Actions
Bug #1589
closedCannot run nfq in workers mode
Affected Versions:
Effort:
Difficulty:
Label:
Description
# uname -rm 3.2.71-main-grsec-spoofy x86_64 (without PaX)
# suricata --build-info This is Suricata version 2.1dev (rev 86711a1) Features: NFQ PCAP_SET_BUFF LIBPCAP_VERSION_MAJOR=1 PF_RING AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK HAVE_NSS HAVE_LUA HAVE_LUAJIT HAVE_LIBJANSSON PROFILING TLS SIMD support: SSE_4_2 SSE_4_1 SSE_3 Atomic intrisics: 1 2 4 8 16 byte(s) 64-bits, Little-endian architecture GCC version 4.6.3, C version 199901 compiled with -fstack-protector compiled with _FORTIFY_SOURCE=2 L1 cache line size (CLS)=64 thread local storage method: __thread compiled with LibHTP v0.5.18, linked against LibHTP v0.5.18 Suricata Configuration: AF_PACKET support: yes PF_RING support: yes NFQueue support: yes NFLOG support: no IPFW support: no Netmap support: no DAG enabled: no Napatech enabled: no Unix socket enabled: yes Detection enabled: yes libnss support: yes libnspr support: yes libjansson support: yes hiredis support: no Prelude support: no PCRE jit: no LUA support: yes, through luajit libluajit: yes libgeoip: yes Non-bundled htp: no Old barnyard2 support: no CUDA enabled: no Suricatasc install: yes Unit tests enabled: no Debug output enabled: no Debug validation enabled: no Profiling enabled: yes Profiling locks enabled: no Coccinelle / spatch: no Generic build parameters: Installation prefix: /usr Configuration directory: /etc/suricata/ Log directory: /var/log/suricata/ --prefix /usr --sysconfdir /etc --localstatedir /var Host: x86_64-unknown-linux-gnu Compiler: gcc (exec name) / gcc (real) GCC Protect enabled: no GCC march native enabled: yes GCC Profile enabled: no Position Independent Executable enabled: no CFLAGS -g -O2 -march=native PCAP_CFLAGS -I/usr/include SECCFLAGS
(Apologize for the mess in configuration file)
Run with workers mode:
# /usr/bin/suricata -c /etc/suricata/suricata.yaml --pidfile /var/run/suricata.pid -q 1 -D --runmode workers
# cat /var/log/suricata.log [29933] 4/11/2015 -- 15:38:52 - (suricata.c:1073) <Notice> (SCPrintVersion) -- This is Suricata version 2.1dev (rev 86711a1) [29933] 4/11/2015 -- 15:38:52 - (util-cpu.c:170) <Info> (UtilCpuPrintSummary) -- CPUs/cores online: 8 [29933] 4/11/2015 -- 15:38:52 - (app-layer-htp.c:2255) <Info> (HTPConfigSetDefaultsPhase2) -- 'default' server has 'request-body-minimal-inspect-size' set to 33882 and 'request-body-inspect-window' set to 4053 after randomization. [29933] 4/11/2015 -- 15:38:52 - (app-layer-htp.c:2270) <Info> (HTPConfigSetDefaultsPhase2) -- 'default' server has 'response-body-minimal-inspect-size' set to 33695 and 'response-body-inspect-window' set to 4218 after randomization. [29933] 4/11/2015 -- 15:38:52 - (app-layer-htp.c:2255) <Info> (HTPConfigSetDefaultsPhase2) -- 'apache' server has 'request-body-minimal-inspect-size' set to 34116 and 'request-body-inspect-window' set to 3973 after randomization. [29933] 4/11/2015 -- 15:38:52 - (app-layer-htp.c:2270) <Info> (HTPConfigSetDefaultsPhase2) -- 'apache' server has 'response-body-minimal-inspect-size' set to 32229 and 'response-body-inspect-window' set to 4205 after randomization. [29933] 4/11/2015 -- 15:38:52 - (app-layer-htp.c:2255) <Info> (HTPConfigSetDefaultsPhase2) -- 'iis7' server has 'request-body-minimal-inspect-size' set to 32040 and 'request-body-inspect-window' set to 4118 after randomization. [29933] 4/11/2015 -- 15:38:52 - (app-layer-htp.c:2270) <Info> (HTPConfigSetDefaultsPhase2) -- 'iis7' server has 'response-body-minimal-inspect-size' set to 32694 and 'response-body-inspect-window' set to 4148 after randomization. [29933] 4/11/2015 -- 15:38:52 - (app-layer-dns-udp.c:337) <Info> (DNSUDPConfigure) -- DNS request flood protection level: 500 [29933] 4/11/2015 -- 15:38:52 - (app-layer-dns-udp.c:349) <Info> (DNSUDPConfigure) -- DNS per flow memcap (state-memcap): 524288 [29933] 4/11/2015 -- 15:38:52 - (app-layer-dns-udp.c:361) <Info> (DNSUDPConfigure) -- DNS global memcap: 16777216 [29933] 4/11/2015 -- 15:38:52 - (app-layer-modbus.c:1457) <Info> (RegisterModbusParsers) -- Modbus request flood protection level: 500 [29933] 4/11/2015 -- 15:38:52 - (source-nfq.c:286) <Info> (NFQInitConfig) -- NFQ running in standard ACCEPT/DROP mode [29933] 4/11/2015 -- 15:38:52 - (defrag-hash.c:209) <Info> (DefragInitConfig) -- allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56 [29933] 4/11/2015 -- 15:38:52 - (defrag-hash.c:234) <Info> (DefragInitConfig) -- preallocated 65535 defrag trackers of size 168 [29933] 4/11/2015 -- 15:38:52 - (defrag-hash.c:241) <Info> (DefragInitConfig) -- defrag memory usage: 14679896 bytes, maximum: 33554432 [29933] 4/11/2015 -- 15:38:52 - (tmqh-flow.c:76) <Info> (TmqhFlowRegister) -- AutoFP mode using default "Active Packets" flow load balancer [29934] 4/11/2015 -- 15:38:52 - (host.c:215) <Info> (HostInitConfig) -- allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64 [29934] 4/11/2015 -- 15:38:52 - (host.c:238) <Info> (HostInitConfig) -- preallocated 1000 hosts of size 136 [29934] 4/11/2015 -- 15:38:52 - (host.c:240) <Info> (HostInitConfig) -- host memory usage: 398144 bytes, maximum: 16777216 [29934] 4/11/2015 -- 15:38:52 - (flow.c:441) <Info> (FlowInitConfig) -- allocated 4194304 bytes of memory for the flow hash... 65536 buckets of size 64 [29934] 4/11/2015 -- 15:38:52 - (flow.c:465) <Info> (FlowInitConfig) -- preallocated 10000 flows of size 288 [29934] 4/11/2015 -- 15:38:52 - (flow.c:467) <Info> (FlowInitConfig) -- flow memory usage: 7074304 bytes, maximum: 67108864 [29934] 4/11/2015 -- 15:38:52 - (stream-tcp.c:377) <Info> (StreamTcpInitConfig) -- stream "prealloc-sessions": 2048 (per thread) [29934] 4/11/2015 -- 15:38:52 - (stream-tcp.c:393) <Info> (StreamTcpInitConfig) -- stream "memcap": 33554432 [29934] 4/11/2015 -- 15:38:52 - (stream-tcp.c:399) <Info> (StreamTcpInitConfig) -- stream "midstream" session pickups: disabled [29934] 4/11/2015 -- 15:38:52 - (stream-tcp.c:405) <Info> (StreamTcpInitConfig) -- stream "async-oneside": disabled [29934] 4/11/2015 -- 15:38:52 - (stream-tcp.c:422) <Info> (StreamTcpInitConfig) -- stream "checksum-validation": enabled [29934] 4/11/2015 -- 15:38:52 - (stream-tcp.c:444) <Info> (StreamTcpInitConfig) -- stream."inline": enabled [29934] 4/11/2015 -- 15:38:52 - (stream-tcp.c:457) <Info> (StreamTcpInitConfig) -- stream "max-synack-queued": 5 [29934] 4/11/2015 -- 15:38:52 - (stream-tcp.c:475) <Info> (StreamTcpInitConfig) -- stream.reassembly "memcap": 134217728 [29934] 4/11/2015 -- 15:38:52 - (stream-tcp.c:493) <Info> (StreamTcpInitConfig) -- stream.reassembly "depth": 1048576 [29934] 4/11/2015 -- 15:38:52 - (stream-tcp.c:576) <Info> (StreamTcpInitConfig) -- stream.reassembly "toserver-chunk-size": 2581 [29934] 4/11/2015 -- 15:38:52 - (stream-tcp.c:578) <Info> (StreamTcpInitConfig) -- stream.reassembly "toclient-chunk-size": 2643 [29934] 4/11/2015 -- 15:38:52 - (stream-tcp.c:591) <Info> (StreamTcpInitConfig) -- stream.reassembly.raw: enabled [29934] 4/11/2015 -- 15:38:52 - (stream-tcp-reassemble.c:451) <Info> (StreamTcpReassemblyConfig) -- segment pool: pktsize 4, prealloc 256 [29934] 4/11/2015 -- 15:38:52 - (stream-tcp-reassemble.c:451) <Info> (StreamTcpReassemblyConfig) -- segment pool: pktsize 16, prealloc 512 [29934] 4/11/2015 -- 15:38:52 - (stream-tcp-reassemble.c:451) <Info> (StreamTcpReassemblyConfig) -- segment pool: pktsize 112, prealloc 512 [29934] 4/11/2015 -- 15:38:52 - (stream-tcp-reassemble.c:451) <Info> (StreamTcpReassemblyConfig) -- segment pool: pktsize 248, prealloc 512 [29934] 4/11/2015 -- 15:38:52 - (stream-tcp-reassemble.c:451) <Info> (StreamTcpReassemblyConfig) -- segment pool: pktsize 512, prealloc 512 [29934] 4/11/2015 -- 15:38:52 - (stream-tcp-reassemble.c:451) <Info> (StreamTcpReassemblyConfig) -- segment pool: pktsize 768, prealloc 1024 [29934] 4/11/2015 -- 15:38:52 - (stream-tcp-reassemble.c:451) <Info> (StreamTcpReassemblyConfig) -- segment pool: pktsize 1448, prealloc 1024 [29934] 4/11/2015 -- 15:38:52 - (stream-tcp-reassemble.c:451) <Info> (StreamTcpReassemblyConfig) -- segment pool: pktsize 65535, prealloc 128 [29934] 4/11/2015 -- 15:38:52 - (stream-tcp-reassemble.c:487) <Info> (StreamTcpReassemblyConfig) -- stream.reassembly "chunk-prealloc": 250 [29934] 4/11/2015 -- 15:38:52 - (stream-tcp-reassemble.c:500) <Info> (StreamTcpReassemblyConfig) -- stream.reassembly "zero-copy-size": 128 [29934] 4/11/2015 -- 15:38:52 - (ippair.c:211) <Info> (IPPairInitConfig) -- allocated 262144 bytes of memory for the ippair hash... 4096 buckets of size 64 [29934] 4/11/2015 -- 15:38:52 - (ippair.c:234) <Info> (IPPairInitConfig) -- preallocated 1000 ippairs of size 136 [29934] 4/11/2015 -- 15:38:52 - (ippair.c:236) <Info> (IPPairInitConfig) -- ippair memory usage: 398144 bytes, maximum: 16777216 [29934] 4/11/2015 -- 15:38:52 - (util-magic.c:62) <Info> (MagicInit) -- using magic-file /usr/share/file/magic [29934] 4/11/2015 -- 15:38:52 - (suricata.c:1942) <Info> (SetupDelayedDetect) -- Delayed detect disabled [29934] 4/11/2015 -- 15:38:52 - (reputation.c:620) <Info> (SRepInit) -- IP reputation disabled [29934] 4/11/2015 -- 15:38:52 - (util-profiling-keywords.c:387) <Info> (SCProfilingKeywordInitCounters) -- Registered 111 keyword profiling counters. [29934] 4/11/2015 -- 15:38:52 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/local.rules [29934] 4/11/2015 -- 15:38:52 - (detect.c:424) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /etc/suricata/rules/local.rules [29934] 4/11/2015 -- 15:38:52 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/botcc.rules [29934] 4/11/2015 -- 15:38:52 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/ciarmy.rules [29934] 4/11/2015 -- 15:38:52 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/compromised.rules [29934] 4/11/2015 -- 15:38:52 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/drop.rules [29934] 4/11/2015 -- 15:38:52 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/dshield.rules [29934] 4/11/2015 -- 15:38:52 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-activex.rules [29934] 4/11/2015 -- 15:38:52 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-attack_response.rules [29934] 4/11/2015 -- 15:38:52 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-chat.rules [29934] 4/11/2015 -- 15:38:52 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-current_events.rules [29934] 4/11/2015 -- 15:38:52 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-dns.rules [29934] 4/11/2015 -- 15:38:52 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-dos.rules [29934] 4/11/2015 -- 15:38:52 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-exploit.rules [29934] 4/11/2015 -- 15:38:52 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-ftp.rules [29934] 4/11/2015 -- 15:38:52 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-games.rules [29934] 4/11/2015 -- 15:38:52 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-icmp_info.rules [29934] 4/11/2015 -- 15:38:52 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-imap.rules [29934] 4/11/2015 -- 15:38:52 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-inappropriate.rules [29934] 4/11/2015 -- 15:38:52 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-malware.rules [29934] 4/11/2015 -- 15:38:52 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-misc.rules [29934] 4/11/2015 -- 15:38:53 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-mobile_malware.rules [29934] 4/11/2015 -- 15:38:53 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-netbios.rules [29934] 4/11/2015 -- 15:38:53 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-p2p.rules [29934] 4/11/2015 -- 15:38:53 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-policy.rules [29934] 4/11/2015 -- 15:38:54 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-pop3.rules [29934] 4/11/2015 -- 15:38:54 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-rpc.rules [29934] 4/11/2015 -- 15:38:54 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-scada.rules [29934] 4/11/2015 -- 15:38:54 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-scan.rules [29934] 4/11/2015 -- 15:38:54 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-shellcode.rules [29934] 4/11/2015 -- 15:38:54 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-smtp.rules [29934] 4/11/2015 -- 15:38:54 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-snmp.rules [29934] 4/11/2015 -- 15:38:54 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-sql.rules [29934] 4/11/2015 -- 15:38:54 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-telnet.rules [29934] 4/11/2015 -- 15:38:54 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-tftp.rules [29934] 4/11/2015 -- 15:38:54 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-trojan.rules [29934] 4/11/2015 -- 15:38:54 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-user_agents.rules [29934] 4/11/2015 -- 15:38:54 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-voip.rules [29934] 4/11/2015 -- 15:38:54 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-web_client.rules [29934] 4/11/2015 -- 15:38:54 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-web_server.rules [29934] 