mirror of https://github.com/OISF/suricata
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
f68c255f09
Close all prior transactions in the direction of the GAP, except the file xfers. Those use their own logic described below. After a GAP all normal transactions are closed. File transactions are left open as they can handle GAPs in principle. However, the GAP might have contained the closing of a file and therefore it may remain active until the end of the flow. This patch introduces a time based heuristic for these transactions. After the GAP all file transactions are stamped with the current timestamp. If 60 seconds later a file has seen no update, its marked as closed. This is meant to fix resource starvation issues observed in long running SMB sessions where packet loss was causing GAPs. Due to the similarity of the NFS and SMB parsers, this issue is fixed for NFS as well in this patch. Bug #3424. Bug #3425. |
5 years ago | |
|---|---|---|
| .. | ||
| .cargo | ||
| src | 5 years ago | |
| .gitignore | ||
| Cargo.toml.in | ||
| Makefile.am | ||
| cbindgen.toml | ||
| rustfmt.toml | ||