Project

General

Profile

Actions

Optimization #5178

closed

Bug #4941: alerts: 5.0.8/6.0.4 count noalert sigs towards built-in alert limit

Optimization #4207: Use configurable or more dynamic @ PACKET_ALERT_MAX@

detect/alert: improve packet alert queue handling

Added by Juliana Fajardini Reichow almost 3 years ago. Updated over 2 years ago.

Status:
Rejected
Priority:
Normal
Target version:
-
Effort:
Difficulty:
Label:

Description

With the change from a fixed size to a configurable packet alert queue (max), some issues with how the current queue is handled were exposed.

Improve that, to ensure there are no memory leaks with the dynamic allocation of the packet alerts queue.
--------------
This task will most likely be done as a backports-only candidate, in favour of the approach proposed by #5123 from 7.0.x onwards.


Related issues 3 (1 open2 closed)

Related to Suricata - Task #5179: stats/alert: log out to stats alerts that have been discarded from packet queueClosedJuliana Fajardini ReichowActions
Related to Suricata - Optimization #5180: detect/alert: make sure that signatures with `drop` action are respected, even if the alert is discardedIn ProgressJuliana Fajardini ReichowActions
Related to Suricata - Optimization #5123: alerts: use alert queing in DetectEngineThreadCtx (5.0.x backport)ClosedJuliana Fajardini ReichowActions
Actions

Also available in: Atom PDF