Project

General

Profile

Actions

Bug #555

closed

decoder event and app layer event rules are too expensive

Added by Victor Julien over 12 years ago. Updated over 12 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

  --------------------------------------------------------------------------
  Date: 9/17/2012 -- 14:18:23
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  2        2200073      1        1        63190512     4.85   8857     0        993036      7134.53     0.00        7134.53    
  3        2200074      1        1        29569644     2.27   8857     0        56796       3338.56     0.00        3338.56    
  4        2210000      1        1        26783124     2.06   8857     0        108912      3023.95     0.00        3023.95    
  6        2230000      1        1        23106516     1.78   4779     0        238116      4835.01     0.00        4835.01    
  7        2200077      1        1        22712112     1.74   8857     0        68856       2564.31     0.00        2564.31    
  8        2210046      1        1        19219572     1.48   8857     0        1195932     2169.99     0.00        2169.99    
  9        2210019      1        1        18933768     1.45   8857     0        187956      2137.72     0.00        2137.72    
  10       2210028      1        1        18261996     1.40   8857     0        63660       2061.87     0.00        2061.87    
  11       2210023      1        1        18033840     1.39   8857     0        51312       2036.11     0.00        2036.11    
  12       2210040      1        1        17717604     1.36   8857     0        65628       2000.41     0.00        2000.41    
  13       2210011      1        1        17642052     1.36   8857     0        1084740     1991.88     0.00        1991.88    
  14       2210014      1        1        17523024     1.35   8857     0        55080       1978.44     0.00        1978.44    
  15       2210030      1        1        17145144     1.32   8857     0        95004       1935.77     0.00        1935.77    
  16       2210013      1        1        16917600     1.30   8857     0        221160      1910.08     0.00        1910.08    
  17       2210007      1        1        16683144     1.28   8857     0        86808       1883.61     0.00        1883.61    
  18       2210032      1        1        16580004     1.27   8857     0        50172       1871.97     0.00        1871.97    
  20       2210036      1        1        16380888     1.26   8857     0        277596      1849.48     0.00        1849.48    
  21       2210025      1        1        16289784     1.25   8857     0        76764       1839.20     0.00        1839.20    
  22       2210034      1        1        16233876     1.25   8857     0        114000      1832.89     0.00        1832.89    
  23       2210002      1        1        16023588     1.23   8857     0        45180       1809.14     0.00        1809.14    
  24       2210031      1        1        16010916     1.23   8857     0        51408       1807.71     0.00        1807.71    
  25       2210038      1        1        15943932     1.22   8857     0        111948      1800.15     0.00        1800.15    

Looks like they are invoked way too often.

Actions #1

Updated by Victor Julien over 12 years ago

  • Status changed from New to Assigned
  • Assignee set to Victor Julien
  • Target version set to 1.4beta2
Actions #2

Updated by Victor Julien over 12 years ago

  • Status changed from Assigned to Closed

Fixed by commits:

commit 9a4b612126a0c341d7d7d07ffdfe7de3cf8de321
Author: Victor Julien <victor@inliniac.net>
Date:   Wed Sep 19 14:09:41 2012 +0200

    app layer events: prefilter sigs that need an event

commit 575c87aebad15e01e145834bc5ba0cf22abd5105
Author: Victor Julien <victor@inliniac.net>
Date:   Wed Sep 19 12:58:56 2012 +0200

    engine events: prefilter sigs that need a event

Actions

Also available in: Atom PDF