[Oisf-devel] Crashing
Chris Wakelin
c.d.wakelin at reading.ac.uk
Thu Feb 10 18:53:40 UTC 2011
On 10/02/11 00:02, Victor Julien wrote:
> On 02/08/2011 01:13 PM, Chris Wakelin wrote:
>> I wonder whether:
>>
>>> commit a8417377e700ed69c719d2c1c31acdac656bfa4f
>>> Author: Eric Leblond <eric at regit.org>
>>> Date: Wed Feb 2 22:50:53 2011 +0100
>>>
>>> Don't use direct pkt access
>>>
>>> pkt field in Packet needs to be accessed via macro. This
>>> patch supress some direct access.
>>
>> (or later ones) fixed the UDP issue
>
> That would have been an unintentional side effect then.
Not seen any more misses, but it was only a wild guess about this patch.
>
>>> commit addab7b5ee62f555e8743031ca8bb4178f893638
>>> Author: Victor Julien <victor at inliniac.net>
>>> Date: Thu Feb 3 15:22:40 2011 +0100
>>>
>>> Don't test the several packet detection checks against pseudo packets as the matches would not be meaningful anyway. Prevents a segv in the csum detection.
>>
>> fixed the segfault.
>
> This could be possible. I never saw it outside of the checksum keywords
> though, they are not used by any ET/VRT rule by default.
Similarly a wild guess. However I've had more crashes since, so I guess
it's not fixed. I'm not getting any core dumps though, despite having
"ulimit -c unlimited" and for good measure starting Suricata with a CWD
of /var/log/suricata (i.e. which it can write to). Where is it likely to
leave them?
I'm also using the tcmalloc trick in
http://www.inliniac.net/blog/2010/10/21/speeding-up-suricata-with-tcmalloc.html
- will that make a difference do you think?
I didn't get crashes until a week or so ago, so I think my GIT version
as of 6th January is probably OK, except for the UDP port mismatches.
Today I've got a new Suricata instance on the other half of our network,
used by our student residences, which will be interesting :)
Best Wishes,
Chris
--
--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+-
Christopher Wakelin, c.d.wakelin at reading.ac.uk
IT Services Centre, The University of Reading, Tel: +44 (0)118 378 8439
Whiteknights, Reading, RG6 6AF, UK Fax: +44 (0)118 975 3094
More information about the Oisf-devel
mailing list