[Snort-devel] Bug in spp_session.c/initSessionCache? (assigning value to cleanup_sessions)

Gaurav Nagare (gnagare) gnagare at ...3461...
Sun May 1 14:48:46 EDT 2016

Hello James,

Thanks for sharing your observations. We'll take a look and try to address in next release.

However, as you may have noted from code and snort.conf that default value for `max_sessions` is much higher hence would not cause `cleanup_session > max_sessions`.



From: James McLaughlin <jmclaughlin at ...3646...<mailto:jmclaughlin at ...3647....>>
Date: Monday, 25 April 2016 at 8:57 PM
To: "snort-devel at lists.sourceforge.net<mailto:snort-devel at ...362....net>" <snort-devel at lists.sourceforge.net<mailto:snort-devel at ...2763...rge.net>>
Subject: [Snort-devel] Bug in spp_session.c/initSessionCache? (assigning value to cleanup_sessions)

In initSessionCache, we have the following block of code:

            if( cleanup_sessions < ( 2 * max_sessions ) )
                sessionCache->cleanup_sessions = cleanup_sessions;
                sessionCache->cleanup_sessions = ( max_sessions / 2 );
            if( sessionCache->cleanup_sessions == 0 )
                sessionCache->cleanup_sessions = 1;

Going by the contents of the else block, the low default value of cleanup_sessions, and the fact that this allows cleanup_sessions to exceed max_sessions... this looks like it should begin:

            if( (2 * cleanup_sessions) <= max_sessions)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20160501/e38004fb/attachment.html>

More information about the Snort-devel mailing list