Pull request #3631: detection: add config option for SSE

author Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) <oshumeik@cisco.com>

Tue, 1 Nov 2022 12:52:25 +0000 (12:52 +0000)

committer Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) <oshumeik@cisco.com>

Tue, 1 Nov 2022 12:52:25 +0000 (12:52 +0000)
author Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) <oshumeik@cisco.com>
Tue, 1 Nov 2022 12:52:25 +0000 (12:52 +0000)
committer Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) <oshumeik@cisco.com>
Tue, 1 Nov 2022 12:52:25 +0000 (12:52 +0000)
diff --git a/src/detection/detection_continuation.h b/src/detection/detection_continuation.h

index ffac8ec57e45cc50c50fa42b3c715bf1d967c5e8..f9741e792972b252d007db9fed045e3add762d29 100644 (file)
--- a/src/detection/detection_continuation.h
+++ b/src/detection/detection_continuation.h
@@ -26,6 +26,7 @@
  #include "ips_options/extract.h"
  #include "latency/rule_latency.h"
  #include "latency/rule_latency_state.h"
+#include "main/snort_config.h"
  #include "main/thread_config.h"
  #include "protocols/packet.h"
  #include "trace/trace_api.h"
@@ -51,7 +52,7 @@ public:
      inline void eval(snort::Packet&);
  
  private:
-    Continuation(int max = 1024) : states_cnt(0), states_cnt_max(max),
+    Continuation(unsigned max_cnt) : states_cnt(0), states_cnt_max(max_cnt),
          reload_id(snort::SnortConfig::get_thread_reload_id())
      { }
  
@@ -120,7 +121,12 @@ void Continuation::postpone(const Cursor& cursor,
  
      if (!cont)
      {
-        cont = data.p->flow->ips_cont = new Continuation();
+        auto max_cnt = snort::SnortConfig::get_conf()->max_continuations;
+
+        if (!max_cnt)
+            return;
+
+        cont = data.p->flow->ips_cont = new Continuation(max_cnt);
          snort::pc.cont_flows++;
      }
  
diff --git a/src/detection/detection_module.cc b/src/detection/detection_module.cc

index 2d5084277d132b682fb2fa4e02aef75f0f77b951..ca51c86785b02ab0d0ea8be9a1f9b011b99da9d4 100644 (file)
--- a/src/detection/detection_module.cc
+++ b/src/detection/detection_module.cc
@@ -103,6 +103,9 @@ static const Parameter detection_params[] =
        "enable strict deduplication of rule headers by ports (saves memory, but "
        "loses some speed during config reading)" },
  
+    { "max_continuations_per_flow", Parameter::PT_INT, "0:65535", "1024",
+      "maximum number of continuations stored simultaneously on the flow" },
+
      { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
  };
  /* *INDENT-ON* */
@@ -214,5 +217,8 @@ bool DetectionModule::set(const char*, Value& v, SnortConfig* sc)
      else if ( v.is("enable_strict_reduction") )
          sc->enable_strict_reduction = v.get_bool();
  
+    else if ( v.is("max_continuations_per_flow") )
+        sc->max_continuations = v.get_uint16();
+
      return true;
  }
diff --git a/src/main/snort_config.h b/src/main/snort_config.h

index 221057bde9bc92a8115ce7c3a0f3453eb87d6f41..dc496dd433c43dba01bf42e54ff9f5ba0eecc9a1 100644 (file)
--- a/src/main/snort_config.h
+++ b/src/main/snort_config.h
@@ -235,6 +235,7 @@ public:
      bool global_default_rule_state = true;
      bool allow_missing_so_rules = false;
      bool enable_strict_reduction = false;
+    uint16_t max_continuations = 1024;
  
      //------------------------------------------------------
      // process stuff
author	Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) <oshumeik@cisco.com>
	Tue, 1 Nov 2022 12:52:25 +0000 (12:52 +0000)
committer	Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) <oshumeik@cisco.com>
	Tue, 1 Nov 2022 12:52:25 +0000 (12:52 +0000)
src/detection/detection_continuation.h		patch \| blob \| blame \| history
src/detection/detection_module.cc		patch \| blob \| blame \| history
src/main/snort_config.h		patch \| blob \| blame \| history