Actions
Bug #6414
opendetect-engine/port: recursive DetectPortInsert calls are expensive
Affected Versions:
Effort:
Difficulty:
Label:
Description
Problem
It seems that for certain kinds of rules, the recursive calls to DetectPortInsert can be very expensive.
There has been a todo to get rid of the recursive calls since a long time that needs to be addressed now.
The issue can be observed for large rulesets especially containing a mix of drop tls rules and others.
One noteworthy thing is that these rules loaded separately end up consuming much lesser time.
Useful info
Attached is one scenario where the flamegraph shows heavy frequenting of this fn.
Files
Updated by Shivani Bhardwaj 6 months ago
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Shivani Bhardwaj
- Target version changed from TBD to 7.0.3
Updated by Victor Julien 5 months ago
- Target version changed from 7.0.3 to 8.0.0-beta1
- Label Needs backport to 7.0 added
Updated by Shivani Bhardwaj about 2 months ago
- Related to Optimization #6795: detect/port: PortGroupWhitelist fn takes a lot of processing time added
- Related to Optimization #6792: detect/port: port grouping is quite slow in worst cases added
Updated by Shivani Bhardwaj about 2 months ago
- Status changed from Assigned to In Review
Closed by: https://github.com/OISF/suricata/pull/10567
Updated by Shivani Bhardwaj about 2 months ago
- Status changed from In Review to Resolved
Actions