Bug #4578: perf shows excessive time in IPOnlyMatchPacket - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #4578

closed

perf shows excessive time in IPOnlyMatchPacket

Added by Jeff Lucovsky over 3 years ago. Updated over 1 year ago.

Status:

Closed

Priority:

Normal

Assignee:

Justin Azoff

Target version:

7.0.0-rc2

Affected Versions:

5.0.3

Effort:

Difficulty:

Label:

Description

With Suricata 5.0.x, perf shows excessive time spent in IPOnlyMatchPacket when there are rules containing IP addresses as filters. With roughly 400 rules and 15-20K IP addresses, perf showed a majority of time spent in IPOnlyMatchPacket.

Granted, a dataset is a better way to handle large IP address counts used within a rule but 5.0.x support didn't contain official dataset support.

Perhaps a warning or other indicator could be displayed to help users understand the effects of rules with large IP addr counts?

Files

iponlymatchpacketdiff.png (83.4 KB) iponlymatchpacketdiff.png

Andreas Herz, 05/10/2023 01:13 PM

Subtasks 2 (0 open — 2 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #4578

perf shows excessive time in IPOnlyMatchPacket

Updated by Jeff Lucovsky over 1 year ago

Updated by Victor Julien over 1 year ago

Updated by Victor Julien over 1 year ago

Updated by Victor Julien over 1 year ago

Updated by OISF Ticketbot over 1 year ago

Updated by OISF Ticketbot over 1 year ago

Updated by Jeff Lucovsky over 1 year ago

Updated by OISF Ticketbot over 1 year ago

Updated by OISF Ticketbot over 1 year ago

Updated by Victor Julien over 1 year ago

Updated by Andreas Herz over 1 year ago