<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class="">Jozef,</div><div class=""><span class="Apple-tab-span" style="white-space:pre"> </span>The Same coredump happen after changing the default config to the suggested ones.</div><div class=""><br class=""></div><div class=""><img apple-inline="yes" id="F46C5C6A-6899-4C08-B7DF-0BA2E7696ABF" height="225" width="662" apple-width="yes" apple-height="yes" src="cid:BC29E42C-9FD4-4D26-92FE-31FA6DAE4ADC@lan" class=""></div><div class=""><br class=""></div><div class="">-Tidy</div><br class=""><div><blockquote type="cite" class=""><div class="">On Apr 21, 2017, at 4:41 PM, Jozef Mlich <<a href="mailto:jozef.mlich@greycortex.com" class="">jozef.mlich@greycortex.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class="">On Fri, 2017-04-21 at 16:15 +0800, <a href="mailto:tidy@holonetsecurity.com" class="">tidy@holonetsecurity.com</a> wrote:<br class=""><br class="">Hi,<br class=""><br class="">I have noticed illegal instruction only with some AMD and hyperscan<br class="">enabled. You can try it with <br class=""><br class="">mpm-algo: ac<br class="">spm-algo: bm <br class=""><br class="">in suricata.yaml, or as command line argument --set ...<br class=""><br class=""><br class=""><blockquote type="cite" class="">Hi,<br class=""><span class="Apple-tab-span" style="white-space:pre"> </span>I built Suricata using option "disable-gccmarch-native” in VM<br class="">host A (cpu instruction should be newer) which supporting AVX2 and<br class="">then run suricata in host B. The Suricata has crashed for for illegal<br class="">instruction (see coredump information). <br class=""> Also, tried the same way in Physical host C with the newer cpu<br class="">instruction and it can run well on Host B.<br class=""> <br class=""> So, I think the configure option “disable-gccmarch-native”<br class="">doesn’t work well on VM. Could some one take a look at this.<br class=""><br class="">root:1.212@work$ /usr/local/bin/suricata --build-info<br class="">This is Suricata version 3.2dev<br class="">Features: PCAP_SET_BUFF LIBPCAP_VERSION_MAJOR=1 AF_PACKET<br class="">HAVE_PACKET_FANOUT LIBCAP_NG HAVE_HTP_URI_NORMALIZE_HOOK PCRE_JIT<br class="">HAVE_NSS HAVE_LUA TLS MAGIC <br class="">SIMD support: none<br class="">Atomic intrisics: 1 2 4 8 byte(s)<br class="">64-bits, Little-endian architecture<br class="">GCC version 4.8.5 20150623 (Red Hat 4.8.5-11), C version 199901<br class="">compiled with _FORTIFY_SOURCE=0<br class="">L1 cache line size (CLS)=64<br class="">thread local storage method: __thread<br class="">compiled with LibHTP v0.5.23, linked against LibHTP v0.5.23<br class=""><br class="">Suricata Configuration:<br class=""> AF_PACKET support: yes<br class=""> PF_RING support: no<br class=""> NFQueue support: no<br class=""> NFLOG support: no<br class=""> IPFW support: no<br class=""> Netmap support: no<br class=""> DAG enabled: no<br class=""> Napatech enabled: no<br class=""><br class=""> Unix socket enabled: no<br class=""> Detection enabled: yes<br class=""><br class=""> Libmagic support: yes<br class=""> libnss support: yes<br class=""> libnspr support: yes<br class=""> libjansson support: no<br class=""> hiredis support: yes<br class=""> Prelude support: no<br class=""> PCRE jit: yes<br class=""> LUA support: yes<br class=""> libluajit: no<br class=""> libgeoip: no<br class=""> Non-bundled htp: yes<br class=""> Old barnyard2 support: no<br class=""> CUDA enabled: no<br class=""> Hyperscan support: yes<br class=""> Libnet support: no<br class=""><br class=""> Suricatasc install: yes<br class=""><br class=""> Profiling enabled: no<br class=""> Profiling locks enabled: no<br class=""><br class="">Development settings:<br class=""> Coccinelle / spatch: no<br class=""> Unit tests enabled: no<br class=""> Debug output enabled: no<br class=""> Debug validation enabled: no<br class=""><br class="">Generic build parameters:<br class=""> Installation prefix: /usr/local/<br class=""> Configuration directory: /usr/local/etc/suricata/<br class=""> Log directory: <br class="">/usr/local/var/log/suricata/<br class=""><br class=""> --prefix /usr/local/<br class=""> --sysconfdir /usr/local/etc<br class=""> --localstatedir /usr/local/var<br class=""><br class=""> Host: x86_64-unknown-linux-gnu<br class=""> Compiler: gcc (exec name) / gcc<br class="">(real)<br class=""> GCC Protect enabled: no<br class=""> GCC march native enabled: no<br class=""> GCC Profile enabled: no<br class=""> Position Independent Executable enabled: no<br class=""> CFLAGS -g -O2<br class=""> PCAP_CFLAGS -I/usr/local/deps/include<br class=""> SECCFLAGS <br class=""><br class="">Here is the coredump information, its cored at strtod<br class=""><br class=""><br class="">_______________________________________________<br class="">Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org" class="">oisf-users@openinfosecfoundation.org</a><br class="">Site: <a href="http://suricata-ids.org" class="">http://suricata-ids.org</a> | Support: <a href="http://suricata-" class="">http://suricata-</a><br class=""><a href="http://ids.org/support/" class="">ids.org/support/</a><br class="">List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-u<br class="">sers<br class=""></blockquote>-- <br class="">Jozef Mlich <<a href="mailto:jozef.mlich@greycortex.com" class="">jozef.mlich@greycortex.com</a>><br class=""></div></div></blockquote></div><br class=""></body></html>