[Oisf-users] Large BPF causes suricata to crash

Shane Boissevain shaneboissevain at gmail.com
Mon Jun 20 20:37:53 UTC 2016


Thanks for the speedy reply!

I already do condense as much as possible via IPSets in python, but thanks
for the heads up! :-)
Unfortunately, setting optmem_max all the way up to almost 2 gB via:

# sysctl net.core.optmem_max=2073741824

net.core.optmem_max = 2073741824

 didn't seem to change the behavior. Good to know it's not suricata...but
would there maybe be a different memory value i can increase in addition if
I (or someone else) *really* wanted to use a crazy huge BPF?

Thanks again,
~ Shane
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160620/7578c99e/attachment-0002.html>

More information about the Oisf-users mailing list