Pull request #4202: appid: Lowering max packet count before service fail

author Oleksandr Stepanov -X (ostepano - SOFTSERVE INC at Cisco) <ostepano@cisco.com>

Tue, 13 Feb 2024 21:27:16 +0000 (21:27 +0000)

committer Chris Sherwin (chsherwi) <chsherwi@cisco.com>

Tue, 13 Feb 2024 21:27:16 +0000 (21:27 +0000)
author Oleksandr Stepanov -X (ostepano - SOFTSERVE INC at Cisco) <ostepano@cisco.com>
Tue, 13 Feb 2024 21:27:16 +0000 (21:27 +0000)
committer Chris Sherwin (chsherwi) <chsherwi@cisco.com>
Tue, 13 Feb 2024 21:27:16 +0000 (21:27 +0000)
diff --git a/src/network_inspectors/appid/app_info_table.cc b/src/network_inspectors/appid/app_info_table.cc

index ffc3361aa1faf1af7f89e07668fbadbcbe49dc8e..53b4fca730eef8f67b93bd9aa508343bf063f5b2 100644 (file)
--- a/src/network_inspectors/appid/app_info_table.cc
+++ b/src/network_inspectors/appid/app_info_table.cc
@@ -513,7 +513,7 @@ void AppInfoManager::load_odp_config(OdpContext& odp_ctxt, const char* path)
                  uint64_t max_bytes_before_service_fail = atoi(conf_val);
                  if (max_bytes_before_service_fail < MIN_MAX_BYTES_BEFORE_SERVICE_FAIL)
                  {
-                    ParseWarning(WARN_CONF, "appid: invalid max_bytes_before_service_fail "
+                    appid_log(nullptr, TRACE_WARNING_LEVEL, "appid: invalid max_bytes_before_service_fail "
                          "%" PRIu64 " must be greater than %u.\n", max_bytes_before_service_fail,
                          MIN_MAX_BYTES_BEFORE_SERVICE_FAIL);
                  }
@@ -527,7 +527,7 @@ void AppInfoManager::load_odp_config(OdpContext& odp_ctxt, const char* path)
                  uint16_t max_packet_before_service_fail = atoi(conf_val);
                  if (max_packet_before_service_fail < MIN_MAX_PKTS_BEFORE_SERVICE_FAIL)
                  {
-                    ParseWarning(WARN_CONF, "appid: invalid max_packet_before_service_fail "
+                    appid_log(nullptr, TRACE_WARNING_LEVEL, "appid: invalid max_packet_before_service_fail "
                          "%" PRIu16 ", must be greater than %u.\n", max_packet_before_service_fail,
                          MIN_MAX_PKTS_BEFORE_SERVICE_FAIL);
                  }
@@ -542,7 +542,7 @@ void AppInfoManager::load_odp_config(OdpContext& odp_ctxt, const char* path)
                  if (max_packet_service_fail_ignore_bytes <
                      MIN_MAX_PKT_BEFORE_SERVICE_FAIL_IGNORE_BYTES)
                  {
-                    ParseWarning(WARN_CONF, "appid: invalid max_packet_service_fail_ignore_bytes"
+                    appid_log(nullptr, TRACE_WARNING_LEVEL, "appid: invalid max_packet_service_fail_ignore_bytes"
                          "%" PRIu16 ", must be greater than %u.\n",
                          max_packet_service_fail_ignore_bytes,
                          MIN_MAX_PKT_BEFORE_SERVICE_FAIL_IGNORE_BYTES);
diff --git a/src/network_inspectors/appid/appid_config.h b/src/network_inspectors/appid/appid_config.h

index 3e5c22d1e0e62af96960d4fca8166432e16e2bcb..0af943f1bb96b18341350b3d12113c40e6b55fbc 100644 (file)
--- a/src/network_inspectors/appid/appid_config.h
+++ b/src/network_inspectors/appid/appid_config.h
@@ -48,9 +48,14 @@
  
  #define APP_ID_PORT_ARRAY_SIZE  65536
  
-#define MIN_MAX_BYTES_BEFORE_SERVICE_FAIL 4096
-#define MIN_MAX_PKTS_BEFORE_SERVICE_FAIL 5
-#define MIN_MAX_PKT_BEFORE_SERVICE_FAIL_IGNORE_BYTES 15
+#define MIN_MAX_BYTES_BEFORE_SERVICE_FAIL 1024
+#define MIN_MAX_PKTS_BEFORE_SERVICE_FAIL 2
+#define MIN_MAX_PKT_BEFORE_SERVICE_FAIL_IGNORE_BYTES 2
+
+#define DEFAULT_MAX_BYTES_BEFORE_SERVICE_FAIL 4096
+#define DEFAULT_MAX_PKTS_BEFORE_SERVICE_FAIL  5
+#define DEFAULT_MAX_PKT_BEFORE_SERVICE_FAIL_IGNORE_BYTES 10
+
  
  enum SnortProtoIdIndex
  {
@@ -132,9 +137,9 @@ public:
      uint32_t host_port_app_cache_lookup_range = 100000;
      bool allow_port_wildcard_host_cache = false;
      bool recheck_for_portservice_appid = false;
-    uint64_t max_bytes_before_service_fail = MIN_MAX_BYTES_BEFORE_SERVICE_FAIL;
-    uint16_t max_packet_before_service_fail = MIN_MAX_PKTS_BEFORE_SERVICE_FAIL;
-    uint16_t max_packet_service_fail_ignore_bytes = MIN_MAX_PKT_BEFORE_SERVICE_FAIL_IGNORE_BYTES;
+    uint64_t max_bytes_before_service_fail = DEFAULT_MAX_BYTES_BEFORE_SERVICE_FAIL;
+    uint16_t max_packet_before_service_fail = DEFAULT_MAX_PKTS_BEFORE_SERVICE_FAIL;
+    uint16_t max_packet_service_fail_ignore_bytes = DEFAULT_MAX_PKT_BEFORE_SERVICE_FAIL_IGNORE_BYTES;
      FirstPktAppIdDiscovered first_pkt_appid_prefix = NO_APPID_FOUND;
      bool eve_http_client = true;
author	Oleksandr Stepanov -X (ostepano - SOFTSERVE INC at Cisco) <ostepano@cisco.com>
	Tue, 13 Feb 2024 21:27:16 +0000 (21:27 +0000)
committer	Chris Sherwin (chsherwi) <chsherwi@cisco.com>
	Tue, 13 Feb 2024 21:27:16 +0000 (21:27 +0000)
src/network_inspectors/appid/app_info_table.cc		patch \| blob \| blame \| history
src/network_inspectors/appid/appid_config.h		patch \| blob \| blame \| history