4/11/2015 -- 15:38:54 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-web_specific_apps.rules [29934] 4/11/2015 -- 15:38:56 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-worm.rules [29934] 4/11/2015 -- 15:38:56 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/tor.rules [29934] 4/11/2015 -- 15:38:56 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/decoder-events.rules [29934] 4/11/2015 -- 15:38:56 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/stream-events.rules [29934] 4/11/2015 -- 15:38:56 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/http-events.rules [29934] 4/11/2015 -- 15:38:56 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/smtp-events.rules [29934] 4/11/2015 -- 15:38:56 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/dns-events.rules [29934] 4/11/2015 -- 15:38:56 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/tls-events.rules [29934] 4/11/2015 -- 15:38:56 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/modbus-events.rules [29934] 4/11/2015 -- 15:38:56 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /etc/suricata/rules/app-layer-events.rules [29934] 4/11/2015 -- 15:38:56 - (detect.c:523) <Info> (SigLoadSignatures) -- 50 rule files processed. 17234 rules successfully loaded, 0 rules failed [29934] 4/11/2015 -- 15:38:56 - (detect.c:2987) <Info> (SigAddressPrepareStage1) -- 17242 signatures processed. 880 are IP-only rules, 6503 are inspecting packet payload, 12990 inspect application layer, 72 are decoder event only [29934] 4/11/2015 -- 15:38:56 - (detect.c:2990) <Info> (SigAddressPrepareStage1) -- building signature grouping structure, stage 1: preprocessing rules... complete [29934] 4/11/2015 -- 15:38:56 - (detect.c:3623) <Info> (SigAddressPrepareStage2) -- building signature grouping structure, stage 2: building source address list... complete [29934] 4/11/2015 -- 15:38:57 - (detect.c:4148) <Info> (SigAddressPrepareStage3) -- building signature grouping structure, stage 3: building destination address lists... complete [29934] 4/11/2015 -- 15:38:58 - (util-profiling-rules.c:589) <Info> (SCProfilingRuleInitCounters) -- Registered 17242 rule profiling counters. [29934] 4/11/2015 -- 15:38:58 - (util-threshold-config.c:1188) <Info> (SCThresholdConfParseFile) -- Threshold config parsed: 0 rule(s) found [29934] 4/11/2015 -- 15:38:58 - (util-coredump-config.c:122) <Info> (CoredumpLoadConfig) -- Core dump size set to unlimited. [29934] 4/11/2015 -- 15:38:58 - (util-logopenfile.c:298) <Info> (SCConfLogOpenGeneric) -- eve-log output device (regular) initialized: eve.json [29934] 4/11/2015 -- 15:38:58 - (runmodes.c:780) <Info> (RunModeInitializeOutputs) -- enabling 'eve-log' module 'alert' [29934] 4/11/2015 -- 15:38:58 - (runmodes.c:780) <Info> (RunModeInitializeOutputs) -- enabling 'eve-log' module 'http' [29934] 4/11/2015 -- 15:38:58 - (runmodes.c:780) <Info> (RunModeInitializeOutputs) -- enabling 'eve-log' module 'dns' [29934] 4/11/2015 -- 15:38:58 - (runmodes.c:780) <Info> (RunModeInitializeOutputs) -- enabling 'eve-log' module 'tls' [29934] 4/11/2015 -- 15:38:58 - (runmodes.c:780) <Info> (RunModeInitializeOutputs) -- enabling 'eve-log' module 'files' [29934] 4/11/2015 -- 15:38:58 - (runmodes.c:780) <Info> (RunModeInitializeOutputs) -- enabling 'eve-log' module 'smtp' [29934] 4/11/2015 -- 15:38:58 - (runmodes.c:780) <Info> (RunModeInitializeOutputs) -- enabling 'eve-log' module 'ssh' [29934] 4/11/2015 -- 15:38:58 - (runmodes.c:780) <Info> (RunModeInitializeOutputs) -- enabling 'eve-log' module 'stats' [29934] 4/11/2015 -- 15:38:58 - (util-logopenfile.c:298) <Info> (SCConfLogOpenGeneric) -- stats output device (regular) initialized: stats.log [29934] 4/11/2015 -- 15:38:58 - (util-logopenfile.c:298) <Info> (SCConfLogOpenGeneric) -- drop output device (regular) initialized: drop.log [29935] 4/11/2015 -- 15:38:58 - (tmqh-packetpool.c:394) <Info> (PacketPoolInit) -- preallocated 1024 packets. Total memory 3606528 [29935] 4/11/2015 -- 15:38:58 - (source-nfq.c:589) <Info> (NFQInitThread) -- binding this thread 0 to queue '1' [29935] 4/11/2015 -- 15:38:58 - (source-nfq.c:611) <Info> (NFQInitThread) -- setting queue length to 4096 [29935] 4/11/2015 -- 15:38:58 - (source-nfq.c:624) <Info> (NFQInitThread) -- setting nfnl bufsize to 6144000 [29935] 4/11/2015 -- 15:38:58 - (source-nfq.c:388) <Info> (NFQMutexInit) -- NFQ running in 'workers' runmode, will not use mutex.
