[Oisf-users] Crash in 4.0.5 when receiving packets
Serge Malev
smalev at hotmail.com
Fri Aug 3 07:06:52 UTC 2018
This helped. Thank you.
________________________________
From: Oisf-users <oisf-users-bounces at lists.openinfosecfoundation.org> on behalf of Victor Julien <lists at inliniac.net>
Sent: Friday, August 3, 2018 4:02 PM
To: oisf-users at lists.openinfosecfoundation.org
Subject: Re: [Oisf-users] Crash in 4.0.5 when receiving packets
Ubuntu had released a broken libjansson upgrade yesterday, but it should
be fixed if you upgrade again to 2.5-2ubuntu0.2
# dpkg --list libjansson*
...
ii libjansson4:i386 2.5-2ubuntu0.2
i386 C library for encoding, decoding and
manipulating JSON data
Simply another apt update && apt upgrade should fix it.
See: https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fredmine.openinfosecfoundation.org%2Fissues%2F2560&data=02%7C01%7C%7C28e2f7303c8040cc0bdf08d5f908164d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636688735480209165&sdata=wJRuwzksmujlWgpmG5ueHbKV1uqPPS%2BkJaAI%2FmU4EqQ%3D&reserved=0
On 03-08-18 03:27, Peter Fyon wrote:
> I'm on Ubuntu 14.04 in IPS mode using af_packet.
>
> On Thu, Aug 2, 2018, 9:04 PM Peter Manev <petermanev at gmail.com
> <mailto:petermanev at gmail.com>> wrote:
>
>
>
> On 3 Aug 2018, at 01:26, Serge Malev <smalev at hotmail.com
> <mailto:smalev at hotmail.com>> wrote:
>
>> I am having the same problem. Suricata tries to restart every 5
>> minutes and crashes with the same error.
>>
>>
>
> Hi,
>
> Are you using IDS or IPS mode?
>
> Thank you
>
>>
>>
>>
>> ------------------------------------------------------------------------
>> *From:* Oisf-users
>> <oisf-users-bounces at lists.openinfosecfoundation.org
>> <mailto:oisf-users-bounces at lists.openinfosecfoundation.org>> on
>> behalf of Peter Fyon <peter.fyon at gmail.com
>> <mailto:peter.fyon at gmail.com>>
>> *Sent:* Friday, August 3, 2018 8:56 AM
>> *To:* oisf-users at lists.openinfosecfoundation.org
>> <mailto:oisf-users at lists.openinfosecfoundation.org>
>> *Subject:* [Oisf-users] Crash in 4.0.5 when receiving packets
>>
>> Hey suricata users,
>>
>> I upgraded suricata from 4.0.4 to 4.0.5 using the ppa last night
>> and now suricata crashes when it (presumably) receives its first
>> packet. I say presumably because if I physically bypass suricata,
>> it doesn't crash. When I put it back inline, it crashes.
>>
>> When I start it with:
>> /usr/bin/suricata -c /etc/suricata/suricata.yaml --pidfile
>> /var/run/suricata.pid --af-packet -vvv
>>
>> It dies and spits the following to stdout:
>> suricata: dump.c:337: do_dump: Assertion `value' failed.
>>
>> Nothing has changed in my config between 4.0.4 and 4.0.5.
