mirror of https://github.com/OISF/suricata
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
After a GAP all normal transactions are closed. File transactions are left open as they can handle GAPs in principle. However, the GAP might have contained the closing of a file and therefore it may remain active until the end of the flow. This patch introduces a time based heuristic for these transactions. After the GAP all file transactions are stamped with the current timestamp. If 60 seconds later a file has seen no update, its marked as closed. This is meant to fix resource starvation issues observed in long running SMB sessions where packet loss was causing GAPs. |
6 years ago | |
---|---|---|
.. | ||
.cargo | 6 years ago | |
src | 6 years ago | |
.gitignore | ||
Cargo.toml.in | 6 years ago | |
Makefile.am | 6 years ago | |
cbindgen.toml | 6 years ago | |
rustfmt.toml |