From: Oleksandr Stepanov -X (ostepano - SOFTSERVE INC at Cisco) Date: Tue, 13 Feb 2024 21:27:16 +0000 (+0000) Subject: Pull request #4202: appid: Lowering max packet count before service fail X-Git-Tag: 3.1.81.0~8 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a00764ecb0fe86a03420538b4aed6fd0bd0d4362;p=thirdparty%2Fsnort3.git Pull request #4202: appid: Lowering max packet count before service fail Merge in SNORT/snort3 from ~OSTEPANO/snort3:appid_min_packet_fail to master Squashed commit of the following: commit cba87ecc5b2533276894c48f1f14294cefa873f7 Author: Oleksandr Stepanov Date: Fri Feb 9 06:30:31 2024 -0500 appid: Lowering max packet count before service fail --- diff --git a/src/network_inspectors/appid/app_info_table.cc b/src/network_inspectors/appid/app_info_table.cc index ffc3361aa..53b4fca73 100644 --- a/src/network_inspectors/appid/app_info_table.cc +++ b/src/network_inspectors/appid/app_info_table.cc @@ -513,7 +513,7 @@ void AppInfoManager::load_odp_config(OdpContext& odp_ctxt, const char* path) uint64_t max_bytes_before_service_fail = atoi(conf_val); if (max_bytes_before_service_fail < MIN_MAX_BYTES_BEFORE_SERVICE_FAIL) { - ParseWarning(WARN_CONF, "appid: invalid max_bytes_before_service_fail " + appid_log(nullptr, TRACE_WARNING_LEVEL, "appid: invalid max_bytes_before_service_fail " "%" PRIu64 " must be greater than %u.\n", max_bytes_before_service_fail, MIN_MAX_BYTES_BEFORE_SERVICE_FAIL); } @@ -527,7 +527,7 @@ void AppInfoManager::load_odp_config(OdpContext& odp_ctxt, const char* path) uint16_t max_packet_before_service_fail = atoi(conf_val); if (max_packet_before_service_fail < MIN_MAX_PKTS_BEFORE_SERVICE_FAIL) { - ParseWarning(WARN_CONF, "appid: invalid max_packet_before_service_fail " + appid_log(nullptr, TRACE_WARNING_LEVEL, "appid: invalid max_packet_before_service_fail " "%" PRIu16 ", must be greater than %u.\n", max_packet_before_service_fail, MIN_MAX_PKTS_BEFORE_SERVICE_FAIL); } @@ -542,7 +542,7 @@ void AppInfoManager::load_odp_config(OdpContext& odp_ctxt, const char* path) if (max_packet_service_fail_ignore_bytes < MIN_MAX_PKT_BEFORE_SERVICE_FAIL_IGNORE_BYTES) { - ParseWarning(WARN_CONF, "appid: invalid max_packet_service_fail_ignore_bytes" + appid_log(nullptr, TRACE_WARNING_LEVEL, "appid: invalid max_packet_service_fail_ignore_bytes" "%" PRIu16 ", must be greater than %u.\n", max_packet_service_fail_ignore_bytes, MIN_MAX_PKT_BEFORE_SERVICE_FAIL_IGNORE_BYTES); diff --git a/src/network_inspectors/appid/appid_config.h b/src/network_inspectors/appid/appid_config.h index 3e5c22d1e..0af943f1b 100644 --- a/src/network_inspectors/appid/appid_config.h +++ b/src/network_inspectors/appid/appid_config.h @@ -48,9 +48,14 @@ #define APP_ID_PORT_ARRAY_SIZE 65536 -#define MIN_MAX_BYTES_BEFORE_SERVICE_FAIL 4096 -#define MIN_MAX_PKTS_BEFORE_SERVICE_FAIL 5 -#define MIN_MAX_PKT_BEFORE_SERVICE_FAIL_IGNORE_BYTES 15 +#define MIN_MAX_BYTES_BEFORE_SERVICE_FAIL 1024 +#define MIN_MAX_PKTS_BEFORE_SERVICE_FAIL 2 +#define MIN_MAX_PKT_BEFORE_SERVICE_FAIL_IGNORE_BYTES 2 + +#define DEFAULT_MAX_BYTES_BEFORE_SERVICE_FAIL 4096 +#define DEFAULT_MAX_PKTS_BEFORE_SERVICE_FAIL 5 +#define DEFAULT_MAX_PKT_BEFORE_SERVICE_FAIL_IGNORE_BYTES 10 + enum SnortProtoIdIndex { @@ -132,9 +137,9 @@ public: uint32_t host_port_app_cache_lookup_range = 100000; bool allow_port_wildcard_host_cache = false; bool recheck_for_portservice_appid = false; - uint64_t max_bytes_before_service_fail = MIN_MAX_BYTES_BEFORE_SERVICE_FAIL; - uint16_t max_packet_before_service_fail = MIN_MAX_PKTS_BEFORE_SERVICE_FAIL; - uint16_t max_packet_service_fail_ignore_bytes = MIN_MAX_PKT_BEFORE_SERVICE_FAIL_IGNORE_BYTES; + uint64_t max_bytes_before_service_fail = DEFAULT_MAX_BYTES_BEFORE_SERVICE_FAIL; + uint16_t max_packet_before_service_fail = DEFAULT_MAX_PKTS_BEFORE_SERVICE_FAIL; + uint16_t max_packet_service_fail_ignore_bytes = DEFAULT_MAX_PKT_BEFORE_SERVICE_FAIL_IGNORE_BYTES; FirstPktAppIdDiscovered first_pkt_appid_prefix = NO_APPID_FOUND; bool eve_http_client = true;