[Oisf-devel] Extremely long startup times on latest git
Victor Julien
victor at inliniac.net
Sun Sep 18 23:08:52 UTC 2011
On 09/18/2011 08:06 PM, Martin Holste wrote:
> I'm seeing load times of greater than a half hour with a standard
> setup, using default config values:
>
> [25718] 18/9/2011 -- 11:25:53 - (detect.c:2440) <Info>
> (SigAddressPrepareStage1) -- 9301 signatures processed. 2013 are
> IP-only rules, 2796 are inspecting packet payload, 2739 inspect
> application layer, 0 are decoder/engine/stream event only
> [25718] 18/9/2011 -- 11:25:53 - (detect.c:2443) <Info>
> (SigAddressPrepareStage1) -- building signature grouping structure,
> stage 1: adding signatures to signature source addresses... complete
> [25718] 18/9/2011 -- 11:31:53 - (detect.c:3085) <Info>
> (SigAddressPrepareStage2) -- building signature grouping structure,
> stage 2: building source address list... complete
> [25718] 18/9/2011 -- 11:59:07 - (detect.c:3642) <Info>
> (SigAddressPrepareStage3) -- MPM memory 330428951 (dynamic 330428951,
> ctxs 0, avg per ctx 0)
> [25718] 18/9/2011 -- 11:59:07 - (detect.c:3644) <Info>
> (SigAddressPrepareStage3) -- max sig id 9301, array size 1163
> [25718] 18/9/2011 -- 11:59:07 - (detect.c:3655) <Info>
> (SigAddressPrepareStage3) -- building signature grouping structure,
> stage 3: building destination address lists... complete
>
> I think 6 minutes is a pretty long time to compile signatures (stage
> 1), but I've seen that before. Why does it take 28 minutes to build a
> source address list? I'm using the standard ET ruleset.
This may be related to a change I did to allow ports in "ip only"
signatures. Bugs in that code have caused issues like this before.
My code is at commit e13181496c435f5a6b401faf7d40298608d3314c
Can you test with and without that?
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list