>>
>> Peter
>> _______________________________________________
>> Suricata IDS Users mailing list:
>> oisf-users at openinfosecfoundation.org
>> <mailto:oisf-users at openinfosecfoundation.org>
>> Site: https://eur04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsuricata-ids.org&data=02%7C01%7C%7C28e2f7303c8040cc0bdf08d5f908164d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636688735480209165&sdata=uJReSVXwVSz%2FnvLuzBH%2B7jhOFz0i7hOKBGdRSmnZZBQ%3D&reserved=0 | Support:
>> https://eur04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsuricata-ids.org%2Fsupport%2F&data=02%7C01%7C%7C28e2f7303c8040cc0bdf08d5f908164d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636688735480209165&sdata=0TICuzhkTCPX%2F4B20k%2FBks%2Bk7z%2Fvruv1VTu6AQpVQ0Y%3D&reserved=0
>> List:
>> https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.openinfosecfoundation.org%2Fmailman%2Flistinfo%2Foisf-users&data=02%7C01%7C%7C28e2f7303c8040cc0bdf08d5f908164d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636688735480209165&sdata=wZmXqIyYWwQDbgp%2FRU47rzgZjhxUt1Nro60Nfbte9Vs%3D&reserved=0
>>
>> Conference: https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsuricon.net&data=02%7C01%7C%7C28e2f7303c8040cc0bdf08d5f908164d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636688735480209165&sdata=b6Dax0%2FJweRKgkUEKphUSgm9GzUyiKa8pf1%2B9zPRUJE%3D&reserved=0
>> Trainings: https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsuricata-ids.org%2Ftraining%2F&data=02%7C01%7C%7C28e2f7303c8040cc0bdf08d5f908164d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636688735480209165&sdata=wytRAYt%2FdbVvAyINRhKNvNDtlhDUq%2BS%2FnRWJ%2FBpeilo%3D&reserved=0
>
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: https://eur04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsuricata-ids.org&data=02%7C01%7C%7C28e2f7303c8040cc0bdf08d5f908164d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636688735480209165&sdata=uJReSVXwVSz%2FnvLuzBH%2B7jhOFz0i7hOKBGdRSmnZZBQ%3D&reserved=0 | Support: https://eur04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsuricata-ids.org%2Fsupport%2F&data=02%7C01%7C%7C28e2f7303c8040cc0bdf08d5f908164d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636688735480209165&sdata=0TICuzhkTCPX%2F4B20k%2FBks%2Bk7z%2Fvruv1VTu6AQpVQ0Y%3D&reserved=0
> List: https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.openinfosecfoundation.org%2Fmailman%2Flistinfo%2Foisf-users&data=02%7C01%7C%7C28e2f7303c8040cc0bdf08d5f908164d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636688735480209165&sdata=wZmXqIyYWwQDbgp%2FRU47rzgZjhxUt1Nro60Nfbte9Vs%3D&reserved=0
>
> Conference: https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsuricon.net&data=02%7C01%7C%7C28e2f7303c8040cc0bdf08d5f908164d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636688735480209165&sdata=b6Dax0%2FJweRKgkUEKphUSgm9GzUyiKa8pf1%2B9zPRUJE%3D&reserved=0
> Trainings: https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsuricata-ids.org%2Ftraining%2F&data=02%7C01%7C%7C28e2f7303c8040cc0bdf08d5f908164d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636688735480209165&sdata=wytRAYt%2FdbVvAyINRhKNvNDtlhDUq%2BS%2FnRWJ%2FBpeilo%3D&reserved=0
>
--
---------------------------------------------
Victor Julien
https://eur04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.inliniac.net%2F&data=02%7C01%7C%7C28e2f7303c8040cc0bdf08d5f908164d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636688735480209165&sdata=9F0zsPHZi50oDnlwTuiCqBTkO9b%2F65K%2FoTvSVwpC1Pk%3D&reserved=0
PGP: https://eur04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.inliniac.net%2Fvictorjulien.asc&data=02%7C01%7C%7C28e2f7303c8040cc0bdf08d5f908164d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636688735480209165&sdata=NNVsx5Tgkcv0fijh5E%2BTKb79sYacWs7ehqnNTIBaZeg%3D&reserved=0
---------------------------------------------
_______________________________________________
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: https://eur04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsuricata-ids.org&data=02%7C01%7C%7C28e2f7303c8040cc0bdf08d5f908164d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636688735480209165&sdata=uJReSVXwVSz%2FnvLuzBH%2B7jhOFz0i7hOKBGdRSmnZZBQ%3D&reserved=0 | Support: https://eur04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsuricata-ids.org%2Fsupport%2F&data=02%7C01%7C%7C28e2f7303c8040cc0bdf08d5f908164d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636688735480209165&sdata=0TICuzhkTCPX%2F4B20k%2FBks%2Bk7z%2Fvruv1VTu6AQpVQ0Y%3D&reserved=0
List: https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.openinfosecfoundation.org%2Fmailman%2Flistinfo%2Foisf-users&data=02%7C01%7C%7C28e2f7303c8040cc0bdf08d5f908164d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636688735480209165&sdata=wZmXqIyYWwQDbgp%2FRU47rzgZjhxUt1Nro60Nfbte9Vs%3D&reserved=0
Conference: https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsuricon.net&data=02%7C01%7C%7C28e2f7303c8040cc0bdf08d5f908164d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636688735480209165&sdata=b6Dax0%2FJweRKgkUEKphUSgm9GzUyiKa8pf1%2B9zPRUJE%3D&reserved=0
Trainings: https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsuricata-ids.org%2Ftraining%2F&data=02%7C01%7C%7C28e2f7303c8040cc0bdf08d5f908164d%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636688735480209165&sdata=wytRAYt%2FdbVvAyINRhKNvNDtlhDUq%2BS%2FnRWJ%2FBpeilo%3D&reserved=0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180803/0304510c/attachment-0001.html>
More information about the Oisf-users
mailing list