Actions
Bug #6414
closeddetect-engine/port: recursive DetectPortInsert calls are expensive
Affected Versions:
Effort:
Difficulty:
Label:
Description
Problem
It seems that for certain kinds of rules, the recursive calls to DetectPortInsert
can be very expensive.
There has been a todo to get rid of the recursive calls since a long time that needs to be addressed now.
The issue can be observed for large rulesets especially containing a mix of drop tls
rules and others.
One noteworthy thing is that these rules loaded separately end up consuming much lesser time.
Useful info
Attached is one scenario where the flamegraph shows heavy frequenting of this fn.
Files
Updated by Shivani Bhardwaj about 1 year ago
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Shivani Bhardwaj
- Target version changed from TBD to 7.0.3
Updated by OISF Ticketbot about 1 year ago
- Label deleted (
Needs backport to 6.0)
Updated by Victor Julien about 1 year ago
- Target version changed from 7.0.3 to 8.0.0-beta1
- Label Needs backport to 7.0 added
Updated by OISF Ticketbot about 1 year ago
- Label deleted (
Needs backport to 7.0)
Updated by Shivani Bhardwaj 9 months ago
- Related to Optimization #6795: detect/port: PortGroupWhitelist fn takes a lot of processing time added
- Related to Optimization #6792: detect/port: port grouping is quite slow in worst cases added
Updated by Shivani Bhardwaj 9 months ago
- Status changed from Assigned to In Review
Closed by: https://github.com/OISF/suricata/pull/10567
Updated by Shivani Bhardwaj 9 months ago
- Status changed from In Review to Resolved
Updated by Shivani Bhardwaj 6 months ago
- Status changed from Resolved to Closed
Actions