<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Thu, May 21, 2015 at 6:10 AM, Peter Manev <span dir="ltr"><<a href="mailto:petermanev@gmail.com" target="_blank">petermanev@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span class="">On Thu, May 21, 2015 at 1:02 AM, Eduardo Meyer <<a href="mailto:dudu.meyer@gmail.com">dudu.meyer@gmail.com</a>> wrote:<br>
> Hello,<br>
><br>
> I am running Suricata 2.0.8 RELEASE with 3 interfaces, and from times to<br>
> times suricata simply dies. This is the process arguments in use:<br>
><br>
> root 45492 1.0 1.5 1299164 251564 - Is 4:20PM 84:38.13<br>
> /usr/local/bin/suricata -D -i bridge1 -i bridge2 -i bridge0 --pidfile<br>
> /var/run/suricata_bridge0.pid -c /usr/local/etc/suricata/suricata.yaml<br>
><br>
> I could not find a pattern when Suricata dies. Sometimes it's a high<br>
> pps/memory/bandwidth usage profile, sometimes it's a low demand hour with<br>
> just a couple pps passing the suricata system.<br>
><br>
> It never dies with a single interface. It dies for bridged ports, trunked<br>
> ports as well as for physical untagged ports, so it does not seem to be<br>
> related to virtual or real NICs it's listening at, although I noticed it<br>
> dies more frequently on bridged interfaces like the above scenario.<br>
><br>
> Is there anything I should look at with special attention on suricata.yaml?<br>
><br>
> I have a suricata.core everytime it dies. How can I produce useful<br>
> information from it?<br>
<br>
</span>If you have a core dump and can reproduce the issue consistently - you<br>
can have a look at this guide here -<br>
<a href="https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs" target="_blank">https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs</a><br>
how to extract useful info. Then you can open a bug report should you consider.<br>
<br>
Thank you</blockquote><div><br></div><div><br></div><div>What else should I do to the bug the cause? I am no gdb familiarized in any ways, so I can't move forth, so far this is what I had only:</div><div><br></div><div><div>gdb /usr/local/bin/suricata /suricata.core</div><div>GNU gdb 6.1.1 [FreeBSD]</div><div>Copyright 2004 Free Software Foundation, Inc.</div><div>GDB is free software, covered by the GNU General Public License, and you are</div><div>welcome to change it and/or distribute copies of it under certain conditions.</div><div>Type "show copying" to see the conditions.</div><div>There is absolutely no warranty for GDB. Type "show warranty" for details.</div><div>This GDB was configured as "amd64-marcel-freebsd"...(no debugging symbols found)...</div><div>Core was generated by `suricata'.</div><div>Program terminated with signal 11, Segmentation fault.</div><div>Reading symbols from /usr/local/lib/libprelude.so.2...(no debugging symbols found)...done.</div><div>Loaded symbols for /usr/local/lib/libprelude.so.2</div><div>Reading symbols from /usr/local/lib/libgnutls.so.28...(no debugging symbols found)...done.</div><div>Loaded symbols for /usr/local/lib/libgnutls.so.28</div><div>Reading symbols from /usr/local/lib/libgcrypt.so.20...(no debugging symbols found)...done.</div><div>Loaded symbols for /usr/local/lib/libgcrypt.so.20</div><div>Reading symbols from /usr/local/lib/libgpg-error.so.0...(no debugging symbols found)...done.</div><div>Loaded symbols for /usr/local/lib/libgpg-error.so.0</div><div>Reading symbols from /usr/lib/libmagic.so.4...(no debugging symbols found)...done.