git.ipfire.org Git - thirdparty/suricata.git/commit

author	Victor Julien <victor@inliniac.net>
	Tue, 21 Jan 2020 11:20:40 +0000 (12:20 +0100)
committer	Victor Julien <victor@inliniac.net>
	Tue, 28 Jan 2020 15:04:23 +0000 (16:04 +0100)
commit	d41aeccea459e52fc2c1a6fa2ce1000973651001
tree	d1cdbc72ada777a2f606f0d4a16d46af2ee6001d	tree
parent	80cafb2979f2559852a08e081f8df8ebd3e8b097	commit \| diff

smb: handle file transactions post-GAP

After a GAP all normal transactions are closed. File transactions
are left open as they can handle GAPs in principle. However, the
GAP might have contained the closing of a file and therefore it
may remain active until the end of the flow.

This patch introduces a time based heuristic for these transactions.
After the GAP all file transactions are stamped with the current
timestamp. If 60 seconds later a file has seen no update, its marked
as closed.

This is meant to fix resource starvation issues observed in long
running SMB sessions where packet loss was causing GAPs.

rust/src/smb/files.rs		diff \| blob \| blame \| history
rust/src/smb/smb.rs		diff \| blob \| blame \| history