Project

General

Profile

Actions
Copy link

Optimization #6792

closed

detect/port: port grouping is quite slow in worst cases

Added by Shivani Bhardwaj 5 months ago. Updated 2 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Shivani Bhardwaj
Target version:
8.0.0-beta1
Effort:
Difficulty:
Label:

Description

Given how the port grouping was done historically, in some worst case scenarios, it could take a very long time to group the signatures on the basis of ports and thus increasing the entire time taken by the engine to start by a huge factor.

Subtasks 3 (0 open3 closed)

Optimization #6795: detect/port: PortGroupWhitelist fn takes a lot of processing timeClosedVictor JulienActions
Optimization #6829: detect/port: PortGroupWhitelist fn takes a lot of processing time (7.0.x backport)ClosedShivani BhardwajActions
Optimization #6830: detect/port: port grouping is quite slow in worst cases (7.0.x backport)ClosedShivani BhardwajActions

Related issues 5 (0 open5 closed)

Related to Suricata - Bug #6414: detect-engine/port: recursive DetectPortInsert calls are expensiveClosedShivani BhardwajActions
Related to Suricata - Bug #6843: detect/port: port ranges are incorrect when a port is single as well as a part of rangeClosedShivani BhardwajActions
Related to Suricata - Bug #6881: detect/port: port grouping does not happen correctly if gap between a single and range portClosedShivani BhardwajActions
Related to Suricata - Bug #6896: detect/port: upper boundary ports are not correctly handledClosedShivani BhardwajActions
Related to Suricata - Bug #2908: ip only rules cause suricata to take 17 minutes to startClosedActions
Actions
Copy link

Also available in: Atom PDF