Project

General

Profile

Actions
Copy link

Optimization #6792

closed

detect/port: port grouping is quite slow in worst cases

Added by Shivani Bhardwaj 8 months ago. Updated 5 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Shivani Bhardwaj
Target version:
8.0.0-beta1
Effort:
Difficulty:
Label:

Description

Given how the port grouping was done historically, in some worst case scenarios, it could take a very long time to group the signatures on the basis of ports and thus increasing the entire time taken by the engine to start by a huge factor.

Subtasks 3 (0 open3 closed)

Optimization #6795: detect/port: PortGroupWhitelist fn takes a lot of processing timeClosedVictor JulienActions
Optimization #6829: detect/port: PortGroupWhitelist fn takes a lot of processing time (7.0.x backport)ClosedShivani BhardwajActions
Optimization #6830: detect/port: port grouping is quite slow in worst cases (7.0.x backport)ClosedShivani BhardwajActions

Related issues 5 (0 open5 closed)

Related to Suricata - Bug #6414: detect-engine/port: recursive DetectPortInsert calls are expensiveClosedShivani BhardwajActions
Related to Suricata - Bug #6843: detect/port: port ranges are incorrect when a port is single as well as a part of rangeClosedShivani BhardwajActions
Related to Suricata - Bug #6881: detect/port: port grouping does not happen correctly if gap between a single and range portClosedShivani BhardwajActions
Related to Suricata - Bug #6896: detect/port: upper boundary ports are not correctly handledClosedShivani BhardwajActions
Related to Suricata - Bug #2908: ip only rules cause suricata to take 17 minutes to startClosedActions
Actions
Copy link
 #1

Updated by Shivani Bhardwaj 8 months ago

  • Status changed from Assigned to In Review
Actions
Copy link
 #2

Updated by Shivani Bhardwaj 8 months ago

  • Subtask #6795 added
Actions
Copy link
 #3

Updated by Shivani Bhardwaj 8 months ago

  • Related to Bug #6414: detect-engine/port: recursive DetectPortInsert calls are expensive added
Actions
Copy link
 #4

Updated by Shivani Bhardwaj 8 months ago

  • Status changed from In Review to Resolved
Actions
Copy link
 #5

Updated by Shivani Bhardwaj 8 months ago

  • Label Needs backport to 7.0 added
Actions
Copy link
 #6

Updated by OISF Ticketbot 8 months ago

  • Subtask #6830 added
Actions
Copy link
 #7

Updated by OISF Ticketbot 8 months ago

  • Label deleted (Needs backport to 7.0)
Actions
Copy link
 #8

Updated by Shivani Bhardwaj 8 months ago

  • Related to Bug #6843: detect/port: port ranges are incorrect when a port is single as well as a part of range added
Actions
Copy link
 #9

Updated by Shivani Bhardwaj 7 months ago

  • Related to Bug #6881: detect/port: port grouping does not happen correctly if gap between a single and range port added
Actions
Copy link
 #10

Updated by Shivani Bhardwaj 7 months ago

  • Related to Bug #6896: detect/port: upper boundary ports are not correctly handled added
Actions
Copy link
 #11

Updated by Victor Julien 7 months ago

  • Related to Bug #2908: ip only rules cause suricata to take 17 minutes to start added
Actions
Copy link
 #12

Updated by Shivani Bhardwaj 5 months ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF