Feature #7830
closedhyperscan: support cache invalidation and removal
Description
To avoid cluttering machines with (hyperscan) cache files, Suricata should also support automatic removal of unused cache files.
This can mean removal of unused caches right away or removal of unused caches in the last, e.g., 10 days.
needs backport to 8 when the label will be available.
Updated by Victor Julien 4 months ago
- Copied to Feature #7893: hyperscan: support cache invalidation and removal (8.0.x backport) added
Updated by Lukas Sismis 4 months ago
I identified three different scenarios that are possible to trigger cache eviction:
- on startup, delete every cache that is not used in the current run.
- delete every cache file older than <time in days/minutes/seconds>.
- set a disk memcap on the cache folder. Do not save more cache files than what is specified.
The first two are the main priority. The third can be an extension as it would stop creating the caches on memcap hit, and over time, it would fill in the right caches.
Suricata will likely need to keep a side file where metainformation about the last caches used will be noted, as we cannot rely on atime (it might be turned off).
Updated by Lukas Sismis 4 months ago
- Status changed from Assigned to In Progress
Updated by Philippe Antoine about 2 months ago
- Status changed from In Progress to In Review
Updated by Lukas Sismis 7 days ago
- Status changed from In Review to Closed
Updated by Lukas Sismis 2 days ago
- Related to Bug #8243: hyperscan: address stat path check warning added