From: Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) <oshumeik@cisco.com>
Date: Tue, 1 Nov 2022 12:52:25 +0000 (+0000)
Subject: Pull request #3631: detection: add config option for SSE
X-Git-Tag: 3.1.47.0~19
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b34d29c1014c52c5ebec076d3f94f4a3c21b5186;p=thirdparty%2Fsnort3.git

Pull request #3631: detection: add config option for SSE

Merge in SNORT/snort3 from ~YVELYKOZ/snort3:sse_config_upd to master

Squashed commit of the following:

commit d23f48662ab0de026d4d84a482d4d9641ccee981
Author: Yehor Velykozhon <yvelykoz@cisco.com>
Date:   Fri Oct 7 13:17:03 2022 +0300

    detection: add config option for SSE
---

diff --git a/src/detection/detection_continuation.h b/src/detection/detection_continuation.h
index ffac8ec57..f9741e792 100644
--- a/src/detection/detection_continuation.h
+++ b/src/detection/detection_continuation.h
@@ -26,6 +26,7 @@
 #include "ips_options/extract.h"
 #include "latency/rule_latency.h"
 #include "latency/rule_latency_state.h"
+#include "main/snort_config.h"
 #include "main/thread_config.h"
 #include "protocols/packet.h"
 #include "trace/trace_api.h"
@@ -51,7 +52,7 @@ public:
     inline void eval(snort::Packet&);
 
 private:
-    Continuation(int max = 1024) : states_cnt(0), states_cnt_max(max),
+    Continuation(unsigned max_cnt) : states_cnt(0), states_cnt_max(max_cnt),
         reload_id(snort::SnortConfig::get_thread_reload_id())
     { }
 
@@ -120,7 +121,12 @@ void Continuation::postpone(const Cursor& cursor,
 
     if (!cont)
     {
-        cont = data.p->flow->ips_cont = new Continuation();
+        auto max_cnt = snort::SnortConfig::get_conf()->max_continuations;
+
+        if (!max_cnt)
+            return;
+
+        cont = data.p->flow->ips_cont = new Continuation(max_cnt);
         snort::pc.cont_flows++;
     }
 
diff --git a/src/detection/detection_module.cc b/src/detection/detection_module.cc
index 2d5084277..ca51c8678 100644
--- a/src/detection/detection_module.cc
+++ b/src/detection/detection_module.cc
@@ -103,6 +103,9 @@ static const Parameter detection_params[] =
       "enable strict deduplication of rule headers by ports (saves memory, but "
       "loses some speed during config reading)" },
 
+    { "max_continuations_per_flow", Parameter::PT_INT, "0:65535", "1024",
+      "maximum number of continuations stored simultaneously on the flow" },
+
     { nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr }
 };
 /* *INDENT-ON* */
@@ -214,5 +217,8 @@ bool DetectionModule::set(const char*, Value& v, SnortConfig* sc)
     else if ( v.is("enable_strict_reduction") )
         sc->enable_strict_reduction = v.get_bool();
 
+    else if ( v.is("max_continuations_per_flow") )
+        sc->max_continuations = v.get_uint16();
+
     return true;
 }
diff --git a/src/main/snort_config.h b/src/main/snort_config.h
index 221057bde..dc496dd43 100644
--- a/src/main/snort_config.h
+++ b/src/main/snort_config.h
@@ -235,6 +235,7 @@ public:
     bool global_default_rule_state = true;
     bool allow_missing_so_rules = false;
     bool enable_strict_reduction = false;
+    uint16_t max_continuations = 1024;
 
     //------------------------------------------------------
     // process stuff