git.ipfire.org Git - thirdparty/suricata.git/commit

author	Victor Julien <victor@inliniac.net>
	Tue, 21 Jan 2020 11:20:40 +0000 (12:20 +0100)
committer	Victor Julien <victor@inliniac.net>
	Wed, 29 Jan 2020 06:23:29 +0000 (07:23 +0100)
commit	060781cef88f228091fe9799eeb1eac9e1577c31
tree	39ee7aecff9b4f8a7156a475c502bcc83e7edf8a	tree
parent	95a408f77d051ca8b3d18b57ab3b9e96eae9c886	commit \| diff

smb: handle file transactions post-GAP

After a GAP all normal transactions are closed. File transactions
are left open as they can handle GAPs in principle. However, the
GAP might have contained the closing of a file and therefore it
may remain active until the end of the flow.

This patch introduces a time based heuristic for these transactions.
After the GAP all file transactions are stamped with the current
timestamp. If 60 seconds later a file has seen no update, its marked
as closed.

This is meant to fix resource starvation issues observed in long
running SMB sessions where packet loss was causing GAPs.

rust/src/smb/files.rs		diff \| blob \| blame \| history
rust/src/smb/smb.rs		diff \| blob \| blame \| history