What are the limits on `xbits`?

I have certain connections that sometimes use SNI but other times don’t. When they don’t use SNI the connections get blocked. To get around this and make sure they are allowed every time, I have come up with a solution using the xbits keyword to allow any destination IP that presents an allowed SNI value for the next X seconds. I have two questions:

How many different destination IPs can xbits track at once? I am hoping to be able to track thousands of destination IPs at a time.
How long can xbits track destination IPs? I would like to set the expire value to possibly be as high as 24 hours.

Thank you in advance!

They are/can be affected by the following settings (in terms of diff destinations):

In terms of time - i actually never tested the upper limits but have previously used 24hrs.

First of all, don’t double/crosspost.

I think, given that fact that there is a usecase in the firewall mode, you could create a feature request to implement the exact reset trigger.

Keep in mind that the original purpose of signatures are for IDS and IPS mode and Suricata initially was not meant to be a firewall replacement.