Skip to content

Commit

Permalink
thresholds: use dedicated storage
Browse files Browse the repository at this point in the history 
Instead of a Host and IPPair table thresholding layer, use a dedicated
THash to store both. This allows hashing on host+sid+tracker or
ippair+sid+tracker, to create more unique hash keys.

This allows for fewer hash collisions.

The per rule tracking also uses this, so that the single big lock is no
longer a single point of contention.

Reimplement storage for flow thresholds to reuse as much logic as
possible from the host/ippair/rule thresholds.

Ticket: OISF#426.
  • Loading branch information
@victorjulien
victorjulien committed Jun 28, 2024
1 parent ac400af commit b8028bf
Show file tree
Hide file tree
Showing 13 changed files with 403 additions and 706 deletions.
12 changes: 6 additions & 6 deletions src/detect-detection-filter.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -378,7 +378,7 @@ static int DetectDetectionFilterTestSig1(void)
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx;

HostInitConfig(HOST_QUIET);
ThresholdInit();

memset(&th_v, 0, sizeof(th_v));

Expand Down Expand Up @@ -418,7 +418,7 @@ static int DetectDetectionFilterTestSig1(void)
DetectEngineCtxFree(de_ctx);

UTHFreePackets(&p, 1);
HostShutdown();
ThresholdDestroy();

PASS;
}
Expand All @@ -435,7 +435,7 @@ static int DetectDetectionFilterTestSig2(void)
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx;

HostInitConfig(HOST_QUIET);
ThresholdInit();

memset(&th_v, 0, sizeof(th_v));

Expand Down Expand Up @@ -480,7 +480,7 @@ static int DetectDetectionFilterTestSig2(void)
DetectEngineCtxFree(de_ctx);

UTHFreePackets(&p, 1);
HostShutdown();
ThresholdDestroy();

PASS;
}
Expand All @@ -493,7 +493,7 @@ static int DetectDetectionFilterTestSig3(void)
ThreadVars th_v;
DetectEngineThreadCtx *det_ctx;

HostInitConfig(HOST_QUIET);
ThresholdInit();

memset(&th_v, 0, sizeof(th_v));

Expand Down Expand Up @@ -556,7 +556,7 @@ static int DetectDetectionFilterTestSig3(void)
DetectEngineCtxFree(de_ctx);

UTHFreePackets(&p, 1);
HostShutdown();
ThresholdDestroy();

PASS;
}
Expand Down
2 changes: 0 additions & 2 deletions src/detect-engine-build.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2219,8 +2219,6 @@ int SigGroupBuild(DetectEngineCtx *de_ctx)
SCProfilingRuleInitCounters(de_ctx);
#endif

ThresholdHashAllocate(de_ctx);

if (!DetectEngineMultiTenantEnabled()) {
VarNameStoreActivate();
}
Expand Down
Loading

0 comments on commit b8028bf

Please sign in to comment.