detect: make events prefilterable

[catenacyber]

Link to ticket: https://redmine.openinfosecfoundation.org/issues/
https://redmine.openinfosecfoundation.org/issues/6728

Describe changes:

• add prefilter for decode-event and such

Follows on #11559 rebased to get green CI, and hopefully not buggy codecov report

SV_BRANCH=OISF/suricata-verify#1992

[codecov]

Codecov Report

Attention: Patch coverage is 60.60606% with 13 lines in your changes missing coverage. Please review.

Project coverage is 82.51%. Comparing base (da1645b) to head (cfae809).

Additional details and impacted files

@@           Coverage Diff           @@
##           master   #11577   +/-   ##
=======================================
  Coverage   82.50%   82.51%           
=======================================
  Files         923      923           
  Lines      248721   248753   +32     
=======================================
+ Hits       205215   205256   +41     
+ Misses      43506    43497    -9     

Flag	Coverage Δ
fuzzcorpus	60.50% <15.15%> (-0.02%)	⬇️
livemode	18.63% <12.12%> (-0.01%)	⬇️
pcap	44.05% <12.12%> (-0.01%)	⬇️
suricata-verify	61.79% <60.60%> (+0.01%)	⬆️
unittests	59.05% <12.12%> (-0.02%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

[catenacyber]

Attention: Patch coverage is 15.15152% with 28 lines in your changes missing coverage. Please review.

My debug print is not agreeing with codecov :

I see PrefilterSetupDecodeEvent is called when running python3 ../suricata-verify/run.py decode-too-small with OISF/suricata-verify#1992

[catenacyber]

Oh, codecov shows "?" for suricata-verify coverage...

[catenacyber]

We can still retrieve the data codecov sees as buggy and see

   81|       |static void PrefilterPacketEventSet(PrefilterPacketHeaderValue *v, void *smctx)
   82|     12|{
   83|     12|    const DetectEngineEventData *a = smctx;
   84|     12|    v->u8[0] = PREFILTER_U8HASH_MODE_EQ;
   85|     12|    v->u8[1] = a->event; // arg1
   86|     12|    v->u8[2] = 0;        // arg2
   87|     12|}
   88|       |
   89|       |static bool PrefilterPacketEventCompare(PrefilterPacketHeaderValue v, void *smctx)
   90|      0|{
   91|      0|    const DetectEngineEventData *a = smctx;
   92|      0|    DetectUintData_u8 du8;
   93|      0|    du8.mode = DETECT_UINT_EQ;
   94|      0|    du8.arg1 = a->event;
   95|      0|    du8.arg2 = 0;
   96|      0|    return PrefilterPacketU8Compare(v, &du8);
   97|      0|}
   98|       |
   99|       |static void PrefilterPacketEventMatch(DetectEngineThreadCtx *det_ctx, Packet *p, const void *pectx)
  100|      4|{
  101|      4|    const PrefilterPacketU8HashCtx *h = pectx;
  102|      8|    for (uint8_t u = 0; u < p->events.cnt; u++) {
  103|      4|        const SigsArray *sa = h->array[p->events.events[u]];
  104|      4|        if (sa) {
  105|      4|            PrefilterAddSids(&det_ctx->pmq, sa->sigs, sa->cnt);
  106|      4|        }
  107|      4|    }
  108|      4|}
  109|       |
  110|       |static int PrefilterSetupStreamEvent(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
  111|      2|{
  112|      2|    return PrefilterSetupPacketHeaderU8Hash(de_ctx, sgh, DETECT_STREAM_EVENT,
  113|      2|            SIG_MASK_REQUIRE_ENGINE_EVENT, PrefilterPacketEventSet, PrefilterPacketEventCompare,
  114|      2|            PrefilterPacketEventMatch);
  115|      2|}
  116|       |
  117|       |static int PrefilterSetupDecodeEvent(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
  118|      5|{
  119|      5|    return PrefilterSetupPacketHeaderU8Hash(de_ctx, sgh, DETECT_DECODE_EVENT,
  120|      5|            SIG_MASK_REQUIRE_ENGINE_EVENT, PrefilterPacketEventSet, PrefilterPacketEventCompare,
  121|      5|            PrefilterPacketEventMatch);
  122|      5|}

So, there is more coverage than said here...

[suricata-qa]

Information: QA ran without warnings.

Pipeline 21758

[catenacyber]

TODO: SV test should test prefilter auto mode

[catenacyber]

Rebased in #11604