Bug #3345
Updated by Jason Ish over 4 years ago
User reported slowdown in the The DHCP parser. It turns out that the DHCP parser did does not register tx detect flag callbacks resulting the callbacks. This prevents transactions on a flow never from being freed. This is particular noticeable on DHCP due cleaned up and leads to the 0.0.0.0->255.255.255.255 address pair that is used for many DHCP requests. First fixed as an app-layer fixup to handle parsers without tx detect flags, such as DHCP that don't need them as they don't register any detection engines. The second fix was to throw a fatal error if a detect engine is registered for an app-layer proto without tx detect flags. This should never happen in production, its more of a check during development. Finally protocols that were missing tx detect flags that needed them were fixed up to use them. parser slowing down.