</div><div>Loaded symbols for /usr/lib/libmagic.so.4</div><div>Reading symbols from /usr/local/lib/libhtp-0.5.16.so.1...(no debugging symbols found)...done.</div><div>Loaded symbols for /usr/local/lib/libhtp-0.5.16.so.1</div><div>Reading symbols from /lib/libpcap.so.8...(no debugging symbols found)...done.</div><div>Loaded symbols for /lib/libpcap.so.8</div><div>Reading symbols from /usr/local/lib/libnet11/libnet.so.1...(no debugging symbols found)...done.</div><div>Loaded symbols for /usr/local/lib/libnet11/libnet.so.1</div><div>Reading symbols from /usr/local/lib/libjansson.so.4...(no debugging symbols found)...done.</div><div>Loaded symbols for /usr/local/lib/libjansson.so.4</div><div>Reading symbols from /lib/libthr.so.3...(no debugging symbols found)...done.</div><div>Loaded symbols for /lib/libthr.so.3</div><div>Reading symbols from /usr/local/lib/libyaml-0.so.2...(no debugging symbols found)...done.</div><div>Loaded symbols for /usr/local/lib/libyaml-0.so.2</div><div>Reading symbols from /usr/local/lib/libpcre.so.1...(no debugging symbols found)...done.</div><div>Loaded symbols for /usr/local/lib/libpcre.so.1</div><div>Reading symbols from /usr/local/lib/libplds4.so.1...(no debugging symbols found)...done.</div><div>Loaded symbols for /usr/local/lib/libplds4.so.1</div><div>Reading symbols from /usr/local/lib/libplc4.so.1...(no debugging symbols found)...done.</div><div>Loaded symbols for /usr/local/lib/libplc4.so.1</div><div>Reading symbols from /usr/local/lib/libnspr4.so.1...(no debugging symbols found)...done.</div><div>Loaded symbols for /usr/local/lib/libnspr4.so.1</div><div>Reading symbols from /lib/libc.so.7...(no debugging symbols found)...done.</div><div>Loaded symbols for /lib/libc.so.7</div><div>Reading symbols from /usr/local/lib/libltdl.so.7...(no debugging symbols found)...done.</div><div>Loaded symbols for /usr/local/lib/libltdl.so.7</div><div>Reading symbols from /lib/libz.so.6...(no debugging symbols found)...done.</div><div>Loaded symbols for /lib/libz.so.6</div><div>Reading symbols from /usr/local/lib/libp11-kit.so.0...(no debugging symbols found)...done.</div><div>Loaded symbols for /usr/local/lib/libp11-kit.so.0</div><div>Reading symbols from /usr/local/lib/libtspi.so.1...(no debugging symbols found)...done.</div><div>Loaded symbols for /usr/local/lib/libtspi.so.1</div><div>Reading symbols from /usr/local/lib/libtasn1.so.6...(no debugging symbols found)...done.</div><div>Loaded symbols for /usr/local/lib/libtasn1.so.6</div><div>Reading symbols from /usr/local/lib/libnettle.so.4...done.</div><div>Loaded symbols for /usr/local/lib/libnettle.so.4</div><div>Reading symbols from /usr/local/lib/libhogweed.so.2...done.</div><div>Loaded symbols for /usr/local/lib/libhogweed.so.2</div><div>Reading symbols from /usr/local/lib/libgmp.so.10...done.</div><div>Loaded symbols for /usr/local/lib/libgmp.so.10</div><div>Reading symbols from /usr/local/lib/libintl.so.8...done.</div><div>Loaded symbols for /usr/local/lib/libintl.so.8</div><div>Reading symbols from /usr/local/lib/libiconv.so.2...done.</div><div>Loaded symbols for /usr/local/lib/libiconv.so.2</div><div>Reading symbols from /usr/local/lib/libffi.so.6...done.</div><div>Loaded symbols for /usr/local/lib/libffi.so.6</div><div>Reading symbols from /lib/libcrypto.so.7...done.</div><div>Loaded symbols for /lib/libcrypto.so.7</div><div>Reading symbols from /libexec/ld-elf.so.1...done.