Project

General

Profile

Actions
Copy link

Bug #6414

closed
SB SB

detect-engine/port: recursive DetectPortInsert calls are expensive

Bug #6414: detect-engine/port: recursive DetectPortInsert calls are expensive

Added by Shivani Bhardwaj over 2 years ago. Updated almost 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Shivani Bhardwaj
Target version:
8.0.0-beta1
Affected Versions:
Effort:
Difficulty:
Label:

Description

Problem
It seems that for certain kinds of rules, the recursive calls to DetectPortInsert can be very expensive.
There has been a todo to get rid of the recursive calls since a long time that needs to be addressed now.
The issue can be observed for large rulesets especially containing a mix of drop tls rules and others.
One noteworthy thing is that these rules loaded separately end up consuming much lesser time.

Useful info
Attached is one scenario where the flamegraph shows heavy frequenting of this fn.

Files

perf.svg (679 KB) perf.svg Shivani Bhardwaj, 10/19/2023 03:57 PM

Subtasks 3 (0 open3 closed)

Bug #6431: detect-engine/port: recursive DetectPortInsert calls are expensive (6.0.x backport)RejectedShivani BhardwajActions
Bug #6520: detect-engine/port: recursive DetectPortInsert calls are expensive (7.0.x backport)ClosedShivani BhardwajActions
Bug #6639: detect-engine/port: recursive DetectPortInsert calls are expensive (7.0.x backport)RejectedShivani BhardwajActions

Related issues 2 (0 open2 closed)

Related to Suricata - Optimization #6795: detect/port: PortGroupWhitelist fn takes a lot of processing timeClosedVictor JulienActions
Related to Suricata - Optimization #6792: detect/port: port grouping is quite slow in worst casesClosedShivani BhardwajActions
Actions
Copy link

Also available in: PDF Atom