`http2.max-streams` refers to `SETTINGS_MAX_CONCURRENT_STREAMS` from rfc 7540 section 6.5.2.
Its default value is unlimited.
-Configure MQTT
-~~~~~~~~~~~~~~
-
-MQTT has one parameter that can be customized.
-`mqtt.max-tx` refers to the maximum number of live transactions for each flow.
-The app-layer event `mqtt.too_many_transactions` is triggered when this value is reached.
-The point of this parameter is to find a balance between the completeness of analysis
-and the resource consumption.
-
-Configure FTP
-~~~~~~~~~~~~~
+Maximum transactions
+~~~~~~~~~~~~~~~~~~~~
-FTP has one parameter that can be customized.
-`ftp.max-tx` refers to the maximum number of live transactions for each flow.
+MQTT, FTP, and NFS have each a `max-tx` parameter that can be customized.
+`max-tx` refers to the maximum number of live transactions for each flow.
+An app-layer event `protocol.too_many_transactions` is triggered when this value is reached.
The point of this parameter is to find a balance between the completeness of analysis
and the resource consumption.
#
alert nfs any any -> any any (msg:"SURICATA NFS malformed request data"; flow:to_server; app-layer-event:nfs.malformed_data; classtype:protocol-command-decode; sid:2223000; rev:1;)
alert nfs any any -> any any (msg:"SURICATA NFS malformed response data"; flow:to_client; app-layer-event:nfs.malformed_data; classtype:protocol-command-decode; sid:2223001; rev:1;)
+alert nfs any any -> any any (msg:"SURICATA NFS too many transactions"; app-layer-event:nfs.too_many_transactions; classtype:protocol-command-decode; sid:2223002; rev:1;)
pub const NFS_MIN_FRAME_LEN: u16 = 32;
+static mut NFS_MAX_TX: usize = 1024;
+
static mut ALPROTO_NFS: AppProto = ALPROTO_UNKNOWN;
/*
* Record parsing.
MalformedData = 0,
NonExistingVersion = 1,
UnsupportedVersion = 2,
+ TooManyTransactions = 3,
}
#[derive(Debug)]
let mut tx = NFSTransaction::new();
self.tx_id += 1;
tx.id = self.tx_id;
+ if self.transactions.len() > unsafe { NFS_MAX_TX } {
+ // set at least one another transaction to the drop state
+ for tx_old in &mut self.transactions {
+ if !tx_old.request_done || !tx_old.response_done {
+ tx_old.request_done = true;
+ tx_old.response_done = true;
+ tx_old.is_file_closed = true;
+ tx_old.tx_data.set_event(NFSEvent::TooManyTransactions as u8);
+ break;
+ }
+ }
+ }
return tx;
}
{
let _ = AppLayerRegisterParser(&parser, alproto);
}
+ if let Some(val) = conf_get("app-layer.protocols.nfs.max-tx") {
+ if let Ok(v) = val.parse::<usize>() {
+ NFS_MAX_TX = v;
+ } else {
+ SCLogError!("Invalid value for nfs.max-tx");
+ }
+ }
SCLogDebug!("Rust nfs parser registered.");
} else {
SCLogDebug!("Protocol detector and parser disabled for nfs.");
projects / people / ms / suricata.git / commitdiff
