RFC: config: aggregate mpm/spm options under the detect node v1#14902
Draft
RFC: config: aggregate mpm/spm options under the detect node v1#14902
Conversation
|
Information: QA skipped due to tag. Set to force a run. Pipeline = skip |
jasonish
reviewed
Feb 25, 2026
| cache: | ||
| # Cache MPM contexts to the disk to avoid rule compilation at the startup. | ||
| # Cache files are created in the standard library directory. | ||
| enabled: yes |
Member
There was a problem hiding this comment.
Not really specific to this PR, but is the cache enabled by default even if this is commented out?
Contributor
Author
There was a problem hiding this comment.
yes, starting in Suricata 8, if the caching folder is available/writeable.
Member
There was a problem hiding this comment.
We can comment it out then. This helps us make sure defaults are actually defaults, and not just a default because they are set that way in the configuration file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
As a follow-up on Victor's suggestions in #14838 I present the aggregated MPM/SPM configuration options under the detect node. I picked:
Victor only suggested aggregating the caching options, but I thought I would take it a step further with the other MPM/SPM options too.
Redmine ticket https://redmine.openinfosecfoundation.org/issues/8324
The main question is whether this is "too much" or if you see it as a valid improvement. I like it this way, but I understand it might bring some unneeded hurdles when converting from one major version to another. On the other hand, upgrading to a new major version should be done with caution, ideally manually, so I don't see it as a big deal.