Project

General

Profile

Actions

Bug #7415

closed

sid matches: slow sid matching when many sids are enabled or disabled

Added by Jason Ish 25 days ago. Updated 20 days ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Basically a quadratic complexity issue. If you have thoughts of disable or enable by SID, and thousands and thousands of rules, the SID lists are iterated for each rule which can lead to very long update times as reported on the forum: https://forum.suricata.io/t/slow-suricata-update-on-an-opnsense-router-takes-30-minutes-for-200k-rules/5068/6

To fix, SIDs can be consolidated into a dict lookup.

Actions

Also available in: Atom PDF