[Oisf-users] Suricata 4.0.0 - bypass/performance issue

Cooper F. Nelson cnelson at ucsd.edu
Wed Jul 19 15:44:19 UTC 2017


The file extraction stream tracking 'bypass bypass' feature is broken as
well, so I wonder if these issues are related.

I'm still seeing the stats counter 'flow_mgr.bypassed_pruned' increment
in my version, were you seeing that as well prior to reverting the patch?

-Coop

On 7/19/2017 8:27 AM, Martin Petracek wrote:
> I guess I might be missing some information as bypass is sometimes
> activated too early (as stated in commit description), but I still think
> that the performance difference is too big penalty for this.
>
> Oh, I should also mention that I'm using suricata without any rules,
> just to perform deep-packet-inspection and get HTTP/TLS/DNS information.
> I'm getting these information still, even with this patch. I think the
> information drop could be important with some rules.
>
> Isn't the condition in that patch maybe too strict? Or is my use case
> just that uncommon?
>
> Thanks!
>
> Regards
> Martin Petracek


-- 
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170719/9d37daa9/attachment-0002.sig>


More information about the Oisf-users mailing list