mirror of https://github.com/OISF/suricata
cybersecurityidsintrusion-detection-systemintrusion-prevention-systemipsnetwork-monitornetwork-monitoringnsmsecuritysuricatathreat-hunting
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
32aafa6a48
If we're getting a lot of data in one direction and the proto for this
direction is unknown, proto detect will hold up segments in the segment
list in the stream. They are held so that if we detect the protocol on
the opposing stream, we can still parse this side of the stream as well.
However, some sessions are very unbalanced. FTP data channels, large
PUT/POST request and many others, can lead to cases where we would have
to store many megabytes worth of segments before we see the opposing
stream. This leads to risks of resource starvation.
In this patch, a cutoff point is enforced. If we've stored 100k in one
direction and we've seen no data in the other direction, we give up.
If we've given up, the applayer_proto_detection_skipped event is set.
app-layer-event: applayer_proto_detection_skipped;
|
11 years ago | |
|---|---|---|
| benches | ||
| contrib | ||
| doc | ||
| m4 | ||
| qa | ||
| rules | ||
| scripts | ||
| src | 11 years ago | |
| .gitignore | ||
| COPYING | ||
| ChangeLog | ||
| LICENSE | ||
| Makefile.am | ||
| Makefile.cvs | ||
| acsite.m4 | ||
| autogen.sh | ||
| classification.config | ||
| config.rpath | ||
| configure.ac | ||
| doxygen.cfg | ||
| reference.config | ||
| suricata.yaml.in | ||
| threshold.config | ||