[Oisf-users] Problem with new app-layer parser config?

Anoop Saldanha anoopsaldanha at gmail.com
Fri Oct 4 03:54:03 UTC 2013


Cooper,

Wrt to the crash, you can track it here -

https://redmine.openinfosecfoundation.org/issues/989

Can you open a bug for the "Duplicate PP message"?  We will be having
more changes made to the the dns side of configuration shortly.

On Fri, Oct 4, 2013 at 9:06 AM, Cooper F. Nelson <cnelson at ucsd.edu> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Found another bug.  Suricata crashes after all the AF_PACKET threads are
> initialized with this error:
>
>> [5283] 4/10/2013 -- 03:34:27 - (app-layer-htp.c:758) <Error> (HTPHandleResponseData) -- [ERRCODE: SC_ERR_ALPARSER(59)] - HTP state has no connp
>
> On 10/3/2013 8:17 PM, Cooper F. Nelson wrote:
>> I was able to fix this by disabling the dnstcp parser.
>>
>> On 10/3/2013 8:09 PM, Cooper F. Nelson wrote:
>>> See subject.  Just built the latest dev. release and updated by
>>> suricata.yaml as needed; but am getting this error now.  Any idea what
>>> the issue is?
>>
>>>> [25017] 4/10/2013 -- 03:06:14 - (util-cpu.c:170) <Info> (UtilCpuPrintSummary) -- CPUs/cores online: 16
>>>> [25017] 4/10/2013 -- 03:06:14 - (suricata.c:818) <Info> (IsRuleReloadSet) -- Live rule reloads enabled
>>>> [25017] 4/10/2013 -- 03:06:14 - (app-layer-parser.c:2194) <Error> (AppLayerInsertNewProbingParser) -- [ERRCODE: SC_ERR_ALPARSER(59)] - Duplicate pp registered
>>
>>> I checked for duplicates and there didn't see to be any obvious ones.
>>> _______________________________________________
>>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>> OISF: http://www.openinfosecfoundation.org/
>>
>>
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> OISF: http://www.openinfosecfoundation.org/
>>
>
> - --
> Cooper Nelson
> Network Security Analyst
> UCSD ACT Security Team
> cnelson at ucsd.edu x41042
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQEcBAEBAgAGBQJSTjegAAoJEKIFRYQsa8FW9kYH/ihTKoB/EkCh30KWrpGjD3um
> VvBlhQKWwqKldq/8eIAdA2QbD+is299k3PNPaA+wtjzhwLRgofEoluH2QtaSo3Eu
> wusx3xchCKeke5z4GgHaGYnAC7u+dv9XWIvjLv7yKKoLK0yU2ycbcDv9kOOpzHOo
> MCjesDtjDMBTKSFx/V4iwjMDulC+H3Hue0cgRs+49yw6fRBz4CNpnwmR5wEimC8n
> Q8R/4PB8DRbikTfv275aLhfjkK3ZeWdB3ImGEeoSbAGs99tFtWsBtnmScfxzjZzp
> Zkv6BDZ15zFhEVyoiYqrzA3DpKO2/3Ug11eblNnNVwZumBXKQA7cwp1MHcvGrog=
> =2kdT
> -----END PGP SIGNATURE-----



-- 
-------------------------------
Anoop Saldanha
http://www.poona.me
-------------------------------



More information about the Oisf-users mailing list