</div><div>Loaded symbols for /libexec/ld-elf.so.1</div><div>#0 0x000000080207030a in pthread_mutex_lock () from /lib/libthr.so.3</div><div>[New Thread 8107f4000 (LWP 101545/SCPerfMgmtThrea)]</div><div>[New Thread 8107f3c00 (LWP 100251/SCPerfWakeupThr)]</div><div>[New Thread 8107f3800 (LWP 100250/FlowManagerThre)]</div><div>[New Thread 8107f3400 (LWP 100249/Detect12)]</div><div>[New Thread 8107f3000 (LWP 100248/Detect11)]</div><div>[New Thread 8107f2c00 (LWP 100247/Detect10)]</div><div>[New Thread 8107f2800 (LWP 100246/Detect9)]</div><div>[New Thread 8107f2400 (LWP 100245/Detect8)]</div><div>[New Thread 8107f2000 (LWP 100244/Detect7)]</div><div>[New Thread 8107f1c00 (LWP 100243/Detect6)]</div><div>[New Thread 8107f1800 (LWP 100242/Detect5)]</div><div>[New Thread 8107f1400 (LWP 100240/Detect4)]</div><div>[New Thread 8107f1000 (LWP 100238/Detect3)]</div><div>[New Thread 8107f0c00 (LWP 100237/Detect2)]</div><div>[New Thread 8107f0800 (LWP 100236/Detect1)]</div><div>[New Thread 8107f0400 (LWP 100234/RxPcapbridge01)]</div><div>[New Thread 805415c00 (LWP 100229/RxPcapbridge21)]</div><div>[New Thread 805415800 (LWP 100164/RxPcapbridge11)]</div><div>[New Thread 805406400 (LWP 100600/suricata)]</div><div>(gdb) bt</div><div>#0 0x000000080207030a in pthread_mutex_lock () from /lib/libthr.so.3</div><div>#1 0x000000000045400f in ?? ()</div><div>#2 0x0000000000451d26 in ?? ()</div><div>#3 0x000000000051f1cb in ?? ()</div><div>#4 0x000000000051f8db in ?? ()</div><div>#5 0x000000080206a725 in pthread_create () from /lib/libthr.so.3</div><div>#6 0x0000000000000000 in ?? ()</div><div>(gdb) frame 5</div><div>#5 0x000000080206a725 in pthread_create () from /lib/libthr.so.3</div></div></div><div><br></div><div><div>cat gdb.txt</div><div><br></div><div>Thread 19 (Thread 805406400 (LWP 100600/suricata)):</div><div>#0 0x0000000802e930ea in _nanosleep () from /lib/libc.so.7</div><div>#1 0x000000080206cb0c in pthread_suspend_all_np () from /lib/libthr.so.3</div><div>#2 0x0000000802edb5f7 in usleep () from /lib/libc.so.7</div><div>#3 0x00000000005160e9 in ?? ()</div><div>#4 0x0000000000407e3f in ?? ()</div><div>#5 0x00000008007f1000 in ?? ()</div><div>#6 0x0000000000000000 in ?? ()</div><div><br></div><div>Thread 18 (Thread 805415800 (LWP 100164/RxPcapbridge11)):</div><div>#0 0x0000000802efdd98 in _read () from /lib/libc.so.7</div><div>#1 0x000000080206cd46 in pthread_suspend_all_np () from /lib/libthr.so.3</div><div>#2 0x0000000801a24e0e in pcap_platform_finddevs () from /lib/libpcap.so.8</div><div>#3 0x00000000004ff26e in ?? ()</div><div>#4 0x000000000051f4bc in ?? ()</div><div>#5 0x000000080206a725 in pthread_create () from /lib/libthr.so.3</div><div>#6 0x0000000000000000 in ?? ()</div><div><br></div><div>Thread 17 (Thread 805415c00 (LWP 100229/RxPcapbridge21)):</div><div>#0 0x0000000802075c5a in pthread_cleanup_pop () from /lib/libthr.so.3</div><div>#1 0x0000000802070b64 in pthread_mutex_destroy () from /lib/libthr.so.3</div><div>#2 0x00000000004c4ca4 in ?? ()</div><div>#3 0x00000000004c3031 in ?? ()</div><div>#4 0x0000000000440b80 in ?? ()</div><div>#5 0x000000000043ec1a in ?? ()</div><div>#6 0x000000000043d732 in ?? ()</div><div>#7 0x00000000004ffe3d in ?? ()</div><div>#8 0x000000000051f1cb in ?? ()</div><div>#9 0x00000000005000b1 in ?? ()</div><div>#10 0x0000000801a25394 in pcap_platform_finddevs () from /lib/libpcap.so.8</div><div>#11 0x00000000004ff26e in ?? ()</div><div>#12 0x000000000051f4bc in ?? ()</div><div>#13 0x000000080206a725 in pthread_create () from /lib/libthr.so.3</div><div>#14 0x0000000000000000 in ?? ()</div><div><br></div><div>Thread 16 (Thread 8107f0400 (LWP 100234/RxPcapbridge01)):</div><div>#0 0x00000000004410bb in ?? ()</div><div>#1 