
+            return TM_ECODE_FAILED;
+        }
     }
 
     /** alert counter setup */
diff --git a/src/detect-engine.h b/src/detect-engine.h
index 1b6d553984..f500aa094f 100644
--- a/src/detect-engine.h
+++ b/src/detect-engine.h
@@ -57,6 +57,7 @@ extern DetectEngineAppInspectionEngine *app_inspection_engine[FLOW_PROTO_DEFAULT
 void DetectEngineRegisterAppInspectionEngines(void);
 void DetectEngineSpawnLiveRuleSwapMgmtThread(void);
 DetectEngineCtx *DetectEngineCtxInit(void);
+DetectEngineCtx *DetectEngineCtxInitMinimal(void);
 void DetectEngineCtxFree(DetectEngineCtx *);
 
 TmEcode DetectEngineThreadCtxInit(ThreadVars *, void *, void **);
diff --git a/src/detect.h b/src/detect.h
index 557b03c605..5d87616137 100644
--- a/src/detect.h
+++ b/src/detect.h
@@ -732,6 +732,9 @@ typedef struct DetectEngineCtx_ {
     struct SCProfileKeywordDetectCtx_ *profile_keyword_ctx_per_list[DETECT_SM_LIST_MAX];
 #endif
 
+    /** minimal: essentially a stub */
+    int minimal;
+
     /** how many de_ctx' are referencing this */
     uint32_t ref_cnt;
     /** list in master: either active or freelist */
diff --git a/src/suricata.c b/src/suricata.c
index 35501129d5..839c08adae 100644
--- a/src/suricata.c
+++ b/src/suricata.c
@@ -2303,7 +2303,12 @@ int main(int argc, char **argv)
 
     DetectEngineCtx *de_ctx = NULL;
     if (!suri.disabled_detect) {
-        de_ctx = DetectEngineCtxInit();
+        SetupDelayedDetect(&suri);
+        if (!suri.delayed_detect) {
+            de_ctx = DetectEngineCtxInit();
+        } else {
+            de_ctx = DetectEngineCtxInitMinimal();
+        }
         if (de_ctx == NULL) {
             SCLogError(SC_ERR_INITIALIZATION, "initializing detection engine "
                     "context failed.");
@@ -2315,7 +2320,6 @@ int main(int argc, char **argv)
             CudaVarsSetDeCtx(de_ctx);
 #endif /* __SC_CUDA_SUPPORT__ */
 
-        SetupDelayedDetect(&suri);
         if (!suri.delayed_detect) {
             if (LoadSignatures(de_ctx, &suri) != TM_ECODE_OK)
                 exit(EXIT_FAILURE);