[Oisf-users] Error: Decode1[31747]: segfault at 7fc3fe85cc6f ip 00000000004f0de9 sp 00007fc2fe85c230 error 4 in suricata[400000+12f000]

Fernando Ortiz fernando.ortiz.f at gmail.com
Mon Aug 1 21:01:39 UTC 2011


The problem is not at startup, It runned find for about 30 seconds until it
crashed with that error. I can't reproduce the error with the same
conditions of traffic right now because I was testing the IPS in production
environment which I can only work with pass midnight (still a good througput
to test ~200Mbps)

I will try reproducing the error with stress tools in the meantime. Thanks
in advance


2011/8/1 Peter Manev <petermanev at gmail.com>

>
>
> On Mon, Aug 1, 2011 at 7:54 PM, Will Metcalf <william.metcalf at gmail.com>wrote:
>
>> looks like a bug to me. Did this produce a core dump?  If so can you
>> open a ticket and paste the output of...
>>
>> gdb /path/to/suri/bin core.file
>> bt full
>>
>> If you don't have a core dump and you can reproduce the bug, having a
>> packet capture and running suri with
>>
>> ulimit -c unlimited; /path/to/suri -c suricata.yaml <other opts>
>>
>> to get  a coredump would be helpful.
>>
>> On Mon, Aug 1, 2011 at 12:43 PM, Fernando Ortiz
>> <fernando.ortiz.f at gmail.com> wrote:
>> > Jul 29 04:49:05 ips1 kernel: Decode1[31747]: segfault at 7fc3fe85cc6f ip
>> > 00000000004f0de9 sp 00007fc2fe85c230 error 4 in suricata[400000+12f000]
>> > I don't know what this error means, but it happens when I change the
>> > midstream option in suricata.yaml
>> > // /etc/suricata/suricata.yaml
>> >   memcap: 567554432
>> >   max_sessions: 550000
>> >   checksum_validation: no      # reject wrong csums
>> > # midstream : false
>> >   midstream : true
>> >   async_oneside: true
>> >   inline: yes                    # no inline mode
>> > Not sure if it is a bug or something misconfigured at my side.
>> >
>> > _______________________________________________
>> > Oisf-users mailing list
>> > Oisf-users at openinfosecfoundation.org
>> > http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> >
>> >
>> _______________________________________________
>> Oisf-users mailing list
>> Oisf-users at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>
>
>
> I just made my config to exactly look like your changes - but Suri starts
> fine, no problem.
> 1.1beta2 (rev b3f7e6a)
>
> Thanks
>
>
> --
> Peter Manev
>



-- 
Fernando Ortiz
Twitter: http://twitter.com/FernandOrtizF
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20110801/ff316624/attachment-0002.html>


More information about the Oisf-users mailing list