Skip to content
Snippets Groups Projects
Commit 422b02b1 authored by Pavel Kácha's avatar Pavel Kácha
Browse files

LaBrea: mitigate too big events again

parent 0fbd2b24
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
hp-labrea/labrea-idea.py
+ 2
2
View file @ 422b02b1
...@@ -35,7 +35,7 @@ class WindowContextMgr(object): ...@@ -35,7 +35,7 @@ class WindowContextMgr(object):
self.first_update_queue = OrderedDict() self.first_update_queue = OrderedDict()
self.last_update_queue = OrderedDict() self.last_update_queue = OrderedDict()
# Hammer to mitigate too big events # Hammer to mitigate too big events
self.max_count = 2000 self.max_count = 200
self.max_src_ports = 1024 self.max_src_ports = 1024
def expire_queue(self, queue, window): def expire_queue(self, queue, window):
...@@ -154,7 +154,7 @@ class ConnectContextMgr(WindowContextMgr): ...@@ -154,7 +154,7 @@ class ConnectContextMgr(WindowContextMgr):
ctx["src_ports"].add(event.src_port) ctx["src_ports"].add(event.src_port)
ctx["count"] += 1 ctx["count"] += 1
ctx["last_update"] = self.update_timestamp ctx["last_update"] = self.update_timestamp
return ctx["count"] < self.max_count return len(ctx["tgt_ips_ports"]) < self.max_count
def ctx_close(self, ctx): def ctx_close(self, ctx):
src_ports = ctx["src_ports"] if len(ctx["src_ports"]) <= self.max_src_ports else None src_ports = ctx["src_ports"] if len(ctx["src_ports"]) <= self.max_src_ports else None
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment