Optimization #5178
closed
Bug #4941: alerts: 5.0.8/6.0.4 count noalert sigs towards built-in alert limit
Optimization #4207: Use configurable or more dynamic @ PACKET_ALERT_MAX@
detect/alert: improve packet alert queue handling
Added by Juliana Fajardini Reichow almost 3 years ago.
Updated over 2 years ago.
Description
With the change from a fixed size to a configurable packet alert queue (max), some issues with how the current queue is handled were exposed.
Improve that, to ensure there are no memory leaks with the dynamic allocation of the packet alerts queue.
--------------
This task will most likely be done as a backports-only candidate, in favour of the approach proposed by #5123 from 7.0.x onwards.
- Related to Task #5179: stats/alert: log out to stats alerts that have been discarded from packet queue added
- Related to Optimization #5180: detect/alert: make sure that signatures with `drop` action are respected, even if the alert is discarded added
- Related to Optimization #5123: alerts: use alert queing in DetectEngineThreadCtx (5.0.x backport) added
- Description updated (diff)
- Target version changed from 7.0.0-beta1 to TBD
- Status changed from New to In Progress
- Status changed from In Progress to In Review
Will stop current work on this issue because we will try to follow the approach for #4943, and which could lead to a simpler/less convoluted way of handling the packet alert queue.
- Status changed from In Review to Closed
- Status changed from Closed to Rejected
- Target version deleted (
TBD)
Also available in: Atom
PDF