From: Victor Julien <victor@inliniac.net>
Date: Mon, 20 Jul 2020 12:49:59 +0000 (+0200)
Subject: nfs: fix 'dangling' files in lossy sessions
X-Git-Tag: suricata-6.0.0-beta1~121
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bcd416e6baf8475fc4a41830c16488a4225b8eba;p=thirdparty%2Fsuricata.git

nfs: fix 'dangling' files in lossy sessions

In case of lossy connections the NFS state would properly clean up
transactions, including file transactions. However for files the
state was never set to 'truncated', leading to files to stay 'active'.

This would lead these files staying in the NFS's state. In long running
sessions with lots of files this would lead to performance and memory
use issues.

This patch cleans truncates the file that was being transmitted when
a file transaction is being closed.

Based on 65e9a7c31cc68bdb1fb3e1412b0a56260265c608
---

diff --git a/rust/src/nfs/nfs.rs b/rust/src/nfs/nfs.rs
index b4621339d1..ccbf45e287 100644
--- a/rust/src/nfs/nfs.rs
+++ b/rust/src/nfs/nfs.rs
@@ -502,11 +502,13 @@ impl NFSState {
     {
         let mut post_gap_txs = false;
         for tx in &mut self.transactions {
-            if let Some(NFSTransactionTypeData::FILE(ref f)) = tx.type_data {
+            if let Some(NFSTransactionTypeData::FILE(ref mut f)) = tx.type_data {
                 if f.post_gap_ts > 0 {
                     if self.ts > f.post_gap_ts {
                         tx.request_done = true;
                         tx.response_done = true;
+                        let (files, flags) = self.files.get(tx.file_tx_direction);
+                        f.file_tracker.trunc(files, flags);
                     } else {
                         post_gap_txs = true;
                     }