Kernel log:
Nov 4 15:38:58 <hidden hostname here> kernel: grsec: From <hidden IP address here>: Segmentation fault occurred at 0000000000000024 in /usr/bin/suricata[Worker-Q1:29935] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
Run with autofp mode:
# /usr/bin/suricata -c /etc/suricata/suricata.yaml --pidfile /var/run/suricata.pid -q 1 -D --runmode autofp
# cat /var/log/suricata.log [30013] 4/11/2015 -- 15:39:33 - (suricata.c:1073) <Notice> (SCPrintVersion) -- This is Suricata version 2.1dev (rev 86711a1) [30013] 4/11/2015 -- 15:39:33 - (util-cpu.c:170) <Info> (UtilCpuPrintSummary) -- CPUs/cores online: 8 [30013] 4/11/2015 -- 15:39:33 - (app-layer-htp.c:2255) <Info> (HTPConfigSetDefaultsPhase2) -- 'default' server has 'request-body-minimal-inspect- size' set to 33882 and 'request-body-inspect-window' set to 4053 after randomization. [30013] 4/11/2015 -- 15:39:33 - (app-layer-htp.c:2270) <Info> (HTPConfigSetDefaultsPhase2) -- 'default' server has 'response-body-minimal-inspect -size' set to 33695 and 'response-body-inspect-window' set to 4218 after randomization. [30013] 4/11/2015 -- 15:39:33 - (app-layer-htp.c:2255) <Info> (HTPConfigSetDefaultsPhase2) -- 'apache' server has 'request-body-minimal-inspect-s ize' set to 34116 and 'request-body-inspect-window' set to 3973 after randomization. [30013] 4/11/2015 -- 15:39:33 - (app-layer-htp.c:2270) <Info> (HTPConfigSetDefaultsPhase2) -- 'apache' server has 'response-body-minimal-inspect- size' set to 32229 and 'response-body-inspect-window' set to 4205 after randomization. [30013] 4/11/2015 -- 15:39:33 - (app-layer-htp.c:2255) <Info> (HTPConfigSetDefaultsPhase2) -- 'iis7' server has 'request-body-minimal-inspect-siz e' set to 32040 and 'request-body-inspect-window' set to 4118 after randomization. [30013] 4/11/2015 -- 15:39:33 - (app-layer-htp.c:2270) <Info> (HTPConfigSetDefaultsPhase2) -- 'iis7' server has 'response-body-minimal-inspect-si ze' set to 32694 and 'response-body-inspect-window' set to 4148 after randomization. [30013] 4/11/2015 -- 15:39:33 - (app-layer-dns-udp.c:337) <Info> (DNSUDPConfigure) -- DNS request flood protection level: 500 [30013] 4/11/2015 -- 15:39:33 - (app-layer-dns-udp.c:349) <Info> (DNSUDPConfigure) -- DNS per flow memcap (state-memcap): 524288 [30013] 4/11/2015 -- 15:39:33 - (app-layer-dns-udp.c:361) <Info> (DNSUDPConfigure) -- DNS global memcap: 16777216 [30013] 4/11/2015 -- 15:39:33 - (app-layer-modbus.c:1457) <Info> (RegisterModbusParsers) -- Modbus request flood protection level: 500 [30013] 4/11/2015 -- 15:39:33 - (source-nfq.c:286) <Info> (NFQInitConfig) -- NFQ running in standard ACCEPT/DROP mode [30013] 4/11/2015 -- 15:39:33 - (defrag-hash.c:209) <Info> (DefragInitConfig) -- allocated 3670016 bytes of memory for the defrag hash... 65536 b uckets of size 56 [30013] 4/11/2015 -- 15:39:33 - (defrag-hash.c:234) <Info> (DefragInitConfig) -- preallocated 65535 defrag trackers of size 168 [30013] 4/11/2015 -- 15:39:33 - (defrag-hash.c:241) <Info> (DefragInitConfig) -- defrag memory usage: 14679896 bytes, maximum: 33554432 [30013] 4/11/2015 -- 15:39:33 - (tmqh-flow.c:76) <Info> (TmqhFlowRegister) -- AutoFP mode using default "Active Packets" flow load balancer [30014] 4/11/2015 -- 15:39:33 - (host.c:215) <Info> (HostInitConfig) -- allocated 262144 bytes of memory for the host hash... 4096 buckets of siz e 64 [30014] 4/11/2015 -- 15:39:33 - (host.c:238) <Info> (HostInitConfig) -- preallocated 1000 hosts of size 136 [30014] 4/11/2015 -- 15:39:33 - (host.c:240) <Info> (HostInitConfig) -- host memory usage: 398144 bytes, maximum: 16777216 [30014] 4/11/2015 -- 15:39:33 - (flow.c:441) <Info> (FlowInitConfig) -- allocated 4194304 bytes of memory for the flow hash... 65536 buckets of s ize 64 [30014] 4/11/2015 -- 15:39:33 - (flow.c:465) <Info> (FlowInitConfig) -- preallocated 10000 flows of size 288 [30014] 4/11/2015 -- 15:39:33 - (flow.c:467) <Info> (FlowInitConfig) -- flow memory usage: 7074304 bytes, maximum: 67108864 [30014] 4/11/2015 -- 15:39:33 - (stream-tcp.c:377) <Info> (StreamTcpInitConfig) -- stream "prealloc-sessions": 2048 (per thread) [30014] 4/11/2015 -- 15:39:33 - (stream-tcp.c:393) <Info> (StreamTcpInitConfig) -- stream "memcap": 33554432 [30014] 