[Bro-Dev] Maximum number of bytes users should be able to allocate

David Mandelberg david at mandelberg.org
Thu Jun 6 15:39:24 PDT 2013


On Thu, 6 Jun 2013 14:05:48 -0700, Matthias Vallentin <vallentin at icir.org>
> When constructing a Bloom filter, users specify a desired
> false-positive rate and a capacity (max number of elements which
> guarantee the FP rate), which the implementation uses to allocate
> internal storage. Imprudent parametrization can lead to values beyond
> the machines memory limits, which would immediately crash Bro. Should
> we expect that users only do reasonable parametrizations by clearly
> documenting the effects of the parameters? Or should we create hard
> caps in the implementation to avoid users shooting themselves in the
> foot?

If you do decide to have hard caps, could those caps be easily
configurable? An amount that might crash on one machine today could be
entirely reasonable on another in a few years (or even on a more expensive
machine today).

David Eric Mandelberg / dseomn

More information about the bro-dev mailing list