Project

General

Profile

Actions

Bug #4578

closed

perf shows excessive time in IPOnlyMatchPacket

Added by Jeff Lucovsky over 3 years ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

With Suricata 5.0.x, perf shows excessive time spent in IPOnlyMatchPacket when there are rules containing IP addresses as filters. With roughly 400 rules and 15-20K IP addresses, perf showed a majority of time spent in IPOnlyMatchPacket.

Granted, a dataset is a better way to handle large IP address counts used within a rule but 5.0.x support didn't contain official dataset support.

Perhaps a warning or other indicator could be displayed to help users understand the effects of rules with large IP addr counts?


Files

iponlymatchpacketdiff.png (83.4 KB) iponlymatchpacketdiff.png Andreas Herz, 05/10/2023 01:13 PM

Subtasks 2 (0 open2 closed)

Bug #5997: perf shows excessive time in IPOnlyMatchPacket (6.0.x backport)ClosedJeff LucovskyActions
Bug #6005: perf shows excessive time in IPOnlyMatchPacket (6.0.x backport)RejectedJustin AzoffActions
Actions

Also available in: Atom PDF