[Oisf-users] Error: Decode1[31747]: segfault at 7fc3fe85cc6f ip 00000000004f0de9 sp 00007fc2fe85c230 error 4 in suricata[400000+12f000]
Pablo
pablo.rincon.crespo at gmail.com
Tue Aug 2 10:26:20 UTC 2011
2011/8/2 Peter Manev <petermanev at gmail.com>:
>
>
> On Mon, Aug 1, 2011 at 11:01 PM, Fernando Ortiz <fernando.ortiz.f at gmail.com>
> wrote:
>>
>> The problem is not at startup, It runned find for about 30 seconds until
>> it crashed with that error. I can't reproduce the error with the same
>> conditions of traffic right now because I was testing the IPS in production
>> environment which I can only work with pass midnight (still a good througput
>> to test ~200Mbps)
>> I will try reproducing the error with stress tools in the meantime. Thanks
>> in advance
>>
>> 2011/8/1 Peter Manev <petermanev at gmail.com>
>>>
>>>
>>> On Mon, Aug 1, 2011 at 7:54 PM, Will Metcalf <william.metcalf at gmail.com>
>>> wrote:
>>>>
>>>> looks like a bug to me. Did this produce a core dump? If so can you
>>>> open a ticket and paste the output of...
>>>>
>>>> gdb /path/to/suri/bin core.file
>>>> bt full
>>>>
>>>> If you don't have a core dump and you can reproduce the bug, having a
>>>> packet capture and running suri with
>>>>
>>>> ulimit -c unlimited; /path/to/suri -c suricata.yaml <other opts>
>>>>
>>>> to get a coredump would be helpful.
>>>>
>>>> On Mon, Aug 1, 2011 at 12:43 PM, Fernando Ortiz
>>>> <fernando.ortiz.f at gmail.com> wrote:
>>>> > Jul 29 04:49:05 ips1 kernel: Decode1[31747]: segfault at 7fc3fe85cc6f
>>>> > ip
>>>> > 00000000004f0de9 sp 00007fc2fe85c230 error 4 in
>>>> > suricata[400000+12f000]
>>>> > I don't know what this error means, but it happens when I change the
>>>> > midstream option in suricata.yaml
>>>> > // /etc/suricata/suricata.yaml
>>>> > memcap: 567554432
>>>> > max_sessions: 550000
>>>> > checksum_validation: no # reject wrong csums
>>>> > # midstream : false
>>>> > midstream : true
>>>> > async_oneside: true
>>>> > inline: yes # no inline mode
>>>> > Not sure if it is a bug or something misconfigured at my side.
>>>> >
>>>> > _______________________________________________
>>>> > Oisf-users mailing list
>>>> > Oisf-users at openinfosecfoundation.org
>>>> > http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>>> >
>>>> >
>>>> _______________________________________________
>>>> Oisf-users mailing list
>>>> Oisf-users at openinfosecfoundation.org
>>>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>>
>>>
>>> I just made my config to exactly look like your changes - but Suri starts
>>> fine, no problem.
>>> 1.1beta2 (rev b3f7e6a)
>>>
>>> Thanks
>>>
>>>
>>> --
>>> Peter Manev
>>
>>
>>
>> --
>> Fernando Ortiz
>> Twitter: http://twitter.com/FernandOrtizF
>>
>>
>> _______________________________________________
>> Oisf-users mailing list
>> Oisf-users at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>
> I just run it for the whole night - it didn't crash.
> hmmm ...
>
>
> --
> Peter Manev
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
>
Hi Peter,
as of the output of the segfault, Fernando's box is 64bit arch. What
arch are you using? Also, consider that your traffic type and
throughtput will not be the same as Fernando's, so it can be normal
that it doesn't crash in your environment. I think we should wait to
see if Fernando can reproduce it and throw some light to the
conditions that trigger it.
--
Best regards,
--
Pablo Rincon
@PabloForThePPL
------------------------------------
More information about the Oisf-users
mailing list