suricata icon indicating copy to clipboard operation
suricata copied to clipboard

Published 20 hours ago verified publisher icon OISF

Port grouping redo/v10

Open inashivb opened this issue 1 year ago • 1 comments

More fixes to #10451

inashivb avatar Feb 17 '24 13:02 inashivb

Information:

ERROR: QA failed on SURI_TLPW2_autofp_suri_time.

field baseline test %
SURI_TLPW2_autofp_stats_chk
.uptime 101 111 109.9%

Pipeline 18610

suricata-qa avatar Feb 17 '24 17:02 suricata-qa

additional cppcheck warning

src/detect-engine-build.c:1269:20: warning: Either the condition 'p1' is redundant or there is possible null pointer dereference: p1. [nullPointerRedundantCheck]
            port = p1->port;
                   ^
src/detect-engine-build.c:1273:21: note: Assuming that condition 'p1' is not redundant
                if (p1 && p1->single) {
                    ^
src/detect-engine-build.c:1269:20: note: Null pointer dereference
            port = p1->port;
                   ^

victorjulien avatar Feb 18 '24 10:02 victorjulien

Seems we can gain a lot by optimizing the way the whitelist grouping is happening image This is with the very large test ruleset.

victorjulien avatar Feb 18 '24 11:02 victorjulien

Seems we can gain a lot by optimizing the way the whitelist grouping is happening image This is with the very large test ruleset.

Think I have an idea. Will try it out and share the results.

inashivb avatar Feb 19 '24 06:02 inashivb

Replaced w https://github.com/OISF/suricata/pull/10482

inashivb avatar Feb 22 '24 04:02 inashivb