]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
detect/threshold: make hash size and memcap configurable
authorVictor Julien <vjulien@oisf.net>
Wed, 15 May 2024 09:02:29 +0000 (11:02 +0200)
committerVictor Julien <vjulien@oisf.net>
Fri, 28 Jun 2024 07:46:34 +0000 (09:46 +0200)
src/detect-engine-threshold.c
suricata.yaml.in

index 60d9bd8acc972c253a3c1e5d259d74117c9c344d..faedb656b0b47c1ffd5e8124418bbfd121518c0c 100644 (file)
@@ -45,6 +45,7 @@
 #include "detect-engine-address.h"
 #include "detect-engine-address-ipv6.h"
 
+#include "util-misc.h"
 #include "util-time.h"
 #include "util-error.h"
 #include "util-debug.h"
@@ -183,14 +184,38 @@ static bool ThresholdEntryExpire(void *data, const SCTime_t ts)
 
 static int ThresholdsInit(struct Thresholds *t)
 {
-    uint64_t memcap = 16 * 1024 * 1024;
     uint32_t hashsize = 16384;
+    uint64_t memcap = 16 * 1024 * 1024;
+
+    const char *str;
+    if (ConfGet("detect.thresholds.memcap", &str) == 1) {
+        if (ParseSizeStringU64(str, &memcap) < 0) {
+            SCLogError("Error parsing detect.thresholds.memcap from conf file - %s", str);
+            return -1;
+        }
+    }
+
+    intmax_t value = 0;
+    if ((ConfGetInt("detect.thresholds.hash-size", &value)) == 1) {
+        if (value < 256 || value > INT_MAX) {
+            SCLogError("'detect.thresholds.hash-size' value %" PRIiMAX
+                       " out of range. Valid range 256-2147483647.",
+                    value);
+            return -1;
+        }
+        hashsize = (uint32_t)value;
+    }
+
     t->thash = THashInit("thresholds", sizeof(ThresholdEntry), ThresholdEntrySet,
             ThresholdEntryFree, ThresholdEntryHash, ThresholdEntryCompare, ThresholdEntryExpire, 0,
             memcap, hashsize);
-    BUG_ON(t->thash == NULL);
+    if (t->thash == NULL) {
+        SCLogError("failed to initialize thresholds hash table");
+        return -1;
+    }
     return 0;
 }
+
 static void ThresholdsDestroy(struct Thresholds *t)
 {
     if (t->thash) {
index 0ba63086d0d16bbdcefaa2fb68c40b3bf2690a77..5e4d039e9e7bfbcd8299fa6336170bf1d7051ae5 100644 (file)
@@ -1700,6 +1700,11 @@ detect:
     #tcp-whitelist: 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
     #udp-whitelist: 53, 135, 5060
 
+  # Thresholding hash table settings.
+  thresholds:
+    hash-size: 16384
+    memcap: 16mb
+
   profiling:
     # Log the rules that made it past the prefilter stage, per packet
     # default is off. The threshold setting determines how many rules