suricata icon indicating copy to clipboard operation
suricata copied to clipboard

Published 20 hours ago verified publisher icon OISF

flow: Add cfg for optional flow reuse during low memory

Open coledishington opened this issue 11 months ago • 3 comments

By default, force flow reuse to reuse an existing flows no matter the state of the flow.

Add a configuration option flow.force-reuse, enabled by default, that can turn off the above behavior.

Ticket: #6293

Make sure these boxes are signed before submitting your Pull Request -- thank you.

  • [✓] I have read the contributing guide lines at https://docs.suricata.io/en/latest/devguide/contributing/contribution-process.html
  • [✓] I have signed the Open Information Security Foundation contribution agreement at https://suricata.io/about/contribution-agreement/ (note: this is only required once)
  • [✓] I have updated the user guide (in doc/userguide/) to reflect the changes made (if applicable)

Link to redmine ticket: https://redmine.openinfosecfoundation.org/issues/6293

Describe changes: Add a configuration option flow.force-reuse, enabled by default, that can turn off flow reuse in low memory situations.

Provide values to any of the below to override the defaults.

SV_BRANCH=https://github.com/OISF/suricata-verify/pull/1699

coledishington avatar Mar 05 '24 19:03 coledishington

FYI merge is blocked by the SV PR not yet being approved. When you've submitted a new PR, please update this PR to reference it. Thanks!

victorjulien avatar Mar 09 '24 06:03 victorjulien

FYI merge is blocked by the SV PR not yet being approved. When you've submitted a new PR, please update this PR to reference it. Thanks!

Thanks, updated the SV_BRANCH in the PR description. Or should I push a new PR referencing the suricata-verify test?

coledishington avatar Mar 12 '24 19:03 coledishington

FYI merge is blocked by the SV PR not yet being approved. When you've submitted a new PR, please update this PR to reference it. Thanks!

Thanks, updated the SV_BRANCH in the PR description. Or should I push a new PR referencing the suricata-verify test?

Sorry for the long time to answer. If the SV_BRANCH reference is updated, the CI checks must be re-run, or the new reference isn't picked up. I checked, and it seems that now it's too late to re-trigger those, so this PR was tests against 1688 only (cf https://github.com/OISF/suricata/actions/runs/8161800992/job/22311336925#step:9:39)

jufajardini avatar Apr 17 '24 02:04 jufajardini

Rebased in https://github.com/OISF/suricata/pull/11667 with new SV test

catenacyber avatar Aug 28 '24 08:08 catenacyber