[Oisf-users] Suricata 4.1.x possible memory leak (tcp.reassembly_memuse)

Michael Stone mstone at mathom.us
Wed Apr 1 13:22:58 UTC 2020


On Wed, Apr 01, 2020 at 08:35:26AM +0200, you wrote:
>I tried Rust 1.42 with the same result. So I reverted it back on default deb10
>1.34.2. Just for a test I put another 64GB RAM to the server (128GB total). I
>set stream.reassembly.memcap to 90GB. tcp.reassembly_memuse in this setup is
>between 75GB-90GB, sometimes even hits the reassembly memcap.
>Do you think that the new feature (rust with SMB parser) could cause such
>issue? Increasing tcp.reassembly_memuse from stable ~11GB on 4.0.5 (with much
>higher reassembly depth and flow timeouts) to unstable ~90GB on 4.1.7?

In my experience there were definite memory leaks in 4.1. 5.0 has 
improved the situation, but memory consumption is still much less 
predictable than 4.0.


More information about the Oisf-users mailing list