Optimization #5178
closedBug #4941: alerts: 5.0.8/6.0.4 count noalert sigs towards built-in alert limit
Optimization #4207: Use configurable or more dynamic @ PACKET_ALERT_MAX@
detect/alert: improve packet alert queue handling
Description
With the change from a fixed size to a configurable packet alert queue (max), some issues with how the current queue is handled were exposed.
Improve that, to ensure there are no memory leaks with the dynamic allocation of the packet alerts queue.
--------------
This task will most likely be done as a backports-only candidate, in favour of the approach proposed by #5123 from 7.0.x onwards.
Updated by Juliana Fajardini Reichow about 2 years ago
- Related to Task #5179: stats/alert: log out to stats alerts that have been discarded from packet queue added
Updated by Juliana Fajardini Reichow about 2 years ago
- Related to Optimization #5180: detect/alert: make sure that signatures with `drop` action are respected, even if the alert is discarded added
Updated by Juliana Fajardini Reichow about 2 years ago
- Related to Optimization #5123: alerts: use alert queing in DetectEngineThreadCtx (5.0.x backport) added
Updated by Juliana Fajardini Reichow about 2 years ago
- Description updated (diff)
- Target version changed from 7.0.0-beta1 to TBD
Updated by Juliana Fajardini Reichow about 2 years ago
- Status changed from New to In Progress
Updated by Juliana Fajardini Reichow about 2 years ago
- Status changed from In Progress to In Review
PR for review https://github.com/OISF/suricata/pull/7133
Updated by Juliana Fajardini Reichow about 2 years ago
Will stop current work on this issue because we will try to follow the approach for #4943, and which could lead to a simpler/less convoluted way of handling the packet alert queue.
Updated by Juliana Fajardini Reichow almost 2 years ago
- Status changed from In Review to Closed
Updated by Juliana Fajardini Reichow almost 2 years ago
- Status changed from Closed to Rejected
- Target version deleted (
TBD)