#[cfg(feature = "debug")]
pub fn _debug_state_stats(&self) {
- SCLogDebug!("ssn2vec_map {} guid2name_cache {} read_offset_cache {} ssn2tree_map {} ssnguid2vec_map {} file_ts_guid {} file_tc_guid {} transactions {}",
+ SCLogDebug!("ssn2vec_map {} guid2name_cache {} read_offset_cache {} ssn2tree_cache {} ssnguid2vec_map {} file_ts_guid {} file_tc_guid {} transactions {}",
self.ssn2vec_map.len(),
self.guid2name_cache.len(),
self.read_offset_cache.len(),
- self.ssn2tree_map.len(),
+ self.ssn2tree_cache.len(),
self.ssnguid2vec_map.len(),
self.file_ts_guid.len(),
self.file_tc_guid.len(),
pub static mut SMB_CFG_MAX_GUID_CACHE_SIZE: usize = 1024;
/// SMBState::read_offset_cache
pub static mut SMB_CFG_MAX_READ_OFFSET_CACHE_SIZE: usize = 128;
+/// For SMBState::ssn2tree_cache
+pub static mut SMB_CFG_MAX_TREE_CACHE_SIZE: usize = 512;
static mut ALPROTO_SMB: AppProto = ALPROTO_UNKNOWN;
/// map ssn key to read offset
pub read_offset_cache: LruCache<SMBCommonHdr, SMBFileGUIDOffset>,
-
- pub ssn2tree_map: HashMap<SMBCommonHdr, SMBTree>,
+ /// Map session key to SMBTree
+ pub ssn2tree_cache: LruCache<SMBCommonHdr, SMBTree>,
// store partial data records that are transferred in multiple
// requests for DCERPC.
ssn2vec_map:HashMap::new(),
guid2name_cache:LruCache::new(NonZeroUsize::new(unsafe { SMB_CFG_MAX_GUID_CACHE_SIZE }).unwrap()),
read_offset_cache:LruCache::new(NonZeroUsize::new(unsafe { SMB_CFG_MAX_READ_OFFSET_CACHE_SIZE }).unwrap()),
- ssn2tree_map:HashMap::new(),
+ ssn2tree_cache:LruCache::new(NonZeroUsize::new(unsafe { SMB_CFG_MAX_TREE_CACHE_SIZE }).unwrap()),
ssnguid2vec_map:HashMap::new(),
skip_ts:0,
skip_tc:0,
// if complete.
let tree_key = SMBCommonHdr::new(SMBHDR_TYPE_SHARE,
r.ssn_id as u64, r.tree_id as u32, 0);
- let is_pipe = match self.ssn2tree_map.get(&tree_key) {
+ let is_pipe = match self.ssn2tree_cache.get(&tree_key) {
Some(n) => n.is_pipe,
None => false,
};
if r.command == SMB1_COMMAND_READ_ANDX {
let tree_key = SMBCommonHdr::new(SMBHDR_TYPE_SHARE,
r.ssn_id as u64, r.tree_id as u32, 0);
- let is_pipe = match self.ssn2tree_map.get(&tree_key) {
+ let is_pipe = match self.ssn2tree_cache.get(&tree_key) {
Some(n) => n.is_pipe,
None => false,
};
SCLogError!("Invalid max-read-offset-cache-size value");
}
}
+ let retval = conf_get("app-layer.protocols.smb.max-tree-cache-size");
+ if let Some(val) = retval {
+ if let Ok(v) = val.parse::<usize>() {
+ if v > 0 {
+ SMB_CFG_MAX_TREE_CACHE_SIZE = v;
+ } else {
+ SCLogError!("Invalid max-tree-cache-size value");
+ }
+ } else {
+ SCLogError!("Invalid max-tree-cache-size value");
+ }
+ }
SCLogConfig!("read: max record size: {}, max queued chunks {}, max queued size {}",
SMB_CFG_MAX_READ_SIZE, SMB_CFG_MAX_READ_QUEUE_CNT, SMB_CFG_MAX_READ_QUEUE_SIZE);
SCLogConfig!("write: max record size: {}, max queued chunks {}, max queued size {}",
},
SMB1_COMMAND_TREE_DISCONNECT => {
let tree_key = SMBCommonHdr::from1(r, SMBHDR_TYPE_SHARE);
- state.ssn2tree_map.remove(&tree_key);
+ state.ssn2tree_cache.pop(&tree_key);
false
},
SMB1_COMMAND_CLOSE => {
if found {
let tree = SMBTree::new(share_name.to_vec(), is_pipe);
