diff --git a/.github/workflows/builds.yml b/.github/workflows/builds.yml index b8b02f4a3234..050fa94c45db 100644 --- a/.github/workflows/builds.yml +++ b/.github/workflows/builds.yml @@ -1606,7 +1606,7 @@ jobs: LLVM_PROFILE_FILE: "/tmp/dumpconfig.profraw" - run: llvm-profdata-19 merge -o dumpconfig.profdata /tmp/dumpconfig.profraw - run: llvm-profdata-19 merge -o combined.profdata $(find /tmp/ -name '*.profraw') - - run: llvm-cov-19 export ./src/suricata -instr-profile=combined.profdata -format=lcov --ignore-filename-regex="^/(root|usr|rustc|github)/.*" > coverage.lcov + - run: llvm-cov-19 export ./src/suricata -instr-profile=combined.profdata -format=lcov --ignore-filename-regex="^/(root|usr|rustc|github)/.*" --skip-branches > coverage.lcov - run: | cd rust cargo test --no-run @@ -1620,7 +1620,7 @@ jobs: LLVM_PROFILE_FILE: "/tmp/ct.profraw" CARGO_INCREMENTAL: 0 - run: llvm-profdata-19 merge -o ct.profdata /tmp/ct.profraw - - run: llvm-cov-19 export $(find rust/target/debug/deps/ -type f -regex 'rust/target/debug/deps/suricata\-[a-z0-9]+$') -instr-profile=ct.profdata -format=lcov --ignore-filename-regex="^/(root|usr|rustc|github)/.*" >> coverage.lcov + - run: llvm-cov-19 export $(find rust/target/debug/deps/ -type f -regex 'rust/target/debug/deps/suricata\-[a-z0-9]+$') -instr-profile=ct.profdata -format=lcov --ignore-filename-regex="^/(root|usr|rustc|github)/.*" --skip-branches >> coverage.lcov - name: Upload coverage.lcov artifact uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f with: @@ -1642,11 +1642,11 @@ jobs: parallel: true fail-on-error: false - ubuntu-22-04-cov-pcapunix: - name: Ubuntu 22.04 (unix socket mode coverage) + ubuntu-24-04-cov-pcapunix: + name: Ubuntu 24.04 (unix socket mode coverage) runs-on: ubuntu-latest container: - image: ubuntu:22.04 + image: ubuntu:24.04 options: --privileged needs: [prepare-deps, prepare-cbindgen] steps: @@ -1667,8 +1667,8 @@ jobs: build-essential \ autoconf \ automake \ - llvm-15-dev \ - clang-15 \ + llvm-19-dev \ + clang-19 \ git \ hwloc \ libhwloc-dev \ @@ -1693,7 +1693,6 @@ jobs: libjansson-dev \ libevent-dev \ libevent-pthreads-2.1-7 \ - libpython2.7 \ make \ parallel \ python3-yaml \ @@ -1708,7 +1707,7 @@ jobs: wget # specific version to match up to the llvm version in ubuntu below - name: Install Rust - run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.75.0 -y + run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.85.1 -y - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - run: git config --global --add safe.directory /__w/suricata/suricata - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 @@ -1725,8 +1724,8 @@ jobs: - run: ./autogen.sh - run: ./configure --with-gnu-ld --disable-shared --enable-gccprotect --localstatedir=/var --prefix=/usr --sysconfdir=/etc env: - CC: "clang-15" - CXX: "clang++-15" + CC: "clang-19" + CXX: "clang++-19" RUSTFLAGS: "-C instrument-coverage" CFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0 -g -fno-strict-aliasing" CXXFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0 -g -fno-strict-aliasing" @@ -1734,15 +1733,15 @@ jobs: ac_cv_func_realloc_0_nonnull: "yes" - run: make -j ${{ env.CPUS }} env: - CC: "clang-15" - CXX: "clang++-15" + CC: "clang-19" + CXX: "clang++-19" RUSTFLAGS: "-C instrument-coverage" - run: | ./qa/unix.sh "suricata-verify/" env: LLVM_PROFILE_FILE: "/tmp/unix.profraw" - - run: llvm-profdata-15 merge -o default.profdata $(find /tmp/ -name '*.profraw') - - run: llvm-cov-15 export ./src/suricata -instr-profile=default.profdata -format=lcov --ignore-filename-regex="^/(root|usr|rustc|github)/.