Bug #4941: alerts: 5.0.8/6.0.4 count noalert sigs towards built-in alert limit
Optimization #4207: Use configurable or more dynamic @ PACKET_ALERT_MAX@
detect/alert: improve packet alert queue handling
With the change from a fixed size to a configurable packet alert queue (max), some issues with how the current queue is handled were exposed.
Improve that, to ensure there are no memory leaks with the dynamic allocation of the packet alerts queue.
This task will most likely be done as a backports-only candidate, in favour of the approach proposed by #5123 from 7.0.x onwards.
- Related to Task #5179: stats/alert: log out to stats alerts that have been discarded from packet queue added
- Related to Task #5180: detect/alert: make sure that signatures with `drop` action are respected, even if the alert is discarded added
- Related to Optimization #5123: alerts: use alert queing in DetectEngineThreadCtx (5.0.x backport) added
- Description updated (diff)
- Target version changed from 7.0rc1 to TBD
- Status changed from New to In Progress
- Status changed from In Progress to In Review
Will stop current work on this issue because we will try to follow the approach for #4943, and which could lead to a simpler/less convoluted way of handling the packet alert queue.
- Status changed from In Review to Closed
- Status changed from Closed to Rejected
- Target version deleted (
Also available in: Atom