[Oisf-devel] Suricata 1.2.1 + OpenBSD 5.1 = segmentation fault

Anoop Saldanha anoopsaldanha at gmail.com
Mon May 21 07:05:53 UTC 2012 

So looks like an OpenBSD thing.

Peter, possible for you to reproduce it on an openbsd box?

On Mon, May 21, 2012 at 12:30 PM, Henri Wahl <h.wahl at ifw-dresden.de> wrote:
> Hi Anoop,
> I run the same file I sent you again on my OpenBSD with Suricata and got
> a core dump:
>
> ...
> ular) initialized: http.log
> [10304] 21/5/2012 -- 08:55:28 - (stream-tcp.c:334) <Info>
> (StreamTcpInitConfig) -- stream "max-sessions": 262144
> [10304] 21/5/2012 -- 08:55:28 - (stream-tcp.c:346) <Info>
> (StreamTcpInitConfig) -- stream "prealloc-sessions": 32768
> [10304] 21/5/2012 -- 08:55:28 - (stream-tcp.c:362) <Info>
> (StreamTcpInitConfig) -- stream "memcap": 33554432
> [10304] 21/5/2012 -- 08:55:28 - (stream-tcp.c:368) <Info>
> (StreamTcpInitConfig) -- stream "midstream" session pickups: disabled
> [10304] 21/5/2012 -- 08:55:28 - (stream-tcp.c:374) <Info>
> (StreamTcpInitConfig) -- stream "async-oneside": disabled
> [10304] 21/5/2012 -- 08:55:28 - (stream-tcp.c:391) <Info>
> (StreamTcpInitConfig) -- stream "checksum-validation": enabled
> [10304] 21/5/2012 -- 08:55:28 - (stream-tcp.c:401) <Info>
> (StreamTcpInitConfig) -- stream."inline": disabled
> [10304] 21/5/2012 -- 08:55:28 - (stream-tcp.c:419) <Info>
> (StreamTcpInitConfig) -- stream.reassembly "memcap": 67108864
> [10304] 21/5/2012 -- 08:55:28 - (stream-tcp.c:437) <Info>
> (StreamTcpInitConfig) -- stream.reassembly "depth": 1048576
> [10304] 21/5/2012 -- 08:55:28 - (stream-tcp.c:478) <Info>
> (StreamTcpInitConfig) -- stream.reassembly "toserver-chunk-size": 2560
> [10304] 21/5/2012 -- 08:55:28 - (stream-tcp.c:480) <Info>
> (StreamTcpInitConfig) -- stream.reassembly "toclient-chunk-size": 2560
> [10304] 21/5/2012 -- 08:55:28 - (source-pcap-file.c:216) <Info>
> (ReceivePcapFileThreadInit) -- reading pcap file suricata_crash_dump.pcap
> [10304] 21/5/2012 -- 08:55:28 - (tm-threads.c:1858) <Info>
> (TmThreadWaitOnThreadInit) -- all 9 packet processing threads, 1
> management threads initialized, engine started.
> [10304] 21/5/2012 -- 08:55:28 - (source-pcap-file.c:193) <Info>
> (ReceivePcapFileLoop) -- pcap file end of file reached (pcap err code 0)
> Segmentation fault (core dumped)
>
> Doing this on The Linux CentOS 5.8 machine with Suricata 1.2 all seems OK:
>
> ...
> 21/5/2012 -- 08:54:25 - <Info> - stream.reassembly "memcap": 67108864
> 21/5/2012 -- 08:54:25 - <Info> - stream.reassembly "depth": 1048576
> 21/5/2012 -- 08:54:25 - <Info> - stream.reassembly
> "toserver_chunk_size": 2560
> 21/5/2012 -- 08:54:25 - <Info> - stream.reassembly
> "toclient_chunk_size": 2560
> 21/5/2012 -- 08:54:25 - <Info> - reading pcap file suricata_crash_dump.pcap
> 21/5/2012 -- 08:54:25 - <Info> - all 5 packet processing threads, 1
> management threads initialized, engine started.
> 21/5/2012 -- 08:54:25 - <Info> - pcap file end of file reached (pcap err
> code 0)
> 21/5/2012 -- 08:54:25 - <Info> - stopping engine, waiting for
> outstanding packets
> 21/5/2012 -- 08:54:25 - <Info> - all packets processed by threads,
> stopping engine
> 21/5/2012 -- 08:54:25 - <Info> - 0 new flows, 0 established flows were
> timed out, 0 flows in closed state
> 21/5/2012 -- 08:54:25 - <Info> - time elapsed 0.213s
> 21/5/2012 -- 08:54:25 - <Info> - Pcap-file module read 117 packets,
> 108788 bytes
> 21/5/2012 -- 08:54:25 - <Info> - Stream TCP processed 117 TCP packets
> 21/5/2012 -- 08:54:25 - <Info> - Fast log output wrote 0 alerts
> 21/5/2012 -- 08:54:25 - <Info> - Alert unified2 module wrote 0 alerts
> 21/5/2012 -- 08:54:25 - <Info> - Max memuse of the stream reassembly
> engine 11292544 (in use 0)
> 21/5/2012 -- 08:54:25 - <Info> - Max memuse of stream engine 6029312 (in
> use 0)
> 21/5/2012 -- 08:54:25 - <Info> - cleaning up signature grouping
> structure... complete
>
> So this seems to be somehow OpenBSD related. Are you able to test on
> OpenBSD or are there any OpenBSD developers?
>
> Regards
> Henri
>
> --
> Henri Wahl
>
> IT Department
> Leibniz-Institut für Festkörper- u.
> Werkstoffforschung Dresden
>
> tel. (03 51) 46 59 - 797
> email: h.wahl at ifw-dresden.de
> http://www.ifw-dresden.de
>
> Nagios status monitor for your desktop:
> http://nagstamon.ifw-dresden.de
>
> IFW Dresden e.V., Helmholtzstraße 20, D-01069 Dresden
> VR Dresden Nr. 1369
> Vorstand: Prof. Dr. Ludwig Schultz, Dr. h.c. Dipl.-Finw. Rolf Pfrengle
>



-- 
Anoop Saldanha

More information about the Oisf-devel mailing list