*" > coverage.lcov + - run: llvm-profdata-19 merge -o default.profdata $(find /tmp/ -name '*.profraw') + - run: llvm-cov-19 export ./src/suricata -instr-profile=default.profdata -format=lcov --ignore-filename-regex="^/(root|usr|rustc|github)/.*" --skip-branches > coverage.lcov - name: Upload coverage.lcov artifact uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f with: @@ -1764,11 +1763,11 @@ jobs: parallel: true fail-on-error: false - ubuntu-22-04-cov-afpdpdk: - name: Ubuntu 22.04 (afpacket and dpdk coverage) + ubuntu-24-04-cov-afpdpdk: + name: Ubuntu 24.04 (afpacket and dpdk coverage) runs-on: ubuntu-latest container: - image: ubuntu:22.04 + image: ubuntu:24.04 options: --privileged needs: [prepare-deps, prepare-cbindgen] steps: @@ -1788,8 +1787,8 @@ jobs: build-essential \ autoconf \ automake \ - llvm-15-dev \ - clang-15 \ + llvm-19-dev \ + clang-19 \ git \ hwloc \ libhwloc-dev \ @@ -1814,7 +1813,6 @@ jobs: libjansson-dev \ libevent-dev \ libevent-pthreads-2.1-7 \ - libpython2.7 \ make \ parallel \ python3-yaml \ @@ -1830,7 +1828,7 @@ jobs: dpdk-dev # specific version to match up to the llvm version in ubuntu below - name: Install Rust - run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.75.0 -y + run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.85.1 -y - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - run: git config --global --add safe.directory /__w/suricata/suricata - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 @@ -1846,8 +1844,8 @@ jobs: - run: ./autogen.sh - run: ./configure --with-gnu-ld --enable-dpdk --disable-shared --enable-gccprotect --localstatedir=/var --prefix=/usr --sysconfdir=/etc env: - CC: "clang-15" - CXX: "clang++-15" + CC: "clang-19" + CXX: "clang++-19" RUSTFLAGS: "-C instrument-coverage" CFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0 -g -fno-strict-aliasing" CXXFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0 -g -fno-strict-aliasing" @@ -1855,8 +1853,8 @@ jobs: ac_cv_func_realloc_0_nonnull: "yes" - run: make -j ${{ env.CPUS }} env: - CC: "clang-15" - CXX: "clang++-15" + CC: "clang-19" + CXX: "clang++-19" RUSTFLAGS: "-C instrument-coverage" # IDS config - run: | @@ -1898,8 +1896,8 @@ jobs: ./.github/workflows/live/multi-tenant.sh "autofp" env: LLVM_PROFILE_FILE: "/tmp/mt-autofp.profraw" - - run: llvm-profdata-15 merge -o default.profdata $(find /tmp/ -name '*.profraw') - - run: llvm-cov-15 export ./src/suricata -instr-profile=default.profdata -format=lcov --ignore-filename-regex="^/(root|usr|rustc|github)/.*" > coverage.lcov + - run: llvm-profdata-19 merge -o default.profdata $(find /tmp/ -name '*.profraw') + - run: llvm-cov-19 export ./src/suricata -instr-profile=default.profdata -format=lcov --ignore-filename-regex="^/(root|usr|rustc|github)/.