[Oisf-users] [EXT] Re: Packet loss and increased resource consumption after upgrade to 4.1.2 with Rust support

Cloherty, Sean E scloherty at mitre.org
Wed Feb 20 14:31:01 UTC 2019


So do this with 4.1.2, right?

-----Original Message-----
From: Peter Manev <petermanev at gmail.com> 
Sent: Wednesday, February 20, 2019 9:27 AM
To: Cloherty, Sean E <scloherty at mitre.org>
Cc: Eric Urban <eurban at umn.edu>; Open Information Security Foundation <oisf-users at lists.openinfosecfoundation.org>
Subject: Re: [EXT] Re: [Oisf-users] Packet loss and increased resource consumption after upgrade to 4.1.2 with Rust support

On Wed, Feb 20, 2019 at 3:01 PM Cloherty, Sean E <scloherty at mitre.org> wrote:
>
> Peter -
>
> * CentOS Linux release 7.6.1810 / 3.10.0-957.1.3.el7.x86_64 #1 SMP Thu 
> Nov 29 14:49:43 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
> * Rust is rust-1.30.0-x86_64
> * Hyperscan 4.7.0
> *Here is the full line I use to build Suricata -
>
> ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var 
> --with-libhs-libraries=/usr/local/lib/ 
> --with-libhs-includes=/usr/local/include/hs/ 
> --with-liblzma-includes=/usr/include/lzma/ 
> --with-liblzma-libraries=/usr/lib64/ --enable-gccprotect 
> --enable-geoip --enable-lua --enable-profiling --enable-pie 
> --enable-rust --enable-unix-socket
>

Can you remove "--enable-profiling" form the command line compile, reinstall  and rerun the test? (--enable-rust --enable-unix-socket should be done/checked  by default during build time) Curious if you could please  do that and feedback the results  with all Rust/protos enabled?

Thank you

> Thanks,
>
> Sean
>
> -----Original Message-----
> From: Peter Manev <petermanev at gmail.com>
> Sent: Wednesday, February 20, 2019 5:59 AM
> To: Cloherty, Sean E <scloherty at mitre.org>
> Cc: Eric Urban <eurban at umn.edu>; Open Information Security Foundation 
> <oisf-users at lists.openinfosecfoundation.org>
> Subject: Re: [EXT] Re: [Oisf-users] Packet loss and increased resource 
> consumption after upgrade to 4.1.2 with Rust support
>
> On Tue, Feb 19, 2019 at 1:12 AM Cloherty, Sean E <scloherty at mitre.org> wrote:
> >
> > When I compiled 4.0.6 on the previously 4.1.2 host, I used the same arguments including Rust.  I think all of the Rust parsers are disabled, but SMB is enabled.  In my case I’ve seen no packet loss in three days despite compiling with Rust.
> >
> >
>
> Interesting observation and feedback - thank you Sean Sould you please confirm what OS / rust version do you use?
>
> Thank you
>
>
> --
> Regards,
> Peter Manev



--
Regards,
Peter Manev


More information about the Oisf-users mailing list