git.ipfire.org Git - thirdparty/suricata.git/commit

author	Victor Julien <victor@inliniac.net>
	Tue, 11 Feb 2020 10:55:18 +0000 (11:55 +0100)
committer	Victor Julien <victor@inliniac.net>
	Wed, 12 Feb 2020 11:41:57 +0000 (12:41 +0100)
commit	908ba0f8b49aa1c5fe26e17d569c2e97048c6be2
tree	2a6e291308ef8160932aca1e5088c768d59a3dcb	tree
parent	ac800d0ddf95b1aeeab286f04c727bcffa7d63d4	commit \| diff

nfs: implement post-GAP transaction cleanup

Close all prior transactions in the direction of the GAP, except the
file xfers. Those use their own logic described below.

After a GAP all normal transactions are closed. File transactions
are left open as they can handle GAPs in principle. However, the
GAP might have contained the closing of a file and therefore it
may remain active until the end of the flow.

This patch introduces a time based heuristic for these transactions.
After the GAP all file transactions are stamped with the current
timestamp. If 60 seconds later a file has seen no update, its marked
as closed.

This is meant to fix resource starvation issues observed in long
running SMB sessions where packet loss was causing GAPs. Due to the
similarity of the NFS and SMB parsers, this issue is fixed for NFS
as well in this patch.

Bug #3424.
Bug #3425.

(cherry picked from commit f68c255f090a94162df1fcd7e7262548a2119c50)