Maximum number of bytes users should be able to allocate

When constructing a Bloom filter, users specify a desired
false-positive rate and a capacity (max number of elements which
guarantee the FP rate), which the implementation uses to allocate
internal storage. Imprudent parametrization can lead to values beyond
the machines memory limits, which would immediately crash Bro. Should
we expect that users only do reasonable parametrizations by clearly
documenting the effects of the parameters? Or should we create hard
caps in the implementation to avoid users shooting themselves in the
foot?

    Matthias

Hi,

That would be my preference. It's hard to protect against users doing
something unreasonable, and we have plenty other opportunities for
that already. :slight_smile: Caps tend to eventually cause problems somewhere.

Robin

That would be my preference. It's hard to protect against users doing
something unreasonable, and we have plenty other opportunities for
that already.

'K, I'll go down this path.

    Matthias