detect/prefilter: speed up setup

If the global detect.prefilter.default setting is not "auto", it is
wasteful to run each prefilter setup routine. This patch tracks which
of the engines have been explicitly enabled in the rules and only
runs those.

src/detect-engine-prefilter.c

@@ -348,11 +348,16 @@ void PrefilterSetupRuleGroup(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
 {
     BUG_ON(PatternMatchPrepareGroup(de_ctx, sgh) != 0);
 
-    /* set up engines if needed - independent of 'detect.prefilter.default'
-     * setting as the prefilter keyword may have enabled individual sigs */
+    /* set up engines if needed - when prefilter is set to auto we run
+     * all engines, otherwise only those that have been forced by the
+     * prefilter keyword. */
+    const enum DetectEnginePrefilterSetting setting = de_ctx->prefilter_setting;
     for (int i = 0; i < DETECT_TBLSIZE; i++)
     {
-        if (sigmatch_table[i].SetupPrefilter != NULL) {
+        if (sigmatch_table[i].SetupPrefilter != NULL &&
+                (setting == DETECT_PREFILTER_AUTO ||
+                 de_ctx->sm_types_prefilter[i]))
+        {
             sigmatch_table[i].SetupPrefilter(de_ctx, sgh);
         }
     }

src/detect-prefilter.c

@@ -94,6 +94,9 @@ static int DetectPrefilterSetup (DetectEngineCtx *de_ctx, Signature *s, const ch
         cd->flags |= DETECT_CONTENT_FAST_PATTERN;
     } else {
         s->flags |= SIG_FLAG_PREFILTER;
+
+        /* make sure setup function runs for this type. */
+        de_ctx->sm_types_prefilter[sm->type] = true;
     }
 
     SCReturnInt(0);

src/detect.h

@@ -892,6 +892,11 @@ typedef struct DetectEngineCtx_ {
     /** signatures stats */
     SigFileLoaderStat sig_stat;
 
+    /** per keyword flag indicating if a prefilter has been
+     *  set for it. If true, the setup function will have to
+     *  run. */
+    bool sm_types_prefilter[DETECT_TBLSIZE];
+
 } DetectEngineCtx;
 
 /* Engine groups profiles (low, medium, high, custom) */