[Oisf-users] on upgrade to suricata 3.0 illegal instruction message
Jason Taylor
jtfas90 at gmail.com
Tue Feb 23 14:52:39 UTC 2016
Hi All,
We have successfully migrated 3.0RCx boxes to 3.0 (via rpm) and we are
using the rpm on new deployments with no issues.
That being said, when we are upgrading sensors from 2.1beta3 to 3.0GA
we are running into the following:
suricata -c /etc/nsm/testsense/suricata.yaml --af-packet=bond0
23/2/2016 -- 14:42:00 - <Notice> - This is Suricata version 3.0 RELEASE
23/2/2016 -- 14:42:00 - <Info> - CPUs/cores online: 40
Illegal instruction
gdb reveals:
Program received signal SIGILL, Illegal instruction.
0x0000555555585a56 in HTPRegisterPatternsForProtocolDetection () at
app-layer-htp.c:2729
2729 ALPROTO_HTTP, method_buffer,
strlen(method_buffer)-3, 0, STREAM_TOSERVER);
from app-layer-htp.c:2729
*/
register_result =
AppLayerProtoDetectPMRegisterPatternCS(IPPROTO_TCP,
ALPROTO_HTTP, method_buffer,
strlen(method_buffer)-3, 0, STREAM_TOSERVER);
if (register_result < 0) {
return -1;
}
}
The spec file that builds the 3.0 rpm does the following:
%configure --prefix=%{_prefix} --sysconfdir=%{_sysconfdir}
--localstatedir=%{_localstatedir} --enable-af-packet
--enable-gccprotect --enable-unix-socket --enable-pie
make %{?_smp_mflags}
%install
make DESTDIR="%{buildroot}" "bindir=%{_sbindir}" install
$(which suricata) -V
This is Suricata version 3.0 RELEASE
$ ldd $(which suricata)
linux-vdso.so.1 => (0x00007fff7c73a000)
libhtp-0.5.18.so.1 => /lib64/libhtp-0.5.18.so.1 (0x00007f95dc9ba000)
libz.so.1 => /lib64/libz.so.1 (0x00007f95dc7a4000)
libmagic.so.1 => /lib64/libmagic.so.1 (0x00007f95dc587000)
libcap-ng.so.0 => /lib64/libcap-ng.so.0 (0x00007f95dc382000)
libpcap.so.1 => /lib64/libpcap.so.1 (0x00007f95dc141000)
libnet.so.1 => /lib64/libnet.so.1 (0x00007f95dbf26000)
libjansson.so.4 => /lib64/libjansson.so.4 (0x00007f95dbd1a000)
libyaml-0.so.2 => /lib64/libyaml-0.so.2 (0x00007f95dbafa000)
libpcre.so.1 => /lib64/libpcre.so.1 (0x00007f95db898000)
libssl3.so => /lib64/libssl3.so (0x00007f95db65a000)
libsmime3.so => /lib64/libsmime3.so (0x00007f95db433000)
libnss3.so => /lib64/libnss3.so (0x00007f95db10d000)
libnssutil3.so => /lib64/libnssutil3.so (0x00007f95daee1000)
libplds4.so => /lib64/libplds4.so (0x00007f95dacdd000)
libplc4.so => /lib64/libplc4.so (0x00007f95daad7000)
libnspr4.so => /lib64/libnspr4.so (0x00007f95da899000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f95da67d000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f95da478000)
libc.so.6 => /lib64/libc.so.6 (0x00007f95da0b7000)
/lib64/ld-linux-x86-64.so.2 (0x00007f95dd058000)
librt.so.1 => /lib64/librt.so.1 (0x00007f95d9eae000)
the upgrade process has so far been:
- suricata processes are all stopped
- make uninstall is run from the original source version suricata installed
- yum install suricata 3.0 rpm
thanks in advance for any help.
JT
More information about the Oisf-users
mailing list