[Oisf-users] meta-data crashes

Thu Nov 29 21:49:36 UTC 2018

> This is Suricata version 4.1.0 RELEASE
> Features: PCAP_SET_BUFF AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK PCRE_JIT HAVE_NSS HAVE_LIBJANSSON TLS MAGIC RUST
> SIMD support: SSE_4_2 SSE_4_1 SSE_3
> Atomic intrisics: 1 2 4 8 16 byte(s)
> 64-bits, Little-endian architecture
> GCC version 6.3.0 20170516, C version 199901
> compiled with _FORTIFY_SOURCE=0
> L1 cache line size (CLS)=64
> thread local storage method: __thread
> compiled with LibHTP v0.5.28, linked against LibHTP v0.5.25
>

This above seems a bit odd - "compiled with LibHTP v0.5.28, linked
against LibHTP v0.5.25"
4.1.0 should go with LibHTP 0.5.28 all the way , not linked against 0.5.25
Could you please update and redeploy and see if it makes a difference ?

Is there anything specific to your set up in terms of how you have
Suricata running  - on a VM/docker/HW ? What speeds are you looking at
?

> Suricata Configuration:
>   AF_PACKET support:                       yes
>   eBPF support:                            no
>   XDP support:                             no
>   PF_RING support:                         no
>   NFQueue support:                         no
>   NFLOG support:                           no
>   IPFW support:                            no
>   Netmap support:                          no
>   DAG enabled:                             no
>   Napatech enabled:                        no
>   WinDivert enabled:                       no
>
>   Unix socket enabled:                     yes
>   Detection enabled:                       yes
>
>   Libmagic support:                        yes
>   libnss support:                          yes
>   libnspr support:                         yes
>   libjansson support:                      yes
>   liblzma support:                         no
>   hiredis support:                         no
>   hiredis async with libevent:             no
>   Prelude support:                         no
>   PCRE jit:                                yes
>   LUA support:                             no
>   libluajit:                               no
>   libgeoip:                                no
>   Non-bundled htp:                         no
>   Old barnyard2 support:                   no
>   Hyperscan support:                       yes
>   Libnet support:                          yes
>   liblz4 support:                          yes
>
>   Rust support:                            yes (default)
>   Rust strict mode:                        no
>   Rust debug mode:                         no
>   Rust compiler:                           rustc 1.30.0 (da5f414c2 2018-10-24)
>   Rust cargo:                              cargo 1.30.0 (36d96825d 2018-10-24)
>
>   Suricatasc install:                      yes
>
>   Profiling enabled:                       no
>   Profiling locks enabled:                 no
>
> Development settings:
>   Coccinelle / spatch:                     no
>   Unit tests enabled:                      no
>   Debug output enabled:                    no
>   Debug validation enabled:                no
>
> Generic build parameters:
>   Installation prefix:                     /usr
>   Configuration directory:                 /etc/suricata/
>   Log directory:                           /var/log/suricata/
>
>   --prefix                                 /usr
>   --sysconfdir                             /etc
>   --localstatedir                          /var
>
>   Host:                                    x86_64-pc-linux-gnu
>   Compiler:                                gcc (exec name) / gcc (real)
>   GCC Protect enabled:                     no
>   GCC march native enabled:                yes
>   GCC Profile enabled:                     no
>   Position Independent Executable enabled: no
>   CFLAGS                                   -g -O2 -march=native -I${srcdir}/../rust/gen/c-headers
>   PCAP_CFLAGS                               -I/usr/include
>   SECCFLAGS

-- 
Regards,
Peter Manev