datasets: set higher hashsize limits

To avoid possible upgrade issues, allow higher defaults than in the master branch. Add some upgrade guidance and a note that defaults will probably be further reduced.
8 months ago · d86c5f9f0c
parent e28c8c655a
commit d86c5f9f0c
3 changed files with 21 additions and 4 deletions
--- a/doc/userguide/upgrade.rst
+++ b/doc/userguide/upgrade.rst
@ -44,6 +44,21 @@ Upgrading to 7.0.9
  been added, ``v2-block-size`` which can be used to tune this value
  for TPACKET_V2. Due to the increased block size, memory usage has
  been increased, but should not be an issue in most cases.
+- Datasets specifying a custom `hashsize` will now be limited to 262144 by default.
+  Additionally, the cumulative hash sizes for all datasets in use should not exceed
+  67108864. These settings can be changed with the following settings.
+
+  .. code-block:: yaml
+
+    datasets:
+      # Limits for per rule dataset instances to avoid rules using too many
+      # resources.
+      # Note: in Suricata 8 the built-in default will be set to lower values.
+      limits:
+        # Max value for per dataset `hashsize` setting
+        #single-hashsize: 262144
+        # Max combined hashsize values for all datasets.
+        #total-hashsizes: 67108864

 Upgrading to 7.0.8
 ------------------
--- a/src/datasets.c
+++ b/src/datasets.c
@ -45,8 +45,9 @@ SCMutex sets_lock = SCMUTEX_INITIALIZER;
 static Dataset *sets = NULL;
 static uint32_t set_ids = 0;

-uint32_t dataset_max_one_hashsize = 65536;
-uint32_t dataset_max_total_hashsize = 16777216;
+/* 4x what we set in master to allow a smoother upgrade path */
+uint32_t dataset_max_one_hashsize = 262144;
+uint32_t dataset_max_total_hashsize = 67108864;
 uint32_t dataset_used_hashsize = 0;

 static int DatasetAddwRep(Dataset *set, const uint8_t *data, const uint32_t data_len,
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@ -1190,11 +1190,12 @@ datasets:

  # Limits for per rule dataset instances to avoid rules using too many
  # resources.
+  # Note: in Suricata 8 the built-in default will be set to lower values.
  limits:
    # Max value for per dataset `hashsize` setting
-    #single-hashsize: 65536
+    #single-hashsize: 262144
    # Max combined hashsize values for all datasets.
-    #total-hashsizes: 16777216
+    #total-hashsizes: 67108864

  rules:
    # Set to true to allow absolute filenames and filenames that use