[Oisf-users] Suricata Lua API (stack overflow)

Peter Manev petermanev at gmail.com
Thu Oct 3 05:48:41 UTC 2019


On Fri, Sep 27, 2019 at 7:45 AM Shell_Xu <xuh881026 at gmail.com> wrote:
>
> HI, Suricata Team:
>
>     I tried to use Lua scripts to audit all HTTP traffic, but after the script runs for about 30 seconds, the program automatically exits and outputs the following message: PANIC: unprotected error in call to Lua API (stack overflow).Since I don't want to log all HTTP headers, I didn't enable the dump-all-headers option.Lua scripts were used to implement my needs.But obviously, I have a problem now, can anyone help me?
> Is this problem caused by Lua scripts unable to withstand HTTP traffic?
>
> Traffic 1.5Gbpps
> CPU: 1 CPU 36 core
> Memory: 60G
> Suricata 5.0.0-rc1
>
> My lua script code is in the attachment, please correct me my mistake, any help makes sense to me.
>


Hi,

You are running it on live traffic right?
Is it possible to share your conf and a pcap for that as well?
(after  a short glance)
What is the purpose of the script - you want to log each http
transaction substituting true client ip for src wherever available ?

Thank you



-- 
Regards,
Peter Manev


More information about the Oisf-users mailing list