PR: https://github.com/OpenNMS/opennms/pull/2840

The way the classification engine works internally is, that all rules are mapped to actual ports, even if they define a range of port. The idea behind this is, that while classifying an incoming request the ports are known and the lookup is very fast (only 2 lookups -> src & dst ports).

A Rule on the other hand is converted to a list of matchers.
A rule defining a port, protocol and ip address is converted to 3 matchers, where each is determing if parts of the incoming request match:

• is port matching

• is protocol matching

• is ip matching

Internally, if a rule is defining a port range, let's say 1-65535 the rule is duplicated 65535 times (resulting in a total of 65536 rules) and applied to mapped port. But with the duplication of each rule also the number of classifiers is duplicated, thus resulting in a huge increase in memory consumption.

For a rule which defines a protocol, an ip address and applies to ALL ports, the memory impact for the current implementation is roughly: 20 MB.

Please note if omnidirectional is set to true, the number of rules is doubled, resulting in doubling the memory usage for the classification rules.