Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dns: store transaction in a VecDeque #7300

Closed
wants to merge 1 commit into from
Closed

dns: store transaction in a VecDeque #7300

wants to merge 1 commit into from

Conversation

catenacyber
Copy link
Contributor

Link to redmine ticket:
https://redmine.openinfosecfoundation.org/issues/5271

Describe changes:

  • dns: store transaction in a VecDeque

Replaces #7245 with rebase to get better CI

@jasonish do you want to make something more generic cf https://redmine.openinfosecfoundation.org/issues/5278 ?

@catenacyber
dns: store transaction in a VecDeque
68a48b6 
instead of a simple Vector.

So that, when many old transactions get removed, suricata does not
spend much time in moving the contents of the vector, as it removes
the transaciton one by one...
@catenacyber catenacyber mentioned this pull request Apr 25, 2022
Closed
@catenacyber
Copy link
Contributor Author

Closing in favor of Jason ish work to come

jasonish added a commit to jasonish/suricata that referenced this pull request Nov 27, 2024
@jasonish
output-json: drop eve records that are too long
06eb242 
In the situation where the mem buffer cannot be expanded to the
requested size, log a one time warning per JSON logger with bit of the
log message that is being dropped, then return.

This also fixes the call to MemBufferExpand which is supposed by
passed the amount to expand by, not the new size required.

Ticket: OISF#7300
jasonish added a commit to jasonish/suricata that referenced this pull request Nov 27, 2024
@jasonish
output-json: drop eve records that are too long
8dcd249 
In the situation where the mem buffer cannot be expanded to the
requested size, drop the log message.

For each JSON log context, a warning will be emitted once with a partial
bit of the log record being dropped to identify what event types may be
leading to large log records.

This also fixes the call to MemBufferExpand which is supposed be
passed the amount to expand by, not the new size required.

Ticket: OISF#7300
@jasonish jasonish mentioned this pull request Nov 27, 2024
Closed
jasonish added a commit to jasonish/suricata that referenced this pull request Nov 28, 2024
@jasonish
output-json: drop eve records that are too long
a392204 
In the situation where the mem buffer cannot be expanded to the
requested size, drop the log message.

For each JSON log context, a warning will be emitted once with a partial
bit of the log record being dropped to identify what event types may be
leading to large log records.

This also fixes the call to MemBufferExpand which is supposed be
passed the amount to expand by, not the new size required.

Ticket: OISF#7300
victorjulien pushed a commit to victorjulien/suricata that referenced this pull request Nov 28, 2024
@jasonish @victorjulien
output-json: drop eve records that are too long
d39e427 
In the situation where the mem buffer cannot be expanded to the
requested size, drop the log message.

For each JSON log context, a warning will be emitted once with a partial
bit of the log record being dropped to identify what event types may be
leading to large log records.

This also fixes the call to MemBufferExpand which is supposed be
passed the amount to expand by, not the new size required.

Ticket: OISF#7300
Kotodian pushed a commit to QianKaiLin/suricata that referenced this pull request Dec 1, 2024
@jasonish @QianKaiLin
output-json: drop eve records that are too long
2fc8c37 
In the situation where the mem buffer cannot be expanded to the
requested size, drop the log message.

For each JSON log context, a warning will be emitted once with a partial
bit of the log record being dropped to identify what event types may be
leading to large log records.

This also fixes the call to MemBufferExpand which is supposed be
passed the amount to expand by, not the new size required.

Ticket: OISF#7300
jasonish added a commit to jasonish/suricata that referenced this pull request Dec 2, 2024
@jasonish
output-json: drop eve records that are too long
3715fe3 
In the situation where the mem buffer cannot be expanded to the
requested size, drop the log message.

For each JSON log context, a warning will be emitted once with a partial
bit of the log record being dropped to identify what event types may be
leading to large log records.

This also fixes the call to MemBufferExpand which is supposed be
passed the amount to expand by, not the new size required.

Ticket: OISF#7300
(cherry picked from commit d39e427)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasonish jasonish Awaiting requested review from jasonish jasonish will be requested when the pull request is marked ready for review jasonish is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@catenacyber