0x000000000043d781 in ?? ()</div><div>#2 0x00000000004ffe3d in ?? ()</div><div>#3 0x000000000051f1cb in ?? ()</div><div>#4 0x00000000005000b1 in ?? ()</div><div>#5 0x0000000801a25394 in pcap_platform_finddevs () from /lib/libpcap.so.8</div><div>#6 0x00000000004ff26e in ?? ()</div><div>#7 0x000000000051f4bc in ?? ()</div><div>#8 0x000000080206a725 in pthread_create () from /lib/libthr.so.3</div><div>#9 0x0000000000000000 in ?? ()</div><div><br></div><div>Thread 15 (Thread 8107f0800 (LWP 100236/Detect1)):</div><div>#0 0x000000080207030a in pthread_mutex_lock () from /lib/libthr.so.3</div><div>#1 0x000000000045400f in ?? ()</div><div>#2 0x0000000000451d26 in ?? ()</div><div>#3 0x000000000051f1cb in ?? ()</div><div>#4 0x000000000051f8db in ?? ()</div><div>#5 0x000000080206a725 in pthread_create () from /lib/libthr.so.3</div><div>#6 0x0000000000000000 in ?? ()</div><div><br></div><div>Thread 14 (Thread 8107f0c00 (LWP 100237/Detect2)):</div><div>#0 0x000000000054a90a in ?? ()</div><div>#1 0x0000000000454c00 in ?? ()</div><div>#2 0x0000000000451d26 in ?? ()</div><div>#3 0x000000000051f1cb in ?? ()</div><div>#4 0x000000000051f8db in ?? ()</div><div>#5 0x000000080206a725 in pthread_create () from /lib/libthr.so.3</div><div>#6 0x0000000000000000 in ?? ()</div><div><br></div><div>Thread 13 (Thread 8107f1000 (LWP 100238/Detect3)):</div><div>#0 0x000000000054a901 in ?? ()</div><div>#1 0x0000000000454c18 in ?? ()</div><div>#2 0x0000000000451d26 in ?? ()</div><div>#3 0x000000000051f1cb in ?? ()</div><div>#4 0x000000000051f8db in ?? ()</div><div>#5 0x000000080206a725 in pthread_create () from /lib/libthr.so.3</div><div>#6 0x0000000000000000 in ?? ()</div><div><br></div><div>Thread 12 (Thread 8107f1400 (LWP 100240/Detect4)):</div><div>#0 0x000000000054a901 in ?? ()</div><div>#1 0x0000000000454c18 in ?? ()</div><div>#2 0x0000000000451d26 in ?? ()</div><div>#3 0x000000000051f1cb in ?? ()</div><div>#4 0x000000000051f8db in ?? ()</div><div>#5 0x000000080206a725 in pthread_create () from /lib/libthr.so.3</div><div>#6 0x0000000000000000 in ?? ()</div><div><br></div><div>Thread 11 (Thread 8107f1800 (LWP 100242/Detect5)):</div><div>#0 0x0000000802075c5c in pthread_cleanup_pop () from /lib/libthr.so.3</div><div>#1 0x000000080207411e in _pthread_cond_wait () from /lib/libthr.so.3</div><div>#2 0x000000000051b41a in ?? ()</div><div>#3 0x000000000051f8c4 in ?? ()</div><div>#4 0x000000080206a725 in pthread_create () from /lib/libthr.so.3</div><div>#5 0x0000000000000000 in ?? ()</div><div><br></div><div>Thread 10 (Thread 8107f1c00 (LWP 100243/Detect6)):</div><div>#0 0x0000000802075c5c in pthread_cleanup_pop () from /lib/libthr.so.3</div><div>#1 0x000000080207411e in _pthread_cond_wait () from /lib/libthr.so.3</div><div>#2 0x000000000051b41a in ?? ()</div><div>#3 0x000000000051f8c4 in ?? ()</div><div>#4 0x000000080206a725 in pthread_create () from /lib/libthr.so.3</div><div>#5 0x0000000000000000 in ?? ()</div><div><br></div><div>Thread 9 (Thread 8107f2000 (LWP 100244/Detect7)):</div><div>#0 0x0000000802075c5c in pthread_cleanup_pop () from /lib/libthr.so.3</div><div>#1 0x000000080207411e in _pthread_cond_wait () from /lib/libthr.so.3</div><div>#2 0x000000000051b41a in ?? ()</div><div>#3 0x000000000051f8c4 in ?? ()</div><div>#4 0x000000080206a725 in pthread_create () from /lib/libthr.so.3</div><div>#5 0x0000000000000000 in ?? ()</div><div><br></div><div>Thread 8 (Thread 8107f2400 (LWP 100245/Detect8)):</div><div>#0 0x0000000802070a48 in pthread_mutex_destroy () from /lib/libthr.so.3</div><div>#1 