[Oisf-users] Error: Decode1[31747]: segfault at 7fc3fe85cc6f ip 00000000004f0de9 sp 00007fc2fe85c230 error 4 in suricata[400000+12f000]

Peter Manev petermanev at gmail.com
Tue Aug 2 09:12:32 UTC 2011 

On Mon, Aug 1, 2011 at 11:01 PM, Fernando Ortiz
<fernando.ortiz.f at gmail.com>wrote:

> The problem is not at startup, It runned find for about 30 seconds until it
> crashed with that error. I can't reproduce the error with the same
> conditions of traffic right now because I was testing the IPS in production
> environment which I can only work with pass midnight (still a good througput
> to test ~200Mbps)
>
> I will try reproducing the error with stress tools in the meantime. Thanks
> in advance
>
>
> 2011/8/1 Peter Manev <petermanev at gmail.com>
>
>>
>>
>> On Mon, Aug 1, 2011 at 7:54 PM, Will Metcalf <william.metcalf at gmail.com>wrote:
>>
>>> looks like a bug to me. Did this produce a core dump?  If so can you
>>> open a ticket and paste the output of...
>>>
>>> gdb /path/to/suri/bin core.file
>>> bt full
>>>
>>> If you don't have a core dump and you can reproduce the bug, having a
>>> packet capture and running suri with
>>>
>>> ulimit -c unlimited; /path/to/suri -c suricata.yaml <other opts>
>>>
>>> to get  a coredump would be helpful.
>>>
>>> On Mon, Aug 1, 2011 at 12:43 PM, Fernando Ortiz
>>> <fernando.ortiz.f at gmail.com> wrote:
>>> > Jul 29 04:49:05 ips1 kernel: Decode1[31747]: segfault at 7fc3fe85cc6f
>>> ip
>>> > 00000000004f0de9 sp 00007fc2fe85c230 error 4 in suricata[400000+12f000]
>>> > I don't know what this error means, but it happens when I change the
>>> > midstream option in suricata.yaml
>>> > // /etc/suricata/suricata.yaml
>>> >   memcap: 567554432
>>> >   max_sessions: 550000
>>> >   checksum_validation: no      # reject wrong csums
>>> > # midstream : false
>>> >   midstream : true
>>> >   async_oneside: true
>>> >   inline: yes                    # no inline mode
>>> > Not sure if it is a bug or something misconfigured at my side.
>>> >
>>> > _______________________________________________
>>> > Oisf-users mailing list
>>> > Oisf-users at openinfosecfoundation.org
>>> > http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>> >
>>> >
>>> _______________________________________________
>>> Oisf-users mailing list
>>> Oisf-users at openinfosecfoundation.org
>>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>>
>>
>>
>> I just made my config to exactly look like your changes - but Suri starts
>> fine, no problem.
>> 1.1beta2 (rev b3f7e6a)
>>
>> Thanks
>>
>>
>> --
>> Peter Manev
>>
>
>
>
> --
> Fernando Ortiz
> Twitter: http://twitter.com/FernandOrtizF
>
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> I just run it for the whole night - it didn't crash.
hmmm ...


-- 
Peter Manev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20110802/b098d2cf/attachment-0002.html>

More information about the Oisf-users mailing list