*" --skip-branches > coverage.lcov - name: Upload coverage.lcov artifact uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f with: @@ -2140,7 +2138,7 @@ jobs: - run: llvm-profdata-19 merge -o nfq-ips-workers.profdata /tmp/nfq-ips-workers.profraw - run: llvm-profdata-19 merge -o combined.profdata afp-ips.profdata nfq-ips.profdata afp-ips-autofp.profdata nfq-ips-workers.profdata afp-ips-bond1.profdata afp-ips-bond2.profdata - - run: llvm-cov-19 export ./src/suricata -instr-profile=combined.profdata -format=lcov --ignore-filename-regex="^(/github/home/.cargo/.*|/usr/.*|/rustc/.*)" > coverage.lcov + - run: llvm-cov-19 export ./src/suricata -instr-profile=combined.profdata -format=lcov --ignore-filename-regex="^(/github/home/.cargo/.*|/usr/.*|/rustc/.*)" --skip-branches > coverage.lcov - name: Upload coverage.lcov artifact uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f with: @@ -2269,11 +2267,11 @@ jobs: - run: | ./.github/workflows/live/multi-tenant.sh "autofp" - ubuntu-22-04-cov-fuzz: - name: Ubuntu 22.04 (fuzz corpus coverage) + ubuntu-24-04-cov-fuzz: + name: Ubuntu 24.04 (fuzz corpus coverage) runs-on: ubuntu-latest container: - image: ubuntu:22.04 + image: ubuntu:24.04 options: --privileged needs: [prepare-deps, prepare-cbindgen] steps: @@ -2293,8 +2291,8 @@ jobs: build-essential \ autoconf \ automake \ - llvm-15-dev \ - clang-15 \ + llvm-19-dev \ + clang-19 \ git \ hwloc \ libhwloc-dev \ @@ -2318,7 +2316,6 @@ jobs: libjansson-dev \ libevent-dev \ libevent-pthreads-2.1-7 \ - libpython2.7 \ make \ parallel \ python3-yaml \ @@ -2334,7 +2331,7 @@ jobs: dpdk-dev # packaged Rust version is too old for coverage, so get from rustup - name: Install Rust - run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.75.0 -y + run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.85.1 -y - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - run: git config --global --add safe.directory /__w/suricata/suricata - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 @@ -2351,8 +2348,8 @@ jobs: - run: ./configure --enable-warnings --with-gnu-ld --enable-fuzztargets --disable-shared --enable-gccprotect env: LIB_FUZZING_ENGINE: "fail_to_onefile_driver" - CC: "clang-15" - CXX: "clang++-15" + CC: "clang-19" + CXX: "clang++-19" RUSTFLAGS: "-C instrument-coverage" CFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0 -g -fno-strict-aliasing -fsanitize=address -fno-omit-frame-pointer -fPIC -Wno-unused-parameter -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1 -Wimplicit-int-float-conversion -Wimplicit-int-conversion -Werror" CXXFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0 -g -fno-strict-aliasing -fsanitize=address -fno-omit-frame-pointer -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1 -stdlib=libc++ -Wimplicit-int-float-conversion -Wimplicit-int-conversion" @@ -2360,13 +2357,13 @@ jobs: ac_cv_func_realloc_0_nonnull: "yes" - run: make -j ${{ env.CPUS }} env: - CC: "clang-15" - CXX: "clang++-15" + CC: "clang-19" + CXX: "clang++-19" RUSTFLAGS: "-C instrument-coverage" SURICATA_LUA_SYS_CFLAGS: "-fsanitize=address" - run: ./qa/run-ossfuzz-corpus.sh - - run: llvm-profdata-15 merge -o default.profdata $(find /tmp/ -name '*.profraw') - - run: llvm-cov-15 export ./src/suricata -instr-profile=default.profdata -format=lcov --ignore-filename-regex="^/(root|usr|rustc|github)/.*" > coverage.lcov + - run: llvm-profdata-19 merge -o default.profdata $(find /tmp/ -name '*.profraw') + - run: llvm-cov-19 export ./src/suricata -instr-profile=default.profdata -format=lcov --ignore-filename-regex="^/(root|usr|rustc|github)/.