mirror of https://github.com/OISF/suricata
cybersecurityidsintrusion-detection-systemintrusion-prevention-systemipsnetwork-monitornetwork-monitoringnsmsecuritysuricatathreat-hunting
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
34ed15e182
If the protocol required TOSERVER data first, but the SSN started with a GAP, then the TOCLIENT side would get stuck in an expensive path: 1. it would run detection on TOCLIENT 2. it would try to force reassembly for TOSERVER 3. it would reset the detected protocol as TOSERVER failed 4. it would not evict any segment This had 2 consequences: 1. on long running sessions this could lead to using lots of memory on segments, denying other sessions resources 2. wasted cycles on protocol detection and segment list management This patch introduces a fix. It checks in the (2) stage above, whether the opposing stream (that we depend on) it is a NOREASSEMBLY state. If so, it gives up on this side of the session as well. |
10 years ago | |
|---|---|---|
| benches | ||
| contrib | 11 years ago | |
| doc | 11 years ago | |
| lua | 11 years ago | |
| m4 | ||
| qa | 10 years ago | |
| rules | 11 years ago | |
| scripts | 10 years ago | |
| src | 10 years ago | |
| .gitignore | 13 years ago | |
| .travis.yml | 12 years ago | |
| COPYING | ||
| ChangeLog | 11 years ago | |
| LICENSE | ||
| Makefile.am | 11 years ago | |
| Makefile.cvs | ||
| acsite.m4 | ||
| autogen.sh | ||
| classification.config | ||
| config.rpath | ||
| configure.ac | 10 years ago | |
| doxygen.cfg | 12 years ago | |
| reference.config | 11 years ago | |
| suricata.yaml.in | 10 years ago | |
| threshold.config | ||