[Oisf-users] Suricata Lua API (stack overflow)

Peter Manev petermanev at gmail.com
Thu Oct 3 05:48:41 UTC 2019

On Fri, Sep 27, 2019 at 7:45 AM Shell_Xu <xuh881026 at gmail.com> wrote:
> HI, Suricata Team:
>     I tried to use Lua scripts to audit all HTTP traffic, but after the script runs for about 30 seconds, the program automatically exits and outputs the following message: PANIC: unprotected error in call to Lua API (stack overflow).Since I don't want to log all HTTP headers, I didn't enable the dump-all-headers option.Lua scripts were used to implement my needs.But obviously, I have a problem now, can anyone help me?
> Is this problem caused by Lua scripts unable to withstand HTTP traffic?
> Traffic 1.5Gbpps
> CPU: 1 CPU 36 core
> Memory: 60G
> Suricata 5.0.0-rc1
> My lua script code is in the attachment, please correct me my mistake, any help makes sense to me.


You are running it on live traffic right?
Is it possible to share your conf and a pcap for that as well?
(after  a short glance)
What is the purpose of the script - you want to log each http
transaction substituting true client ip for src wherever available ?

Thank you

Peter Manev

More information about the Oisf-users mailing list