let tree_key = SMBCommonHdr::from1(r, SMBHDR_TYPE_SHARE);
- state.ssn2tree_map.insert(tree_key, tree);
+ state.ssn2tree_cache.put(tree_key, tree);
}
found
},
// normally removed when processing request,
// but in case we missed that try again here
let tree_key = SMBCommonHdr::from1(r, SMBHDR_TYPE_SHARE);
- state.ssn2tree_map.remove(&tree_key);
+ state.ssn2tree_cache.pop(&tree_key);
false
},
SMB1_COMMAND_NT_CREATE_ANDX => {
};
if !found {
let tree_key = SMBCommonHdr::from1(r, SMBHDR_TYPE_SHARE);
- let (share_name, is_pipe) = match state.ssn2tree_map.get(&tree_key) {
+ let (share_name, is_pipe) = match state.ssn2tree_cache.get(&tree_key) {
Some(n) => (n.name.to_vec(), n.is_pipe),
None => (Vec::new(), false),
};
SCLogDebug!("SMBv1 READ: FID {:?} offset {}", file_fid, offset);
let tree_key = SMBCommonHdr::from1(r, SMBHDR_TYPE_SHARE);
- let (is_pipe, share_name) = match state.ssn2tree_map.get(&tree_key) {
+ let (is_pipe, share_name) = match state.ssn2tree_cache.get(&tree_key) {
Some(n) => (n.is_pipe, n.name.to_vec()),
_ => { (false, Vec::new()) },
};
SCLogDebug!("existing file tx? {}", found);
if !found {
let tree_key = SMBCommonHdr::from2(r, SMBHDR_TYPE_SHARE);
- let (share_name, mut is_pipe) = match state.ssn2tree_map.get(&tree_key) {
+ let (share_name, mut is_pipe) = match state.ssn2tree_cache.get(&tree_key) {
Some(n) => (n.name.to_vec(), n.is_pipe),
_ => { (Vec::new(), false) },
};
SCLogDebug!("SMBv2/READ: looks like dcerpc");
// insert fake tree to assist in follow up lookups
let tree = SMBTree::new(b"suricata::dcerpc".to_vec(), true);
- state.ssn2tree_map.insert(tree_key, tree);
+ state.ssn2tree_cache.put(tree_key, tree);
if !is_dcerpc {
_ = state.guid2name_cache.put(file_guid.to_vec(), b"suricata::dcerpc".to_vec());
}
};
if !found {
let tree_key = SMBCommonHdr::from2(r, SMBHDR_TYPE_SHARE);
- let (share_name, mut is_pipe) = match state.ssn2tree_map.get(&tree_key) {
+ let (share_name, mut is_pipe) = match state.ssn2tree_cache.get(&tree_key) {
Some(n) => { (n.name.to_vec(), n.is_pipe) },
_ => { (Vec::new(), false) },
};
SCLogDebug!("SMBv2/WRITE: looks like we have dcerpc");
let tree = SMBTree::new(b"suricata::dcerpc".to_vec(), true);
- state.ssn2tree_map.insert(tree_key, tree);
+ state.ssn2tree_cache.put(tree_key, tree);
if !is_dcerpc {
_ = state.guid2name_cache.put(file_guid.to_vec(),
b"suricata::dcerpc".to_vec());
},
SMB2_COMMAND_TREE_DISCONNECT => {
let tree_key = SMBCommonHdr::from2(r, SMBHDR_TYPE_SHARE);
- state.ssn2tree_map.remove(&tree_key);
+ state.ssn2tree_cache.pop(&tree_key);
false
}
SMB2_COMMAND_NEGOTIATE_PROTOCOL => {
// normally removed when processing request,
// but in case we missed that try again here
let tree_key = SMBCommonHdr::from2(r, SMBHDR_TYPE_SHARE);
- state.ssn2tree_map.remove(&tree_key);
+ state.ssn2tree_cache.pop(&tree_key);
false
}
SMB2_COMMAND_TREE_CONNECT => {
if found {
let tree = SMBTree::new(share_name.to_vec(), is_pipe);
let tree_key = SMBCommonHdr::from2(r, SMBHDR_TYPE_SHARE);
- state.ssn2tree_map.insert(tree_key, tree);
+ state.ssn2tree_cache.put(tree_key, tree);
}
true
} else {
projects / thirdparty / suricata.git / commitdiff
