detect/prefilter: allow special engine for each app update

Allow registering the progress as -1, which means it will be invoked each time the app prefilters are called.
5 months ago · fff65c5e40
parent f60e1efc8a
commit fff65c5e40
2 changed files with 39 additions and 30 deletions
--- a/src/detect-engine-prefilter.c
+++ b/src/detect-engine-prefilter.c
@ -115,6 +115,8 @@ void DetectRunPrefilterTx(DetectEngineThreadCtx *det_ctx,
            // incompatible engine->alproto with flow alproto
            goto next;
        }
+
+        if (engine->ctx.tx_min_progress != -1) {
            if (engine->ctx.tx_min_progress > tx->tx_progress)
                break;
            if (tx->tx_progress > engine->ctx.tx_min_progress) {
@ -128,8 +130,8 @@ void DetectRunPrefilterTx(DetectEngineThreadCtx *det_ctx,
            }

            PREFILTER_PROFILING_START(det_ctx);
-        engine->cb.PrefilterTx(
-                det_ctx, engine->pectx, p, p->flow, tx_ptr, tx->tx_id, tx->tx_data_ptr, flow_flags);
+            engine->cb.PrefilterTx(det_ctx, engine->pectx, p, p->flow, tx_ptr, tx->tx_id,
+                    tx->tx_data_ptr, flow_flags);
            PREFILTER_PROFILING_END(det_ctx, engine->gid);

            if (tx->tx_progress > engine->ctx.tx_min_progress && engine->is_last_for_progress) {
@ -142,6 +144,12 @@ void DetectRunPrefilterTx(DetectEngineThreadCtx *det_ctx,
                        tx->tx_progress, engine->ctx.tx_min_progress, engine->is_last_for_progress,
                        tx->detect_progress);
            }
+        } else {
+            PREFILTER_PROFILING_START(det_ctx);
+            engine->cb.PrefilterTx(det_ctx, engine->pectx, p, p->flow, tx_ptr, tx->tx_id,
+                    tx->tx_data_ptr, flow_flags);
+            PREFILTER_PROFILING_END(det_ctx, engine->gid);
+        }
    next:
        if (engine->is_last)
            break;
@ -338,7 +346,7 @@ int PrefilterAppendTxEngine(DetectEngineCtx *de_ctx, SigGroupHead *sgh,
    e->pectx = pectx;
    e->alproto = alproto;
    // TODO change function prototype ?
-    DEBUG_VALIDATE_BUG_ON(tx_min_progress > UINT8_MAX);
+    DEBUG_VALIDATE_BUG_ON(tx_min_progress > INT8_MAX);
    e->tx_min_progress = (uint8_t)tx_min_progress;
    e->Free = FreeFunc;

@ -1236,6 +1244,7 @@ int PrefilterSetupRuleGroup(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
            PrefilterEngine *prev_engine = NULL;
            engine = sgh->tx_engines;
            do {
+                if (engine->ctx.tx_min_progress != -1)
                    BUG_ON(engine->ctx.tx_min_progress < last_tx_progress);
                if (engine->alproto == a) {
                    if (last_tx_progress_set && engine->ctx.tx_min_progress > last_tx_progress) {
--- a/src/detect.h
+++ b/src/detect.h
@ -1454,8 +1454,8 @@ typedef struct PrefilterEngineList_ {
    /** App Proto this engine applies to: only used with Tx Engines */
    AppProto alproto;
    /** Minimal Tx progress we need before running the engine. Only used
-     *  with Tx Engine */
-    uint8_t tx_min_progress;
+     *  with Tx Engine. Set to -1 for all states. */
+    int8_t tx_min_progress;

    uint8_t frame_type;

@ -1495,8 +1495,8 @@ typedef struct PrefilterEngine_ {
            uint8_t hook;       /**< enum SignatureHookPkt */
        } pkt;
        /** Minimal Tx progress we need before running the engine. Only used
-         *  with Tx Engine */
-        uint8_t tx_min_progress;
+         *  with Tx Engine. Set to -1 for all states. */
+        int8_t tx_min_progress;
        uint8_t frame_type;
    } ctx;