git.ipfire.org Git - thirdparty/suricata.git/commit

author	Victor Julien <victor@inliniac.net>
	Tue, 11 Feb 2020 10:55:18 +0000 (11:55 +0100)
committer	Victor Julien <victor@inliniac.net>
	Wed, 12 Feb 2020 12:06:45 +0000 (13:06 +0100)
commit	726d326084d6a0bd98c0247f893cb6f4fcc81cff
tree	587949dac7540adbd97446fdfcb2bd58aba13d05	tree
parent	22af774800f9ed16be93a5cc8ad9927d0d7ca44f	commit \| diff

nfs: implement post-GAP transaction cleanup

Close all prior transactions in the direction of the GAP, except the
file xfers. Those use their own logic described below.

After a GAP all normal transactions are closed. File transactions
are left open as they can handle GAPs in principle. However, the
GAP might have contained the closing of a file and therefore it
may remain active until the end of the flow.

This patch introduces a time based heuristic for these transactions.
After the GAP all file transactions are stamped with the current
timestamp. If 60 seconds later a file has seen no update, its marked
as closed.

This is meant to fix resource starvation issues observed in long
running SMB sessions where packet loss was causing GAPs. Due to the
similarity of the NFS and SMB parsers, this issue is fixed for NFS
as well in this patch.

Bug #3424.
Bug #3425.

(cherry picked from commit f68c255f090a94162df1fcd7e7262548a2119c50)