4/11/2015 -- 15:39:33 - (stream-tcp.c:399) <Info> (StreamTcpInitConfig) -- stream "midstream" session pickups: disabled [30014] 4/11/2015 -- 15:39:33 - (stream-tcp.c:405) <Info> (StreamTcpInitConfig) -- stream "async-oneside": disabled [30014] 4/11/2015 -- 15:39:33 - (stream-tcp.c:422) <Info> (StreamTcpInitConfig) -- stream "checksum-validation": enabled [30014] 4/11/2015 -- 15:39:33 - (stream-tcp.c:444) <Info> (StreamTcpInitConfig) -- stream."inline": enabled [30014] 4/11/2015 -- 15:39:33 - (stream-tcp.c:457) <Info> (StreamTcpInitConfig) -- stream "max-synack-queued": 5 [30014] 4/11/2015 -- 15:39:33 - (stream-tcp.c:475) <Info> (StreamTcpInitConfig) -- stream.reassembly "memcap": 134217728 [30014] 4/11/2015 -- 15:39:33 - (stream-tcp.c:493) <Info> (StreamTcpInitConfig) -- stream.reassembly "depth": 1048576 [30014] 4/11/2015 -- 15:39:33 - (stream-tcp.c:576) <Info> (StreamTcpInitConfig) -- stream.reassembly "toserver-chunk-size": 2630 [30014] 4/11/2015 -- 15:39:33 - (stream-tcp.c:578) <Info> (StreamTcpInitConfig) -- stream.reassembly "toclient-chunk-size": 2500 [30014] 4/11/2015 -- 15:39:33 - (stream-tcp.c:591) <Info> (StreamTcpInitConfig) -- stream.reassembly.raw: enabled [30014] 4/11/2015 -- 15:39:33 - (stream-tcp-reassemble.c:451) <Info> (StreamTcpReassemblyConfig) -- segment pool: pktsize 4, prealloc 256 [30014] 4/11/2015 -- 15:39:33 - (stream-tcp-reassemble.c:451) <Info> (StreamTcpReassemblyConfig) -- segment pool: pktsize 16, prealloc 512 [30014] 4/11/2015 -- 15:39:33 - (stream-tcp-reassemble.c:451) <Info> (StreamTcpReassemblyConfig) -- segment pool: pktsize 112, prealloc 512 [30014] 4/11/2015 -- 15:39:33 - (stream-tcp-reassemble.c:451) <Info> (StreamTcpReassemblyConfig) -- segment pool: pktsize 248, prealloc 512 [30014] 4/11/2015 -- 15:39:33 - (stream-tcp-reassemble.c:451) <Info> (StreamTcpReassemblyConfig) -- segment pool: pktsize 512, prealloc 512 [30014] 4/11/2015 -- 15:39:33 - (stream-tcp-reassemble.c:451) <Info> (StreamTcpReassemblyConfig) -- segment pool: pktsize 768, prealloc 1024 [30014] 4/11/2015 -- 15:39:33 - (stream-tcp-reassemble.c:451) <Info> (StreamTcpReassemblyConfig) -- segment pool: pktsize 1448, prealloc 1024 [30014] 4/11/2015 -- 15:39:33 - (stream-tcp-reassemble.c:451) <Info> (StreamTcpReassemblyConfig) -- segment pool: pktsize 65535, prealloc 128 [30014] 4/11/2015 -- 15:39:33 - (stream-tcp-reassemble.c:487) <Info> (StreamTcpReassemblyConfig) -- stream.reassembly "chunk-prealloc": 250 [30014] 4/11/2015 -- 15:39:33 - (stream-tcp-reassemble.c:500) <Info> (StreamTcpReassemblyConfig) -- stream.reassembly "zero-copy-size": 128 [30014] 4/11/2015 -- 15:39:33 - (ippair.c:211) <Info> (IPPairInitConfig) -- allocated 262144 bytes of memory for the ippair hash... 4096 buckets of size 64 [30014] 4/11/2015 -- 15:39:33 - (ippair.c:234) <Info> (IPPairInitConfig) -- preallocated 1000 ippairs of size 136 [30014] 4/11/2015 -- 15:39:33 - (ippair.c:236) <Info> (IPPairInitConfig) -- ippair memory usage: 398144 bytes, maximum: 16777216 [30014] 4/11/2015 -- 15:39:33 - (util-magic.c:62) <Info> (MagicInit) -- using magic-file /usr/share/file/magic [30014] 4/11/2015 -- 15:39:33 - (suricata.c:1942) <Info> (SetupDelayedDetect) -- Delayed detect disabled [30014] 4/11/2015 -- 15:39:33 - (reputation.c:620) <Info> (SRepInit) -- IP reputation disabled [30014] 4/11/2015 -- 15:39:33 - (util-profiling-keywords.c:387) <Info> (SCProfilingKeywordInitCounters) -- Registered 111 keyword profiling count ers. [30014] 4/11/2015 -- 15:39:33 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/local.rules [30014] 4/11/2015 -- 15:39:33 - (detect.c:424) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /etc/suricata /rules/local.rules [30014] 4/11/2015 -- 15:39:33 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/botcc.rules [30014] 4/11/2015 -- 15:39:33 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/ciarmy.rules [30014] 4/11/2015 -- 15:39:33 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/compromised.rules [30014] 4/11/2015 -- 15:39:33 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/drop.rules [30014] 4/11/2015 -- 15:39:33 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/dshield.rules [30014] 4/11/2015 -- 15:39:33 