[Oisf-users] suricata 2.0.1 segfault on nmap scan

Rogier Mars rogier at fortytwo.nl
Fri Jun 13 21:54:27 UTC 2014


Hi, 

I've been testing with suricata on a VM environment to test if I can use it in a production environment. While testing the IPS features I can repeatedly crash suricata with a core dump by running the following command: 

nmap -Pn -sS -A -f 192.168.100.35

Below the error message and the build-info. If you need more info please let me know and I will provide it. 

Kind regards, 

Rogier


Jun 13 23:41:37 ids kernel: Detect6[10431]: segfault at e ip 00000000004c6c97 sp 00007f29c75fd3e0 error 4 in suricata[400000+1d3000]

[root at ids rules]# suricata --build-info
This is Suricata version 2.0.1 RELEASE
Features: NFQ PCAP_SET_BUFF LIBPCAP_VERSION_MAJOR=1 AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK HAVE_NSS HAVE_LIBJANSSON PROFILING 
SIMD support: SSE_3 
Atomic intrisics: 1 2 4 8 16 byte(s)
64-bits, Little-endian architecture
GCC version 4.4.7 20120313 (Red Hat 4.4.7-4), C version 199901
L1 cache line size (CLS)=64
compiled with LibHTP v0.5.11, linked against LibHTP v0.5.11
Suricata Configuration:
  AF_PACKET support:                       yes
  PF_RING support:                         no
  NFQueue support:                         yes
  IPFW support:                            no
  DAG enabled:                             no
  Napatech enabled:                        no
  Unix socket enabled:                     yes
  Detection enabled:                       yes

  libnss support:                          yes
  libnspr support:                         yes
  libjansson support:                      yes
  Prelude support:                         no
  PCRE jit:                                no
  libluajit:                               no
  libgeoip:                                yes
  Non-bundled htp:                         no
  Old barnyard2 support:                   no
  CUDA enabled:                            no

  Suricatasc install:                      yes

  Unit tests enabled:                      no
  Debug output enabled:                    no
  Debug validation enabled:                no
  Profiling enabled:                       yes
  Profiling locks enabled:                 no
  Coccinelle / spatch:                     no

Generic build parameters:
  Installation prefix (--prefix):          /usr
  Configuration directory (--sysconfdir):  /etc/suricata/
  Log directory (--localstatedir) :        /var/log/suricata/

  Host:                                    x86_64-unknown-linux-gnu
  GCC binary:                              gcc
  GCC Protect enabled:                     no
  GCC march native enabled:                yes
  GCC Profile enabled:                     no
[root at ids rules]# 



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140613/c0168b24/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140613/c0168b24/attachment.pgp>


More information about the Oisf-users mailing list