Snort mailing list archives
stream5 prune_log_max fix
From: Gregory S Thomas <greg.thomas () pnnl gov>
Date: Tue, 19 Feb 2013 17:40:35 -0800
The documentation (snort-2.9.4/doc/README.stream5) says that setting prune_log_max to 0 disables the messages, but this does not work. The source code implements it correctly in one place (snort-2.9.4/src/preprocessors/Stream5/snort_stream5_session.c): 558 if (prune_log_max 559 && ((old_mem_in_use - mem_in_use ) > prune_log_max)) but not in the second place (snort-2.9.4/src/preprocessors/Stream5/snort_stream5_tcp.c): 4582 #define POST_SESSION_CLEANUP(delete_reason) \ 4583 if ((old_mem_in_use - mem_in_use ) > s5_global_eval_config->prune_log_max) \ Changing the code as shown below appears to fix the problem: 4583 if (s5_global_eval_config->prune_log_max && ((old_mem_in_use - mem_in_use ) > s5_global_eval_config->prune_log_max)) \ Please consider incorporating this fix into a future version of snort. Thanks, Greg Thomas ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- stream5 prune_log_max fix Gregory S Thomas (Feb 19)