Snort mailing list archives

Previous By Date Next
Previous By Thread Next

stream5 prune_log_max fix

From: Gregory S Thomas <greg.thomas () pnnl gov>
Date: Tue, 19 Feb 2013 17:40:35 -0800
The documentation (snort-2.9.4/doc/README.stream5) says that setting prune_log_max to 0 disables the messages, but this 
does not work.  The source code implements it correctly in one place 
(snort-2.9.4/src/preprocessors/Stream5/snort_stream5_session.c):

  558     if (prune_log_max
  559             && ((old_mem_in_use - mem_in_use ) > prune_log_max))

but not in the second place (snort-2.9.4/src/preprocessors/Stream5/snort_stream5_tcp.c):

4582 #define POST_SESSION_CLEANUP(delete_reason) \
4583     if ((old_mem_in_use - mem_in_use ) > s5_global_eval_config->prune_log_max) \

Changing the code as shown below appears to fix the problem:

4583     if (s5_global_eval_config->prune_log_max && ((old_mem_in_use - mem_in_use ) > 
s5_global_eval_config->prune_log_max)) \

Please consider incorporating this fix into a future version of snort.

Thanks,

Greg Thomas

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: