prefilter: move payload engines into separate list

src/detect-engine-payload.c

@@ -83,7 +83,7 @@ static void PrefilterPktStream(DetectEngineThreadCtx *det_ctx,
 
 int PrefilterPktStreamRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx)
 {
-    return PrefilterAppendEngine(sgh, PrefilterPktStream, mpm_ctx, NULL, "stream");
+    return PrefilterAppendPayloadEngine(sgh, PrefilterPktStream, mpm_ctx, NULL, "stream");
 }
 
 static void PrefilterPktPayload(DetectEngineThreadCtx *det_ctx,
@@ -112,7 +112,7 @@ static void PrefilterPktPayload(DetectEngineThreadCtx *det_ctx,
 
 int PrefilterPktPayloadRegister(SigGroupHead *sgh, MpmCtx *mpm_ctx)
 {
-    return PrefilterAppendEngine(sgh, PrefilterPktPayload, mpm_ctx, NULL, "payload");
+    return PrefilterAppendPayloadEngine(sgh, PrefilterPktPayload, mpm_ctx, NULL, "payload");
 }
 
 

src/detect-engine-prefilter.c

@@ -116,7 +116,7 @@ void Prefilter(DetectEngineThreadCtx *det_ctx, const SigGroupHead *sgh,
     PROFILING_PREFILTER_RESET(p, det_ctx->de_ctx->profile_prefilter_maxid);
 
     /* run packet engines */
-    PrefilterEngine *engine = sgh->engines;
+    PrefilterEngine *engine = sgh->pkt_engines;
     while (engine) {
         PROFILING_PREFILTER_START(p);
         engine->Prefilter(det_ctx, p, engine->pectx);
@@ -125,6 +125,18 @@ void Prefilter(DetectEngineThreadCtx *det_ctx, const SigGroupHead *sgh,
         engine = engine->next;
     }
 
+    /* run payload inspecting engines */
+    if ((p->payload_len > 0 || det_ctx->smsg != NULL) && !(p->flags & PKT_NOPAYLOAD_INSPECTION)) {
+        engine = sgh->payload_engines;
+        while (engine) {
+            PROFILING_PREFILTER_START(p);
+            engine->Prefilter(det_ctx, p, engine->pectx);
+            PROFILING_PREFILTER_END(p, engine->profile_id);
+
+            engine = engine->next;
+        }
+    }
+
     /* run tx engines */
     if (((p->proto == IPPROTO_TCP && p->flowflags & FLOW_PKT_ESTABLISHED) || p->proto != IPPROTO_TCP) && has_state) {
         if (sgh->tx_engines != NULL && p->flow != NULL &&
@@ -151,10 +163,46 @@ int PrefilterAppendEngine(SigGroupHead *sgh,
     e->pectx = pectx;
     e->Free = FreeFunc;
 
-    if (sgh->engines == NULL) {
-        sgh->engines = e;
+    if (sgh->pkt_engines == NULL) {
+        sgh->pkt_engines = e;
+    } else {
+        PrefilterEngine *t = sgh->pkt_engines;
+        while (t->next != NULL) {
+            t = t->next;
+        }
+
+        t->next = e;
+        e->id = t->id + 1;
+    }
+
+#ifdef PROFILING
+    sgh->engines_cnt = e->id;
+    e->name = name;
+    e->profile_id = PrefilterStoreGetId(e->name);
+#endif
+    return 0;
+}
+
+int PrefilterAppendPayloadEngine(SigGroupHead *sgh,
+        void (*Prefilter)(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx),
+        void *pectx, void (*FreeFunc)(void *pectx),
+        const char *name)
+{
+    if (sgh == NULL || Prefilter == NULL || pectx == NULL)
+        return -1;
+
+    PrefilterEngine *e = SCCalloc(1, sizeof(*e));
+    if (e == NULL)
+        return -1;
+
+    e->Prefilter = Prefilter;
+    e->pectx = pectx;
+    e->Free = FreeFunc;
+
+    if (sgh->payload_engines == NULL) {
+        sgh->payload_engines = e;
     } else {
-        PrefilterEngine *t = sgh->engines;
+        PrefilterEngine *t = sgh->payload_engines;
         while (t->next != NULL) {
             t = t->next;
         }

src/detect-engine-prefilter.h

@@ -31,6 +31,10 @@ int PrefilterAppendEngine(SigGroupHead *sgh,
         void (*Prefilter)(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx),
         void *pectx, void (*FreeFunc)(void *pectx),
         const char *name);
+int PrefilterAppendPayloadEngine(SigGroupHead *sgh,
+        void (*Prefilter)(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx),
+        void *pectx, void (*FreeFunc)(void *pectx),
+        const char *name);
 int PrefilterAppendTxEngine(SigGroupHead *sgh,
         void (*PrefilterTx)(DetectEngineThreadCtx *det_ctx, const void *pectx,
             Packet *p, Flow *f, void *tx,

src/detect-engine-siggroup.c

@@ -172,7 +172,8 @@ void SigGroupHeadFree(SigGroupHead *sgh)
     }
 
     PrefilterFreeEngines(sgh->tx_engines);
-    PrefilterFreeEngines(sgh->engines);
+    PrefilterFreeEngines(sgh->pkt_engines);
+    PrefilterFreeEngines(sgh->payload_engines);
 
     SCFree(sgh);
 

src/detect.c

@@ -3825,7 +3825,11 @@ int SigAddressPrepareStage4(DetectEngineCtx *de_ctx)
         uint32_t engines = 0;
         uint32_t tx_engines = 0;
 
-        for (e = sgh->engines ; e != NULL; e = e->next) {
+        for (e = sgh->pkt_engines ; e != NULL; e = e->next) {
+            engines++;
+            de_ctx->profile_prefilter_maxid = MAX(de_ctx->profile_prefilter_maxid, e->profile_id);
+        }
+        for (e = sgh->payload_engines ; e != NULL; e = e->next) {
             engines++;
             de_ctx->profile_prefilter_maxid = MAX(de_ctx->profile_prefilter_maxid, e->profile_id);
         }

src/detect.h

@@ -1027,7 +1027,8 @@ typedef struct SigGroupHead_ {
 
     uint32_t id; /**< unique id used to index sgh_array for stats */
 
-    PrefilterEngine *engines;
+    PrefilterEngine *pkt_engines;
+    PrefilterEngine *payload_engines;
     PrefilterEngine *tx_engines;
 
 #ifdef PROFILING