0x000000000045400f in ?? ()</div><div>#2 0x0000000000451d26 in ?? ()</div><div>#3 0x000000000051f1cb in ?? ()</div><div>#4 0x000000000051f8db in ?? ()</div><div>#5 0x000000080206a725 in pthread_create () from /lib/libthr.so.3</div><div>#6 0x0000000000000000 in ?? ()</div><div><br></div><div>Thread 7 (Thread 8107f2800 (LWP 100246/Detect9)):</div><div>#0 0x000000000054a901 in ?? ()</div><div>#1 0x0000000000454c00 in ?? ()</div><div>#2 0x0000000000451d26 in ?? ()</div><div>#3 0x000000000051f1cb in ?? ()</div><div>#4 0x000000000051f8db in ?? ()</div><div>#5 0x000000080206a725 in pthread_create () from /lib/libthr.so.3</div><div>#6 0x0000000000000000 in ?? ()</div><div><br></div><div>Thread 6 (Thread 8107f2c00 (LWP 100247/Detect10)):</div><div>#0 0x0000000802075c5c in pthread_cleanup_pop () from /lib/libthr.so.3</div><div>#1 0x000000080207411e in _pthread_cond_wait () from /lib/libthr.so.3</div><div>#2 0x000000000051b41a in ?? ()</div><div>#3 0x000000000051f8c4 in ?? ()</div><div>#4 0x000000080206a725 in pthread_create () from /lib/libthr.so.3</div><div>#5 0x0000000000000000 in ?? ()</div><div><br></div><div>Thread 5 (Thread 8107f3000 (LWP 100248/Detect11)):</div><div>#0 0x000000000054a8d4 in ?? ()</div><div>#1 0x0000000000454c18 in ?? ()</div><div>#2 0x0000000000451d26 in ?? ()</div><div>#3 0x000000000051f1cb in ?? ()</div><div>#4 0x000000000051f8db in ?? ()</div><div>#5 0x000000080206a725 in pthread_create () from /lib/libthr.so.3</div><div>#6 0x0000000000000000 in ?? ()</div><div><br></div><div>Thread 4 (Thread 8107f3400 (LWP 100249/Detect12)):</div><div>#0 0x0000000802075c5c in pthread_cleanup_pop () from /lib/libthr.so.3</div><div>#1 0x000000080207411e in _pthread_cond_wait () from /lib/libthr.so.3</div><div>#2 0x000000000051b41a in ?? ()</div><div>#3 0x000000000051f8c4 in ?? ()</div><div>#4 0x000000080206a725 in pthread_create () from /lib/libthr.so.3</div><div>#5 0x0000000000000000 in ?? ()</div><div><br></div><div>Thread 3 (Thread 8107f3800 (LWP 100250/FlowManagerThre)):</div><div>#0 0x0000000802075c5c in pthread_cleanup_pop () from /lib/libthr.so.3</div><div>#1 0x000000080207411e in _pthread_cond_wait () from /lib/libthr.so.3</div><div>#2 0x00000000004c5adb in ?? ()</div><div>#3 0x000000080206a725 in pthread_create () from /lib/libthr.so.3</div><div>#4 0x0000000000000000 in ?? ()</div><div><br></div><div>Thread 2 (Thread 8107f3c00 (LWP 100251/SCPerfWakeupThr)):</div><div>#0 0x0000000802075c5c in pthread_cleanup_pop () from /lib/libthr.so.3</div><div>#1 0x000000080207411e in _pthread_cond_wait () from /lib/libthr.so.3</div><div>#2 0x00000000004397e2 in ?? ()</div><div>#3 0x000000080206a725 in pthread_create () from /lib/libthr.so.3</div><div>#4 0x0000000000000000 in ?? ()</div><div><br></div><div>Thread 1 (Thread 8107f4000 (LWP 101545/SCPerfMgmtThrea)):</div><div>#0 0x0000000802075c5c in pthread_cleanup_pop () from /lib/libthr.so.3</div><div>#1 0x000000080207411e in _pthread_cond_wait () from /lib/libthr.so.3</div><div>#2 0x0000000000439ae7 in ?? ()</div><div>#3 0x000000080206a725 in pthread_create () from /lib/libthr.so.3</div><div>#4 0x0000000000000000 in ?? ()</div><div>#0 0x000000080207030a in pthread_mutex_lock () from /lib/libthr.so.3</div></div><div><br></div>-- <br><div class="gmail_signature">===========<br>Eduardo Meyer<br>pessoal: <a href="mailto:dudu.meyer@gmail.com" target="_blank">dudu.meyer@gmail.com</a><br>profissional: <a href="mailto:ddm.farmaciap@saude.gov.br" target="_blank">ddm.farmaciap@saude.gov.br</a><br></div>
</div></div>