*" --skip-branches > coverage.lcov - name: Upload coverage.lcov artifact uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f with: @@ -2395,10 +2392,10 @@ jobs: needs: - fedora-43-sv-codecov - ubuntu-24-04-cov-ut - - ubuntu-22-04-cov-pcapunix - - ubuntu-22-04-cov-afpdpdk + - ubuntu-24-04-cov-pcapunix + - ubuntu-24-04-cov-afpdpdk - ubuntu-latest-namespace-ips - - ubuntu-22-04-cov-fuzz + - ubuntu-24-04-cov-fuzz steps: - name: Finalize Coveralls parallel build uses: coverallsapp/github-action@648a8eb78e6d50909eff900e4ec85cab4524a45b diff --git a/doc/userguide/public-data-sets.rst b/doc/userguide/public-data-sets.rst index 1f2b53e7abfd..b5db0aa084ed 100644 --- a/doc/userguide/public-data-sets.rst +++ b/doc/userguide/public-data-sets.rst @@ -1,18 +1,41 @@ -Public Data Sets -================ +Public Datasets (PCAPs) +======================= -Collections of pcaps for testing and profiling. +Collections of public datasets and packet captures for testing and +profiling. Not to be confused with Suricata ``datasets``. -DARPA sets: https://www.ll.mit.edu/r-d/datasets?author=All&rdarea=All&rdgroup=All&keywords=cyber&tag=All&items_per_page=10 +`MIT Lincoln Laboratory `__ + Cyber-focused datasets from MIT, including DARPA datasets. -MAWI sets (pkt headers only, no payloads): http://mawi.wide.ad.jp/mawi/samplepoint-F/2012/ +`MAWI Samplepoint-F `__ + WIDE transit-link traces (packet headers only; no payloads). -MACCDC: http://www.netresec.com/?page=MACCDC +`MACCDC `__ + Mid-Atlantic Collegiate Cyber Defense Competition traffic captures. -Netresec: http://www.netresec.com/?page=PcapFiles +`Netresec `__ + Public pcap files for network forensics and malware analysis. -Wireshark: https://gitlab.com/wireshark/wireshark/-/wikis/SampleCaptures +`Wireshark Sample Captures `__ + Curated sample captures useful for protocol testing. -Security Onion collection: https://docs.securityonion.net/en/2.4/pcaps.html +`Security Onion PCAP collection `__ + Collection of links and downloads for lab datasets. -Stratosphere IPS. Malware Capture Facility Project: https://stratosphereips.org/category/dataset.html +`Stratosphere IPS Malware Capture Facility `__ + Malware-oriented captures with related dataset material. + +`UNSW-NB15 `__ + UNSW Cyber Range dataset with IXIA-generated benign/attack traffic, + raw pcap captures, and labeled flow-feature CSV files. + +`CIC-IDS2017 `__ + Intrusion Detection Evaluation Dataset + +`CSE-CIC-IDS2018 `__ + CSE-CIC-IDS2018 on AWS: A collaborative project between the + Communications Security Establishment (CSE) & the Canadian + Institute for Cybersecurity (CIC). + +`CIC-DDoS2019 `__ + Dataset containing DDoS attacks resembling true real world data. diff --git a/src/detect-parse.c b/src/detect-parse.c index c2f513ae37ce..43df59f23996 100644 --- a/src/detect-parse.c +++ b/src/detect-parse.c @@ -5112,26 +5112,16 @@ static int SigParseTestAppLayerTLS02(void) */ static int SigParseTestAppLayerTLS03(void) { - int result = 0; - DetectEngineCtx *de_ctx; - Signature *s=NULL; - - de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) - goto end; + DetectEngineCtx *de_ctx = DetectEngineCtxInit(); + FAIL_IF_NULL(de_ctx); de_ctx->flags |= DE_QUIET; - s = SigInit(de_ctx,"alert tls any any -> any any (msg:\"SigParseTestAppLayerTLS03 \"; tls.version:2.5; sid:410006; rev:1;)"); - if (s != NULL) { - SigFree(de_ctx, s); - goto end; - } - - result = 1; -end: - if (de_ctx != NULL) - DetectEngineCtxFree(de_ctx); - return result; + Signature *s = DetectEngineAppendSig(de_ctx, + "alert tls any any -> any any (msg:\"SigParseTestAppLayerTLS03 \"; " + "tls.version:2.5; sid:410006; rev:1;)"); + FAIL_IF_NOT_NULL(s); + DetectEngineCtxFree(de_ctx); + PASS; } static int SigParseTestUnbalancedQuotes01(void) diff --git a/src/runmode-af-xdp.c b/src/runmode-af-xdp.c index 78aa3a360873..606921c3a06a 100644 --- a/src/runmode-af-xdp.c +++ b/src/runmode-af-xdp.c @@ -109,11 +109,11 @@ static TmEcode ConfigSetThreads(AFXDPIfaceConfig *aconf, const char *entry_str) SCReturnInt(TM_ECODE_FAILED); } - const int nr_queues = GetIfaceRSSQueuesNum(aconf->iface); + const uint16_t nr_queues = (uint16_t)GetIfaceRSSQueuesNum(aconf->iface); if (strcmp(entry_str, "auto") == 0) { - const int nr_cores = (int)UtilCpuGetNumProcessorsOnline(); + const uint16_t nr_cores = UtilCpuGetNumProcessorsOnline(); /* Threads limited to MIN(cores vs queues) */ aconf->threads = (nr_cores <= nr_queues) ? nr_cores : nr_queues; @@ -131,7 +131,7 @@ static TmEcode ConfigSetThreads(AFXDPIfaceConfig *aconf, const char *entry_str) if (aconf->threads > nr_queues) { SCLogWarning( - "Selected threads greater than configured queues, using: %d thread(s)", nr_queues); + "Selected threads greater than configured queues, using: %u thread(s)", nr_queues); aconf->threads = nr_queues; } @@ -265,26 +265,26 @@ static void *ParseAFXDPConfig(const char *iface) if (SCConfGetChildValueIntWithDefault( if_root, if_default, "busy-poll-time", &conf_val_int) == 1) { if (conf_val_int) { - aconf->busy_poll_time = conf_val_int; + aconf->busy_poll_time = (uint32_t)conf_val_int; } } if (SCConfGetChildValueIntWithDefault( if_root, if_default, "busy-poll-budget", &conf_val_int) == 1) { if (conf_val_int) { - aconf->busy_poll_budget = conf_val_int; + aconf->busy_poll_budget = (uint32_t)conf_val_int; } } /* 0 value is valid for these Linux tunable's */ if (SCConfGetChildValueIntWithDefault( if_root, if_default, "gro-flush-timeout", &conf_val_int) == 1) { - aconf->gro_flush_timeout = conf_val_int; + aconf->gro_flush_timeout = (uint32_t)conf_val_int; } if (SCConfGetChildValueIntWithDefault( if_root, if_default, "napi-defer-hard-irq", &conf_val_int) == 1) { - aconf->napi_defer_hard_irqs = conf_val_int; + aconf->napi_defer_hard_irqs = (uint32_t)conf_val_int; } } #endif diff --git a/src/source-af-xdp.c b/src/source-af-xdp.c index 91bbd9e9720d..65d4e3b86874 100644 --- a/src/source-af-xdp.c +++ b/src/source-af-xdp.c @@ -423,7 +423,7 @@ static TmEcode ConfigureBusyPolling(AFXDPThreadVars *ptv) static void AFXDPSwitchState(AFXDPThreadVars *ptv, int state) { - ptv->afxdp_state = state; + ptv->afxdp_state = (uint8_t)state; } static TmEcode OpenXSKSocket(AFXDPThreadVars *ptv) diff --git a/src/source-af-xdp.h b/src/source-af-xdp.h index af841ee2f0bc..931f265acf03 100644 --- a/src/source-af-xdp.h +++ b/src/source-af-xdp.h @@ -34,7 +34,7 @@ typedef struct AFXDPIfaceConfig { /* misc use flags */ uint32_t mode; - uint32_t bind_flags; + uint16_t bind_flags; int mem_alignment; bool enable_busy_poll; uint32_t busy_poll_time; diff --git a/src/util-mpm-hs-cache.c b/src/util-mpm-hs-cache.c index 8bdfdfe20a4a..dab8041382e2 100644 --- a/src/util-mpm-hs-cache.c +++ b/src/util-mpm-hs-cache.c @@ -362,7 +362,7 @@ int SCHSCachePruneEvaluate(MpmConfig *mpm_conf, HashTable *inuse_caches) struct dirent *ent; char path[PATH_MAX]; - uint32_t considered = 0, removed = 0; + uint32_t considered = 0, removed_by_age = 0, removed_by_version = 0; const time_t cutoff = now - (time_t)mpm_conf->cache_max_age_seconds; while ((ent = readdir(dir)) != NULL) { const char *name = ent->d_name; @@ -399,7 +399,10 @@ int SCHSCachePruneEvaluate(MpmConfig *mpm_conf, HashTable *inuse_caches) /* coverity[toctou] */ int ret = unlink(path); if (ret == 0 || (ret == -1 && errno == ENOENT)) { - removed++; + if (prune_by_version) + removed_by_version++; + else if (prune_by_age) + removed_by_age++; SCLogDebug("File %s removed because of %s%s%s", path, prune_by_age ? "age" : "", prune_by_age && prune_by_version ? " and " : "", prune_by_version ? "incompatible version" : ""); @@ -411,7 +414,8 @@ int SCHSCachePruneEvaluate(MpmConfig *mpm_conf, HashTable *inuse_caches) PatternDatabaseCache *pd_cache_stats = mpm_conf->cache_stats; if (pd_cache_stats) { - pd_cache_stats->hs_dbs_cache_pruned_cnt = removed; + pd_cache_stats->hs_dbs_cache_pruned_by_age_cnt = removed_by_age; + pd_cache_stats->hs_dbs_cache_pruned_by_version_cnt = removed_by_version; pd_cache_stats->hs_dbs_cache_pruned_considered_cnt = considered; pd_cache_stats->hs_dbs_cache_pruned_cutoff = cutoff; pd_cache_stats->cache_max_age_seconds = mpm_conf->cache_max_age_seconds; @@ -448,17 +452,23 @@ void SCHSCacheStatsPrint(void *data) } if (pd_cache_stats->hs_cacheable_dbs_cnt) { - SCLogInfo("Rule group caching - loaded: %u newly cached: %u total cacheable: %u", + SCLogPerf("rule group caching - loaded: %u newly cached: %u total cacheable: %u", pd_cache_stats->hs_dbs_cache_loaded_cnt, pd_cache_stats->hs_dbs_cache_saved_cnt, pd_cache_stats->hs_cacheable_dbs_cnt); } if (pd_cache_stats->hs_dbs_cache_pruned_considered_cnt) { - SCLogInfo("Rule group cache pruning removed %u/%u of HS caches due to " - "version-incompatibility (not v%s) or " - "age (older than %s)", - pd_cache_stats->hs_dbs_cache_pruned_cnt, - pd_cache_stats->hs_dbs_cache_pruned_considered_cnt, HS_CACHE_FILE_VERSION, - time_str); + if (pd_cache_stats->hs_dbs_cache_pruned_by_version_cnt) { + SCLogInfo("rule group cache pruning removed %u/%u of HS caches due to " + "version-incompatibility (not v%s)", + pd_cache_stats->hs_dbs_cache_pruned_by_version_cnt, + pd_cache_stats->hs_dbs_cache_pruned_considered_cnt, HS_CACHE_FILE_VERSION); + } + if (pd_cache_stats->hs_dbs_cache_pruned_by_age_cnt) { + SCLogInfo("rule group cache pruning removed %u/%u of HS caches due to " + "age (older than %s)", + pd_cache_stats->hs_dbs_cache_pruned_by_age_cnt, + pd_cache_stats->hs_dbs_cache_pruned_considered_cnt, time_str); + } } } diff --git a/src/util-mpm-hs-core.h b/src/util-mpm-hs-core.h index 8392127cf352..0e81beabd587 100644 --- a/src/util-mpm-hs-core.h +++ b/src/util-mpm-hs-core.h @@ -93,7 +93,8 @@ typedef struct PatternDatabaseCache_ { uint32_t hs_cacheable_dbs_cnt; uint32_t hs_dbs_cache_loaded_cnt; uint32_t hs_dbs_cache_saved_cnt; - uint32_t hs_dbs_cache_pruned_cnt; + uint32_t hs_dbs_cache_pruned_by_age_cnt; + uint32_t hs_dbs_cache_pruned_by_version_cnt; uint32_t hs_dbs_cache_pruned_considered_cnt; time_t hs_dbs_cache_pruned_cutoff; uint64_t cache_max_age_seconds;