Feature #7830
openhyperscan: support cache invalidation and removal
Description
To avoid cluttering machines with (hyperscan) cache files, Suricata should also support automatic removal of unused cache files.
This can mean removal of unused caches right away or removal of unused caches in the last, e.g., 10 days.
needs backport to 8 when the label will be available.
Updated by Victor Julien 4 days ago
- Copied to Feature #7893: hyperscan: support cache invalidation and removal (8.0.x backport) added
Updated by Lukas Sismis 3 days ago
I identified three different scenarios that are possible to trigger cache eviction:
- on startup, delete every cache that is not used in the current run.
- delete every cache file older than <time in days/minutes/seconds>.
- set a disk memcap on the cache folder. Do not save more cache files than what is specified.
The first two are the main priority. The third can be an extension as it would stop creating the caches on memcap hit, and over time, it would fill in the right caches.
Suricata will likely need to keep a side file where metainformation about the last caches used will be noted, as we cannot rely on atime (it might be turned off).
Updated by Lukas Sismis about 14 hours ago
- Status changed from Assigned to In Progress