mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
Remvoing expire timer from http_sessions.
The expire timeout for the http_sessions table is unnecessary and it
actually breaks http session semantics for long-lived sessions. The
connection_state_remove() event can take care of cleaning up unanswered
sessions.
If a HTTP transfer exceeds the expire timer, then once the expire timer
fires we get an "unanswered" HTTP request in http.log and once the
reply is done (http_reply_done event), it fails to locate the associated
request (because it expired) and thus results in an "unsolicited" HTTP
reply being logged (althoug they should be one http session).
There was a comment in the expire_function mentioning that without the
expire timer some requests don't show up with the test-suite. However,
after checking back with Robin, I could not reproduce this behavior.
(Actually there's one fewer request in the output without the
expire-timer, but this can be explained by the above observation, so
this is not an error but the way it should be).
This patch results in changes to test-suite output:
* Timestamps for unanswered HTTP replies differ for unanswered request
in the "short" test.
* Medium testcase (note: lines are sorted, they are not in the order)::
-902189670.828700 <unknown request> (0 "" [40880 (interrupted)])
-902189670.828700 GET /1998/b142.ps <no reply>
-902189670.828700 start <<IP>>:<<port>> <<IP>>:80
+902189670.828700 GET /1998/b142.ps (200 "OK" [40880 (interrupted)] <<a.host.name>>)
This commit is contained in:
Gregor Maier
parent
1ff864c234
commit
b8ab0ebc22
2 changed files with 2 additions and 39 deletions
|
|
@ -1,3 +0,0 @@
|
||||||
# $Id: heavy.http.bro 4723 2007-08-07 18:14:35Z vern $
|
|
||||||
|
|
||||||
redef http_sessions &write_expire = 5 hrs;
|
|
||||||
|
|
@ -79,18 +79,8 @@ type http_session_info: record {
|
||||||
|
|
||||||
const http_log = open_log_file("http") &redef;
|
const http_log = open_log_file("http") &redef;
|
||||||
|
|
||||||
# Called when an HTTP session times out.
|
|
||||||
global expire_http_session:
|
|
||||||
function(t: table[conn_id] of http_session_info, id: conn_id)
|
|
||||||
: interval;
|
|
||||||
|
|
||||||
export {
|
|
||||||
# Indexed by conn_id.
|
# Indexed by conn_id.
|
||||||
# (Exported so that we can define a timeout on it.)
|
global http_sessions: table[conn_id] of http_session_info;
|
||||||
global http_sessions: table[conn_id] of http_session_info
|
|
||||||
&expire_func = expire_http_session
|
|
||||||
&read_expire = 15 min;
|
|
||||||
}
|
|
||||||
|
|
||||||
global http_session_id = 0;
|
global http_session_id = 0;
|
||||||
|
|
||||||
|
|
@ -202,30 +192,6 @@ event connection_state_remove(c: connection)
|
||||||
delete http_sessions[c$id];
|
delete http_sessions[c$id];
|
||||||
}
|
}
|
||||||
|
|
||||||
function expire_http_session(t: table[conn_id] of http_session_info,
|
|
||||||
id: conn_id): interval
|
|
||||||
{
|
|
||||||
### FIXME: not really clear that we need this function at all ...
|
|
||||||
#
|
|
||||||
# One would think that connection_state_remove() already takes care
|
|
||||||
# of everything. However, without this expire-handler, some requests
|
|
||||||
# don't show up with the test-suite (but haven't reproduced with
|
|
||||||
# smaller traces) - Robin.
|
|
||||||
|
|
||||||
local s = http_sessions[id];
|
|
||||||
finish_stream(id, s$id, s$request_stream);
|
|
||||||
return 0 sec;
|
|
||||||
}
|
|
||||||
|
|
||||||
# event connection_timeout(c: connection)
|
|
||||||
# {
|
|
||||||
# if ( ! maintain_http_sessions )
|
|
||||||
# {
|
|
||||||
# local id = c$id;
|
|
||||||
# if ( [id$orig_h, id$resp_h] in http_sessions )
|
|
||||||
# delete http_sessions[id$orig_h, id$resp_h];
|
|
||||||
# }
|
|
||||||
# }
|
|
||||||
|
|
||||||
# event http_stats(c: connection, stats: http_stats_rec)
|
# event http_stats(c: connection, stats: http_stats_rec)
|
||||||
# {
|
# {
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue