Suricata

We are testing Suricata (2.0.6) in af-packet mode on a Fedora 21 system and had it crash this morning. The suricata service stopped running and did not come back.

Details:

$ uname -a

Linux ips.bigelow.org 3.17.4-301.fc21.x86_64 #1 SMP Thu Nov 27 19:09:10 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

$ rpm -qa | grep suricata

suricata-2.0.6-1.fc21.x86_64

Here is the segfault from /var/log/messages

$ sudo tail /var/log/messages

Mar  5 09:38:55 ips kernel: [151290.125455] Detect1[1596]: segfault at 4 ip 00007fde45cb331b sp 00007fde3d155470 error 4 in suricata[7fde45bd1000+201000]
Mar  5 09:38:55 ips [1579]: [Drop] [1:2003313:3] ET P2P Edonkey Connect Reply and Server List [Classification: Potential Corporate Privacy Violation] [Priority: 1] {UDP} 73.0.97.102:48602 -> 10.2.3.112:29792
Mar  5 09:38:55 ips kernel: Detect1[1596]: segfault at 4 ip 00007fde45cb331b sp 00007fde3d155470 error 4 in suricata[7fde45bd1000+201000]
Mar  5 09:39:38 ips kernel: [151333.103935] device enp4s0f0 left promiscuous mode
Mar  5 09:39:38 ips kernel: device enp4s0f0 left promiscuous mode
Mar  5 09:39:38 ips kernel: [151333.136983] device enp4s0f1 left promiscuous mode
Mar  5 09:39:38 ips kernel: device enp4s0f1 left promiscuous mode
Mar  5 09:39:38 ips systemd: suricata.service: main process exited, code=killed, status=11/SEGV
Mar  5 09:39:38 ips systemd: Unit suricata.service entered failed state.
Mar  5 09:39:38 ips systemd: suricata.service failed.

There is nothing in /var/log/suricata/suricata.log. The last detect in the /var/log/suricata/fast.log is the above drop for the Edonkey traffic.