Merge in SNORT/snort3 from ~ALLEWI/snort3:idle_prune_to_400 to master
Squashed commit of the following:
commit
b32b0648b79a9b8045ad4916c6a1995a1f3920e4
Author: allewi@cisco.com <allewi@cisco.com>
Date: Thu Jan 27 10:52:44 2022 -0500
stream: setting the max number of flows pruned while idle to 400
bool FlowControl::prune_one(PruneReason reason, bool do_cleanup)
{ return cache->prune_one(reason, do_cleanup); }
-void FlowControl::timeout_flows(time_t cur_time)
+void FlowControl::timeout_flows(unsigned max, time_t cur_time)
{
- cache->timeout(1, cur_time);
+ cache->timeout(max, cur_time);
}
Flow* FlowControl::stale_flow_cleanup(FlowCache* cache, Flow* flow, Packet* p)
unsigned delete_flows(unsigned num_to_delete);
bool prune_one(PruneReason, bool do_cleanup);
snort::Flow* stale_flow_cleanup(FlowCache*, snort::Flow*, snort::Packet*);
- void timeout_flows(time_t cur_time);
+ void timeout_flows(unsigned int, time_t cur_time);
void check_expected_flow(snort::Flow*, snort::Packet*);
bool is_expected(snort::Packet*);
using namespace snort;
+#define IDLE_PRUNE_MAX 400
+
// this should not be publicly accessible
extern THREAD_LOCAL class FlowControl* flow_con;
packet_gettimeofday(&cur_time);
// FIXIT-M batch here or loop vs looping over idle?
- if ( flow_con )
- flow_con->timeout_flows(cur_time.tv_sec);
+ if (flow_con)
+ {
+ if (idle)
+ flow_con->timeout_flows(IDLE_PRUNE_MAX, cur_time.tv_sec);
+ else
+ flow_con->timeout_flows(1, cur_time.tv_sec);
+ }
int max_remove = idle ? -1 : 1; // -1 = all eligible
TcpStreamTracker::release_held_packets(cur_time, max_remove);
projects / thirdparty / snort3.git / commitdiff
