[Oisf-users] Large BPF causes suricata to crash
Cooper F. Nelson
cnelson at ucsd.edu
Mon Jun 20 21:30:19 UTC 2016
I dunno, Linux packet filters are documented here:
> https://www.kernel.org/doc/Documentation/networking/filter.txt
You could try asking on the linux-net list: linux-net at vger.kernel.org
-Coop
On 6/20/2016 1:37 PM, Shane Boissevain wrote:
> Cooper,
>
> Thanks for the speedy reply!
>
> I already do condense as much as possible via IPSets in python, but thanks
> for the heads up! :-)
> Unfortunately, setting optmem_max all the way up to almost 2 gB via:
>
> # sysctl net.core.optmem_max=2073741824
>
> net.core.optmem_max = 2073741824
>
>
> didn't seem to change the behavior. Good to know it's not suricata...but
> would there maybe be a different memory value i can increase in addition if
> I (or someone else) *really* wanted to use a crazy huge BPF?
>
> Thanks again,
> ~ Shane
>
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 9-11 in Washington, DC: http://oisfevents.net
>
--
Cooper Nelson
Network Security Analyst
UCSD ITS Security Team
cnelson at ucsd.edu x41042
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160620/78c36148/attachment-0002.sig>
More information about the Oisf-users
mailing list