Project

General

Profile

Actions
Copy link

Bug #6414

closed
SB SB

detect-engine/port: recursive DetectPortInsert calls are expensive

Bug #6414: detect-engine/port: recursive DetectPortInsert calls are expensive

Added by Shivani Bhardwaj over 2 years ago. Updated almost 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Shivani Bhardwaj
Target version:
8.0.0-beta1
Affected Versions:
Effort:
Difficulty:
Label:

Description

Problem
It seems that for certain kinds of rules, the recursive calls to DetectPortInsert can be very expensive.
There has been a todo to get rid of the recursive calls since a long time that needs to be addressed now.
The issue can be observed for large rulesets especially containing a mix of drop tls rules and others.
One noteworthy thing is that these rules loaded separately end up consuming much lesser time.

Useful info
Attached is one scenario where the flamegraph shows heavy frequenting of this fn.

Files

perf.svg (679 KB) perf.svg Shivani Bhardwaj, 10/19/2023 03:57 PM

Subtasks 3 (0 open3 closed)

Bug #6431: detect-engine/port: recursive DetectPortInsert calls are expensive (6.0.x backport)RejectedShivani BhardwajActions
Bug #6520: detect-engine/port: recursive DetectPortInsert calls are expensive (7.0.x backport)ClosedShivani BhardwajActions
Bug #6639: detect-engine/port: recursive DetectPortInsert calls are expensive (7.0.x backport)RejectedShivani BhardwajActions

Related issues 2 (0 open2 closed)

Related to Suricata - Optimization #6795: detect/port: PortGroupWhitelist fn takes a lot of processing timeClosedVictor JulienActions
Related to Suricata - Optimization #6792: detect/port: port grouping is quite slow in worst casesClosedShivani BhardwajActions

SB Updated by Shivani Bhardwaj over 2 years ago Actions
Copy link
 #1

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Shivani Bhardwaj
  • Target version changed from TBD to 7.0.3

OT Updated by OISF Ticketbot over 2 years ago Actions
Copy link
 #2

  • Subtask #6431 added

OT Updated by OISF Ticketbot over 2 years ago Actions
Copy link
 #3

  • Label deleted (Needs backport to 6.0)

VJ Updated by Victor Julien over 2 years ago Actions
Copy link
 #4

  • Target version changed from 7.0.3 to 8.0.0-beta1
  • Label Needs backport to 7.0 added

OT Updated by OISF Ticketbot over 2 years ago Actions
Copy link
 #5

  • Subtask #6520 added

OT Updated by OISF Ticketbot over 2 years ago Actions
Copy link
 #6

  • Label deleted (Needs backport to 7.0)

SB Updated by Shivani Bhardwaj over 2 years ago Actions
Copy link
 #7

  • Label Needs backport to 7.0 added

OT Updated by OISF Ticketbot over 2 years ago Actions
Copy link
 #8

  • Subtask #6639 added

OT Updated by OISF Ticketbot over 2 years ago Actions
Copy link
 #9

  • Label deleted (Needs backport to 7.0)

SB Updated by Shivani Bhardwaj over 2 years ago Actions
Copy link
 #10

  • Label Needs backport to 7.0 added

OT Updated by OISF Ticketbot over 2 years ago Actions
Copy link
 #11

  • Label deleted (Needs backport to 7.0)

SB Updated by Shivani Bhardwaj about 2 years ago Actions
Copy link
 #12

  • Related to Optimization #6795: detect/port: PortGroupWhitelist fn takes a lot of processing time added
  • Related to Optimization #6792: detect/port: port grouping is quite slow in worst cases added

SB Updated by Shivani Bhardwaj about 2 years ago Actions
Copy link
 #13

  • Status changed from Assigned to In Review

SB Updated by Shivani Bhardwaj about 2 years ago Actions
Copy link
 #14

  • Status changed from In Review to Resolved

SB Updated by Shivani Bhardwaj almost 2 years ago Actions
Copy link
 #15

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: PDF Atom