From: Masud Hasan (mashasan) Date: Fri, 28 Jan 2022 19:04:53 +0000 (+0000) Subject: Pull request #3249: stream: setting the max number of flows pruned while idle to 400 X-Git-Tag: 3.1.22.0~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=65d4f8bc80bdf617af186d5fc89c52e336ab72e9;p=thirdparty%2Fsnort3.git Pull request #3249: stream: setting the max number of flows pruned while idle to 400 Merge in SNORT/snort3 from ~ALLEWI/snort3:idle_prune_to_400 to master Squashed commit of the following: commit b32b0648b79a9b8045ad4916c6a1995a1f3920e4 Author: allewi@cisco.com Date: Thu Jan 27 10:52:44 2022 -0500 stream: setting the max number of flows pruned while idle to 400 --- diff --git a/src/flow/flow_control.cc b/src/flow/flow_control.cc index 783996935..611f5c9a9 100644 --- a/src/flow/flow_control.cc +++ b/src/flow/flow_control.cc @@ -117,9 +117,9 @@ unsigned FlowControl::delete_flows(unsigned num_to_delete) bool FlowControl::prune_one(PruneReason reason, bool do_cleanup) { return cache->prune_one(reason, do_cleanup); } -void FlowControl::timeout_flows(time_t cur_time) +void FlowControl::timeout_flows(unsigned max, time_t cur_time) { - cache->timeout(1, cur_time); + cache->timeout(max, cur_time); } Flow* FlowControl::stale_flow_cleanup(FlowCache* cache, Flow* flow, Packet* p) diff --git a/src/flow/flow_control.h b/src/flow/flow_control.h index cc2eec4c6..fd87d67fc 100644 --- a/src/flow/flow_control.h +++ b/src/flow/flow_control.h @@ -67,7 +67,7 @@ public: unsigned delete_flows(unsigned num_to_delete); bool prune_one(PruneReason, bool do_cleanup); snort::Flow* stale_flow_cleanup(FlowCache*, snort::Flow*, snort::Packet*); - void timeout_flows(time_t cur_time); + void timeout_flows(unsigned int, time_t cur_time); void check_expected_flow(snort::Flow*, snort::Packet*); bool is_expected(snort::Packet*); diff --git a/src/stream/stream.cc b/src/stream/stream.cc index 0d177aa57..1799d927f 100644 --- a/src/stream/stream.cc +++ b/src/stream/stream.cc @@ -49,6 +49,8 @@ using namespace snort; +#define IDLE_PRUNE_MAX 400 + // this should not be publicly accessible extern THREAD_LOCAL class FlowControl* flow_con; @@ -366,8 +368,13 @@ void Stream::handle_timeouts(bool idle) packet_gettimeofday(&cur_time); // FIXIT-M batch here or loop vs looping over idle? - if ( flow_con ) - flow_con->timeout_flows(cur_time.tv_sec); + if (flow_con) + { + if (idle) + flow_con->timeout_flows(IDLE_PRUNE_MAX, cur_time.tv_sec); + else + flow_con->timeout_flows(1, cur_time.tv_sec); + } int max_remove = idle ? -1 : 1; // -1 = all eligible TcpStreamTracker::release_held_packets(cur_time, max_remove);