[Oisf-users] Last ET update broken on Hyperscan
Victor Julien
lists at inliniac.net
Wed Jul 19 08:19:39 UTC 2017
Quick heads up: yesterdays ET update breaks on Hyperscan. Not sure which
rule, or if it's Open or Pro only.
The error we get is:
[13021] 19/7/2017 -- 09:43:43 - (util-mpm-hs.c:684) <Error>
(SCHSPreparePatterns) -- [ERRCODE: SC_ERR_FATAL(171)] - failed to
compile hyperscan database
[13021] 19/7/2017 -- 09:43:43 - (util-mpm-hs.c:686) <Error>
(SCHSPreparePatterns) -- [ERRCODE: SC_ERR_FATAL(171)] - compile error:
Expression has max_offset=21 but requires 22 bytes to match.
After which Suricata crashes in a rule reload or quickly after start up.
As I'm not able to pinpoint the rule today I recommend delaying the
update for now, or switch to AC temporarily if you already updated:
--set mpm-algo=ac
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list