[Oisf-devel] LuaJIT running out of memory causing Suricata crashes?
Victor Julien
victor at inliniac.net
Wed Dec 4 14:39:11 UTC 2013
On 12/04/2013 01:17 PM, Chris Wakelin wrote:
> On 04/12/13 12:16, Victor Julien wrote:
>> On 12/04/2013 01:13 PM, Victor Julien wrote:
>>> On 12/04/2013 12:56 PM, Victor Julien wrote:
>>>> On 12/04/2013 12:37 PM, Chris Wakelin wrote:
>>>>>> [32578] 4/12/2013 -- 11:18:50 - (detect-luajit.c:281) <Info> (DetectLuajitMatchBuffer) -- failed to run script: not enough memory
>>>>> I guess we could add more checks to the Lua scripts to avoid the
>>>>> zlib/xor errors, which occur all the time, but I think they're probably
>>>>> not significant. Is there a way we could prevent or at least debug the
>>>>> "not enough memory" errors which are presumably what causes Suricata to
>>>>> crash?
>>>>
>>>> Maybe you can try inserting a "return 0" on line 282, so:
>>>>
>>>> int retval = lua_pcall(tluajit->luastate, 1, 1, 0);
>>>> if (retval != 0) {
>>>> SCLogInfo("failed to run script: %s",
>>>> lua_tostring(tluajit->luastate, -1));
>>>> return 0;
>>>> }
>>>>
>>>
>>> Actually, please ignore this. I found that the lua state isn't cleared
>>> properly, will send a test patch in a few minutes.
>>>
>>
>> Can you try the attached patch?
I have pushed an lua update to the master. It should fix the issue some
people were seeing "(DetectLuajitMatch) -- failed to run script: stack
overflow". Hopefully it also addresses Chris' issue.
Other than that, there was a fix to how flowvars were retrieved. In
short, if the stored value was not a multiple of 4, the length was wrong.
Finally, you can now get the gid, sid and rev from the rule calling the
script:
function match(args)
a = SCRuleSid
b = SCRuleRev
c = SCRuleGid
print (a .. " " .. b .. " " .. c)
end
Please test :)
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list