Project

General

Profile

Actions

Bug #3452

closed

smb: post-GAP file tx handling (4.1.x)

Added by Victor Julien almost 5 years ago. Updated almost 5 years ago.

Status:
Closed
Priority:
High
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

As #3399 but for file transactions.

File transactions are handled separately, as they can deal with GAPs to some extend. However if we don't see records belonging to a file transaction after a GAP, it may never get closed.

Idea now is to give these transactions a timestamp after a GAP, and then remove them after a timeout.


Related issues 1 (0 open1 closed)

Copied from Suricata - Bug #3400: smb: post-GAP file tx handlingClosedVictor JulienActions
Actions

Also available in: Atom PDF