[Oisf-users] Suricata can trigger a crash in recent kernel
Eric Leblond
eric at regit.org
Tue Nov 6 15:08:39 UTC 2012
Hello,
I would like to warn users that:
* run Suricata in AF_PACKET mode AND
* are using multiple capture threads per-interface
There is a recently introduced bug in AF_PACKET kernel code. If packet
fanout is used (multiple capture threads), then a oops can occur leading
to a crashed dead box.
The problem is kernel side and there is no way to fix it from userspace.
So the only ways to fix the issue are:
* Use a non vulnerable kernel (older)
* Use only one capture thread but this will degrade performance
* Fallback to another capture method
* Patch kernel with
http://marc.info/?l=linux-netdev&m=135220384520876&w=3
Some info about tested kernels:
* Vanilla kernel 3.6 and 3.7 are vulnerable
* Ubuntu 12.04 and ubuntu 12.10 default kernels are vulnerable
* Debian kernels seem not to be.
BR,
--
Eric Leblond <eric at regit.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20121106/5045ec75/attachment.pgp>
More information about the Oisf-users
mailing list