git.ipfire.org Git - thirdparty/suricata.git/commit

author	Eric Leblond <eric@regit.org>
	Fri, 7 Feb 2020 23:05:01 +0000 (00:05 +0100)
committer	Victor Julien <victor@inliniac.net>
	Sat, 25 Apr 2020 17:53:39 +0000 (19:53 +0200)
commit	bec59f52755509c496b48b9c426054664ab482c8
tree	c4ef2c80480cbd39f15453963351db0bc14edb21	tree
parent	dbefc00255bec1b19b8e06504d5117137f96d111	commit \| diff

app-layer-expectation: clean expectation and add limits

When a flow timeout, we can have still existing expectations that
are linked to this flow. Given that there is a delay between the
real ending of the flow and its destruction by Suricata, the
expectation should be already honored so we can assume the risk
to clean the expectations that have been triggered by the
to-be-deleted flow.

This patch introduces a limitation in term of number of
expectations attached to one IPPair. This is done using
a circle list so we have a FIFO approach on expectation
handling.

Circleq list code is copied from BSD code like was pre existing code
in queue.h.

(cherry picked from commit a4cea196c0ea9aa5f2b34a43140056d689003c13)
(cherry picked from commit 230dbafa22dc015552ec73a3b0eb70e209ed2190)

Commits squashed to avoid circular dependeny by Victor Julien.

src/app-layer-expectation.c		diff \| blob \| blame \| history
src/app-layer-expectation.h		diff \| blob \| blame \| history
src/flow.c		diff \| blob \| blame \| history
src/flow.h		diff \| blob \| blame \| history
src/queue.h		diff \| blob \| blame \| history