<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><br><div><br>On 3 Aug 2018, at 01:26, Serge Malev <<a href="mailto:smalev@hotmail.com">smalev@hotmail.com</a>> wrote:<br><br></div><blockquote type="cite"><div>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<div id="divtagdefaultwrapper" style="font-size:12pt;color:#000000;font-family:Calibri,Helvetica,sans-serif;" dir="ltr">
<p style="margin-top:0;margin-bottom:0">I am having the same problem. Suricata tries to restart every 5 minutes and crashes with the same error.</p>
<p style="margin-top:0;margin-bottom:0"><br></p></div></div></blockquote><div><br></div><div>Hi,</div><div><br></div><div>Are you using IDS or IPS mode?</div><div><br></div><div>Thank you</div><br><blockquote type="cite"><div><div id="divtagdefaultwrapper" style="font-size:12pt;color:#000000;font-family:Calibri,Helvetica,sans-serif;" dir="ltr"><p style="margin-top:0;margin-bottom:0">
</p>
<p style="margin-top:0;margin-bottom:0"><br>
</p>
<br>
<br>
<div style="color: rgb(0, 0, 0);">
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> Oisf-users <<a href="mailto:oisf-users-bounces@lists.openinfosecfoundation.org">oisf-users-bounces@lists.openinfosecfoundation.org</a>> on behalf of Peter Fyon <<a href="mailto:peter.fyon@gmail.com">peter.fyon@gmail.com</a>><br>
<b>Sent:</b> Friday, August 3, 2018 8:56 AM<br>
<b>To:</b> <a href="mailto:oisf-users@lists.openinfosecfoundation.org">oisf-users@lists.openinfosecfoundation.org</a><br>
<b>Subject:</b> [Oisf-users] Crash in 4.0.5 when receiving packets</font>
<div> </div>
</div>
<meta content="text/html; charset=utf-8">
<div>
<div dir="ltr">
<div>Hey suricata users,</div>
<div><br>
</div>
<div>I upgraded suricata from 4.0.4 to 4.0.5 using the ppa last night and now suricata crashes when it (presumably) receives its first packet. I say presumably because if I physically bypass suricata, it doesn't crash. When I put it back inline, it crashes.<br>
</div>
<div><br>
</div>
<div>When I start it with:</div>
<div>/usr/bin/suricata -c /etc/suricata/suricata.yaml --pidfile /var/run/suricata.pid --af-packet -vvv</div>
<div><br>
</div>
<div>It dies and spits the following to stdout:<br>
</div>
<div>suricata: dump.c:337: do_dump: Assertion `value' failed.</div>
<div><br>
</div>
<div>Nothing has changed in my config between 4.0.4 and 4.0.5.</div>
<div><br>
</div>
<div>Peter<br>
</div>
</div>
</div>
</div>
</div>
</div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span>Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a></span><br><span>Site: <a href="http://suricata-ids.org">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/">http://suricata-ids.org/support/</a></span><br><span>List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a></span><br><span></span><br><span>Conference: <a href="https://suricon.net">https://suricon.net</a></span><br><span>Trainings: <a href="https://suricata-ids.org/training/">https://suricata-ids.org/training/</a></span></div></blockquote></body></html>