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-activex.rules [30014] 4/11/2015 -- 15:39:33 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-attack_response.rules [30014] 4/11/2015 -- 15:39:33 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-chat.rules [30014] 4/11/2015 -- 15:39:33 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-current_events.rules [30014] 4/11/2015 -- 15:39:33 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-dns.rules [30014] 4/11/2015 -- 15:39:33 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-dos.rules [30014] 4/11/2015 -- 15:39:33 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-exploit.rules [30014] 4/11/2015 -- 15:39:33 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-ftp.rules [30014] 4/11/2015 -- 15:39:33 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-games.rules [30014] 4/11/2015 -- 15:39:33 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-icmp_info.rules [30014] 4/11/2015 -- 15:39:33 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-imap.rules [30014] 4/11/2015 -- 15:39:33 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-inappropriate.rules [30014] 4/11/2015 -- 15:39:33 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-malware.rules [30014] 4/11/2015 -- 15:39:34 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-misc.rules [30014] 4/11/2015 -- 15:39:34 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-mobile_malware.rules [30014] 4/11/2015 -- 15:39:34 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-netbios.rules [30014] 4/11/2015 -- 15:39:34 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-p2p.rules [30014] 4/11/2015 -- 15:39:34 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-policy.rules [30014] 4/11/2015 -- 15:39:34 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-pop3.rules [30014] 4/11/2015 -- 15:39:34 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-rpc.rules [30014] 4/11/2015 -- 15:39:34 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-scada.rules [30014] 4/11/2015 -- 15:39:34 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-scan.rules [30014] 4/11/2015 -- 15:39:34 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-shellcode.rules [30014] 4/11/2015 -- 15:39:34 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-smtp.rules [30014] 4/11/2015 -- 15:39:34 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-snmp.rules [30014] 4/11/2015 -- 15:39:34 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-sql.rules [30014] 4/11/2015 -- 15:39:34 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-telnet.rules [30014] 4/11/2015 -- 15:39:34 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-tftp.rules [30014] 4/11/2015 -- 15:39:34 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-trojan.rules [30014] 4/11/2015 -- 15:39:35 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-user_agents.rules [30014] 4/11/2015 -- 15:39:35 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-voip.rules [30014] 4/11/2015 -- 15:39:35 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-web_client.rules [30014] 4/11/2015 -- 15:39:35 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-web_server.rules [30014] 4/11/2015 -- 15:39:35 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-web_specific_apps.rule s [30014] 4/11/2015 -- 15:39:36 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/emerging-worm.rules [30014] 4/11/2015 -- 15:39:36 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/tor.rules [30014] 4/11/2015 -- 15:39:36 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/decoder-events.rules [30014] 4/11/2015 -- 15:39:36 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/stream-events.rules [30014] 4/11/2015 -- 15:39:36 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/http-events.rules [30014] 4/11/2015 -- 15:39:36 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/smtp-events.rules [30014] 4/11/2015 -- 15:39:36 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/dns-events.rules [30014] 4/11/2015 -- 15:39:36 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/tls-events.rules [30014] 4/11/2015 -- 15:39:36 - (detect.c:414) <Info> (ProcessSigFiles) -- Loading rule file: /etc/suricata/rules/modbus-events.rules [30014] 4/11/2015 -- 15:39:36 - (detect.c:402) <Warning> (ProcessSigFiles) -- [ERRCODE: SC_ERR_NO_RULES(42)] - No rule files match the pattern /e tc/suricata/rules/app-layer-events.rules [30014] 4/11/2015 -- 15:39:36 - (detect.c:523) <Info> (SigLoadSignatures) -- 50 rule files processed. 