defrag: really use 'max-frags' variable.

The 'max-frags' variable was not used and the 'trackers' variable was
not documented. This patch fixes the two issues.

diff --git a/src/defrag.c b/src/defrag.c
index 99a320a8489ae2211eb2020a933cbdadd2d2d393..f793b7d0567bf2f0a400e10d2b3af678060a8d7e 100644 (file)
--- a/src/defrag.c
+++ b/src/defrag.c
@@ -55,6 +55,7 @@
 #endif
 
 #define DEFAULT_DEFRAG_HASH_SIZE 0xffff
+#define DEFAULT_DEFRAG_POOL_SIZE 0xffff
 
 /**
  * Default timeout (in seconds) before a defragmentation tracker will
@@ -449,7 +450,10 @@ DefragContextNew(void)
     }
 
     /* Initialize the pool of frags. */
-    int frag_pool_size = 0xffff;
+    int frag_pool_size;
+    if (!ConfGetInt("defrag.max-frags", &frag_pool_size)) {
+        frag_pool_size = DEFAULT_DEFRAG_POOL_SIZE;
+    }
     int frag_pool_prealloc = frag_pool_size / 4;
     dc->frag_pool = PoolInit(frag_pool_size, frag_pool_prealloc,
         DefragFragNew, dc, DefragFragFree);

diff --git a/suricata.yaml.in b/suricata.yaml.in
index a2ceaba5c7464b6da2ce9719ab02fda1e8196107..4f0d176941f82b9ba29462fda4609da30314db33 100644 (file)
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -430,7 +430,8 @@ pattern-matcher:
 # Defrag settings:
 
 defrag:
-  max-frags: 65535
+  trackers: 65535 # number of defragmented flows to follow
+  max-frags: 65535 # number of fragments per-flow
   prealloc: yes
   timeout: 60