String: Support longer exact match strings #2069
Conversation
kevsecurity
added
the
release-note/minor
kevsecurity
force-pushed
the
pr/kevsecurity/string-match-hash-longer
branch
from
8c7b84e
to
1883303
Compare
kevsecurity
force-pushed
the
pr/kevsecurity/string-match-hash-longer
branch
3 times, most recently
from
4e697e9
to
f1c95b2
Compare
String matching is limited to strings of length 144 due to the way the hash look up tables were implemented (6 key sizes, 24 byte increments). This commit adds maps to support larger key/string sizes: 256, 512, 1024, 2048, and 4096. This will therefore permit exact string matches for strings of length up to 4096 (not including null terminator). Unfortunately, kernels v5.10 and lower restrict hash key lengths to 512 bytes, so on these kernels the maximum string length is 510 characters (512 - 2 bytes for embedded string length). And on older kernels (<5.3) the instruction and complexity limits mean the new approach is not feasible. Therefore on these kernels, the maximum string length is 144 characters (as before). Includes tests at map limits. Signed-off-by: Kevin Sheldrake <kevin.sheldrake@isovalent.com>
kevsecurity
force-pushed
the
pr/kevsecurity/string-match-hash-longer
branch
from
f1c95b2
to
1299574
Compare
Hi! Thanks for this fix. Would it be possible to not store paths in the strings table, rather in another table that's keyed by a |
I think that's a different use case. I'll have a think and chat with some colleagues to see if that's possible. |
String matching is limited to strings of length 144 due to the way the hash look up tables were implemented (6 key sizes, 24 byte increments).
This commit adds maps to support larger key/string sizes: 256, 512, 1024, 2048, and 4096. This will therefore permit exact string matches for strings of length up to 4096 (not including null terminator).
Includes tests at map limits.