Project

General

Profile

Actions
Copy link

Optimization #4207

closed
PA JF

Bug #4941: alerts: 5.0.8/6.0.4 count noalert sigs towards built-in alert limit

Use configurable or more dynamic @ PACKET_ALERT_MAX@

Optimization #4207: Use configurable or more dynamic @ PACKET_ALERT_MAX@

Added by Philippe Antoine over 5 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Juliana Fajardini Reichow
Target version:
7.0.0-beta1
Effort:
Difficulty:
Label:

Description

Currently, PACKET_ALERT_MAX is hardcoded to 15

This turned out to be a problem writing S-V test, with many signatures (different variations of a feature) matching on the same packet
That was HTTP keywords on HTTP2 traffic, where I had one packet containing 3 requests

It would be nice to have this value be configurable from suricata.yaml

Subtasks 1 (0 open1 closed)

Optimization #5178: detect/alert: improve packet alert queue handlingRejectedJuliana Fajardini ReichowActions

Related issues 2 (0 open2 closed)

Copied to Suricata - Optimization #5121: Use configurable or more dynamic @ PACKET_ALERT_MAX@ (5.0.x backport)ClosedJuliana Fajardini ReichowActions
Copied to Suricata - Optimization #5125: Use configurable or more dynamic @ PACKET_ALERT_MAX@ (6.0.x backport)ClosedJuliana Fajardini ReichowActions
Actions
Copy link

Also available in: PDF Atom