Actions
Bug #7415
closedsid matches: slow sid matching when many sids are enabled or disabled
Affected Versions:
Effort:
Difficulty:
Label:
Description
Basically a quadratic complexity issue. If you have thoughts of disable or enable by SID, and thousands and thousands of rules, the SID lists are iterated for each rule which can lead to very long update times as reported on the forum: https://forum.suricata.io/t/slow-suricata-update-on-an-opnsense-router-takes-30-minutes-for-200k-rules/5068/6
To fix, SIDs can be consolidated into a dict lookup.
Actions