From: Victor Julien Date: Mon, 17 Mar 2025 20:19:13 +0000 (+0100) Subject: datasets: set higher hashsize limits X-Git-Tag: suricata-7.0.9~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d86c5f9f0c75736d4fce93e27c0773fcb27e1047;p=thirdparty%2Fsuricata.git datasets: set higher hashsize limits To avoid possible upgrade issues, allow higher defaults than in the master branch. Add some upgrade guidance and a note that defaults will probably be further reduced. --- diff --git a/doc/userguide/upgrade.rst b/doc/userguide/upgrade.rst index a78dd730c7..ebd9dc3374 100644 --- a/doc/userguide/upgrade.rst +++ b/doc/userguide/upgrade.rst @@ -44,6 +44,21 @@ Upgrading to 7.0.9 been added, ``v2-block-size`` which can be used to tune this value for TPACKET_V2. Due to the increased block size, memory usage has been increased, but should not be an issue in most cases. +- Datasets specifying a custom `hashsize` will now be limited to 262144 by default. + Additionally, the cumulative hash sizes for all datasets in use should not exceed + 67108864. These settings can be changed with the following settings. + + .. code-block:: yaml + + datasets: + # Limits for per rule dataset instances to avoid rules using too many + # resources. + # Note: in Suricata 8 the built-in default will be set to lower values. + limits: + # Max value for per dataset `hashsize` setting + #single-hashsize: 262144 + # Max combined hashsize values for all datasets. + #total-hashsizes: 67108864 Upgrading to 7.0.8 ------------------ diff --git a/src/datasets.c b/src/datasets.c index 99d66b67de..412413ab4a 100644 --- a/src/datasets.c +++ b/src/datasets.c @@ -45,8 +45,9 @@ SCMutex sets_lock = SCMUTEX_INITIALIZER; static Dataset *sets = NULL; static uint32_t set_ids = 0; -uint32_t dataset_max_one_hashsize = 65536; -uint32_t dataset_max_total_hashsize = 16777216; +/* 4x what we set in master to allow a smoother upgrade path */ +uint32_t dataset_max_one_hashsize = 262144; +uint32_t dataset_max_total_hashsize = 67108864; uint32_t dataset_used_hashsize = 0; static int DatasetAddwRep(Dataset *set, const uint8_t *data, const uint32_t data_len, diff --git a/suricata.yaml.in b/suricata.yaml.in index 97236eb398..722f17a0b1 100644 --- a/suricata.yaml.in +++ b/suricata.yaml.in @@ -1190,11 +1190,12 @@ datasets: # Limits for per rule dataset instances to avoid rules using too many # resources. + # Note: in Suricata 8 the built-in default will be set to lower values. limits: # Max value for per dataset `hashsize` setting - #single-hashsize: 65536 + #single-hashsize: 262144 # Max combined hashsize values for all datasets. - #total-hashsizes: 16777216 + #total-hashsizes: 67108864 rules: # Set to true to allow absolute filenames and filenames that use