Rename to read_offset_cache.
Add `app-layer.protocols.smb.max-read-offset-cache-size` option to
control the limit.
Ticket: #5672.
#[cfg(feature = "debug")]
pub fn _debug_state_stats(&self) {
- SCLogDebug!("ssn2vec_map {} guid2name_cache {} ssn2vecoffset_map {} ssn2tree_map {} ssnguid2vec_map {} file_ts_guid {} file_tc_guid {} transactions {}",
+ SCLogDebug!("ssn2vec_map {} guid2name_cache {} read_offset_cache {} ssn2tree_map {} ssnguid2vec_map {} file_ts_guid {} file_tc_guid {} transactions {}",
self.ssn2vec_map.len(),
self.guid2name_cache.len(),
- self.ssn2vecoffset_map.len(),
+ self.read_offset_cache.len(),
self.ssn2tree_map.len(),
self.ssnguid2vec_map.len(),
self.file_ts_guid.len(),
pub static mut SMB_CFG_MAX_WRITE_QUEUE_CNT: u32 = 64;
/// max size of the per state guid2name cache
pub static mut SMB_CFG_MAX_GUID_CACHE_SIZE: usize = 1024;
+/// SMBState::read_offset_cache
+pub static mut SMB_CFG_MAX_READ_OFFSET_CACHE_SIZE: usize = 128;
static mut ALPROTO_SMB: AppProto = ALPROTO_UNKNOWN;
pub guid2name_cache: LruCache<Vec<u8>, Vec<u8>>,
/// map ssn key to read offset
- pub ssn2vecoffset_map: HashMap<SMBCommonHdr, SMBFileGUIDOffset>,
+ pub read_offset_cache: LruCache<SMBCommonHdr, SMBFileGUIDOffset>,
pub ssn2tree_map: HashMap<SMBCommonHdr, SMBTree>,
state_data:AppLayerStateData::new(),
ssn2vec_map:HashMap::new(),
guid2name_cache:LruCache::new(NonZeroUsize::new(unsafe { SMB_CFG_MAX_GUID_CACHE_SIZE }).unwrap()),
- ssn2vecoffset_map:HashMap::new(),
+ read_offset_cache:LruCache::new(NonZeroUsize::new(unsafe { SMB_CFG_MAX_READ_OFFSET_CACHE_SIZE }).unwrap()),
ssn2tree_map:HashMap::new(),
ssnguid2vec_map:HashMap::new(),
skip_ts:0,
SCLogError!("Invalid max-guid-cache-size value");
}
}
+ let retval = conf_get("app-layer.protocols.smb.max-read-offset-cache-size");
+ if let Some(val) = retval {
+ if let Ok(v) = val.parse::<usize>() {
+ if v > 0 {
+ SMB_CFG_MAX_READ_OFFSET_CACHE_SIZE = v;
+ } else {
+ SCLogError!("Invalid max-read-offset-cache-size value");
+ }
+ } else {
+ SCLogError!("Invalid max-read-offset-cache-size value");
+ }
+ }
SCLogConfig!("read: max record size: {}, max queued chunks {}, max queued size {}",
SMB_CFG_MAX_READ_SIZE, SMB_CFG_MAX_READ_QUEUE_CNT, SMB_CFG_MAX_READ_QUEUE_SIZE);
SCLogConfig!("write: max record size: {}, max queued chunks {}, max queued size {}",
let mut fid = rr.fid.to_vec();
fid.extend_from_slice(&u32_as_bytes(r.ssn_id));
let fidoff = SMBFileGUIDOffset::new(fid, rr.offset);
- state.ssn2vecoffset_map.insert(fid_key, fidoff);
+ state.read_offset_cache.put(fid_key, fidoff);
},
_ => {
events.push(SMBEvent::MalformedData);
return;
}
let fid_key = SMBCommonHdr::from1(r, SMBHDR_TYPE_OFFSET);
- let (offset, file_fid) = match state.ssn2vecoffset_map.remove(&fid_key) {
+ let (offset, file_fid) = match state.read_offset_cache.pop(&fid_key) {
Some(o) => (o.offset, o.guid),
None => {
SCLogDebug!("SMBv1 READ response: reply to unknown request: left {} {:?}",
// get the request info. If we don't have it, there is nothing
// we can do except skip this record.
let guid_key = SMBCommonHdr::from2_notree(r, SMBHDR_TYPE_OFFSET);
- let (offset, file_guid) = match state.ssn2vecoffset_map.remove(&guid_key) {
+ let (offset, file_guid) = match state.read_offset_cache.pop(&guid_key) {
Some(o) => (o.offset, o.guid),
None => {
SCLogDebug!("SMBv2 READ response: reply to unknown request {:?}",rd);
// store read guid,offset in map
let guid_key = SMBCommonHdr::from2_notree(r, SMBHDR_TYPE_OFFSET);
let guidoff = SMBFileGUIDOffset::new(rd.guid.to_vec(), rd.rd_offset);
- state.ssn2vecoffset_map.insert(guid_key, guidoff);
+ state.read_offset_cache.put(guid_key, guidoff);
}
} else {
events.push(SMBEvent::MalformedData);
SCLogDebug!("SMBv2: read response => EOF");
let guid_key = SMBCommonHdr::from2_notree(r, SMBHDR_TYPE_OFFSET);
- let file_guid = if let Some(o) = state.ssn2vecoffset_map.remove(&guid_key) {
+ let file_guid = if let Some(o) = state.read_offset_cache.pop(&guid_key) {
o.guid
} else {
SCLogDebug!("SMBv2 READ response: reply to unknown request");
projects / thirdparty / suricata.git / commitdiff