17234 rules successfully loaded, 0 rules fa iled [30014] 4/11/2015 -- 15:39:36 - (detect.c:2987) <Info> (SigAddressPrepareStage1) -- 17242 signatures processed. 880 are IP-only rules, 6503 are i nspecting packet payload, 12990 inspect application layer, 72 are decoder event only [30014] 4/11/2015 -- 15:39:36 - (detect.c:2990) <Info> (SigAddressPrepareStage1) -- building signature grouping structure, stage 1: preprocessing rules... complete [30014] 4/11/2015 -- 15:39:36 - (detect.c:3623) <Info> (SigAddressPrepareStage2) -- building signature grouping structure, stage 2: building sour ce address list... complete [30014] 4/11/2015 -- 15:39:38 - (detect.c:4148) <Info> (SigAddressPrepareStage3) -- building signature grouping structure, stage 3: building dest ination address lists... complete [30014] 4/11/2015 -- 15:39:38 - (util-profiling-rules.c:589) <Info> (SCProfilingRuleInitCounters) -- Registered 17242 rule profiling counters. [30014] 4/11/2015 -- 15:39:38 - (util-threshold-config.c:1188) <Info> (SCThresholdConfParseFile) -- Threshold config parsed: 0 rule(s) found [30014] 4/11/2015 -- 15:39:38 - (util-coredump-config.c:122) <Info> (CoredumpLoadConfig) -- Core dump size set to unlimited. [30014] 4/11/2015 -- 15:39:38 - (util-logopenfile.c:298) <Info> (SCConfLogOpenGeneric) -- eve-log output device (regular) initialized: eve.json [30014] 4/11/2015 -- 15:39:38 - (runmodes.c:780) <Info> (RunModeInitializeOutputs) -- enabling 'eve-log' module 'alert' [30014] 4/11/2015 -- 15:39:38 - (runmodes.c:780) <Info> (RunModeInitializeOutputs) -- enabling 'eve-log' module 'http' [30014] 4/11/2015 -- 15:39:38 - (runmodes.c:780) <Info> (RunModeInitializeOutputs) -- enabling 'eve-log' module 'dns' [30014] 4/11/2015 -- 15:39:38 - (runmodes.c:780) <Info> (RunModeInitializeOutputs) -- enabling 'eve-log' module 'tls' [30014] 4/11/2015 -- 15:39:38 - (runmodes.c:780) <Info> (RunModeInitializeOutputs) -- enabling 'eve-log' module 'files' [30014] 4/11/2015 -- 15:39:38 - (runmodes.c:780) <Info> (RunModeInitializeOutputs) -- enabling 'eve-log' module 'smtp' [30014] 4/11/2015 -- 15:39:38 - (runmodes.c:780) <Info> (RunModeInitializeOutputs) -- enabling 'eve-log' module 'ssh' [30014] 4/11/2015 -- 15:39:38 - (runmodes.c:780) <Info> (RunModeInitializeOutputs) -- enabling 'eve-log' module 'stats' [30014] 4/11/2015 -- 15:39:38 - (util-logopenfile.c:298) <Info> (SCConfLogOpenGeneric) -- stats output device (regular) initialized: stats.log [30014] 4/11/2015 -- 15:39:38 - (util-logopenfile.c:298) <Info> (SCConfLogOpenGeneric) -- drop output device (regular) initialized: drop.log [30021] 4/11/2015 -- 15:39:38 - (tmqh-packetpool.c:394) <Info> (PacketPoolInit) -- preallocated 1024 packets. Total memory 3606528 [30021] 4/11/2015 -- 15:39:38 - (source-nfq.c:589) <Info> (NFQInitThread) -- binding this thread 0 to queue '1' [30021] 4/11/2015 -- 15:39:38 - (source-nfq.c:611) <Info> (NFQInitThread) -- setting queue length to 4096 [30021] 4/11/2015 -- 15:39:38 - (source-nfq.c:624) <Info> (NFQInitThread) -- setting nfnl bufsize to 6144000 [30014] 4/11/2015 -- 15:39:39 - (flow-manager.c:721) <Info> (FlowManagerThreadSpawn) -- using 1 flow manager threads [30035] 4/11/2015 -- 15:39:39 - (tmqh-packetpool.c:394) <Info> (PacketPoolInit) -- preallocated 1024 packets. Total memory 3606528 [30014] 4/11/2015 -- 15:39:39 - (flow-manager.c:881) <Info> (FlowRecyclerThreadSpawn) -- using 1 flow recycler threads [30014] 4/11/2015 -- 15:39:39 - (tm-threads.c:2001) <Notice> (TmThreadWaitOnThreadInit) -- all 14 packet processing threads, 4 management threads initialized, engine started.
Updated by Victor Julien about 9 years ago
- Description updated (diff)
Cleaned up the description.
Gdb bt is very welcome.
Updated by Victor Julien almost 9 years ago
- Target version changed from 3.0RC1 to TBD
Updated by Victor Julien over 8 years ago
- Status changed from New to Assigned
- Assignee set to Andreas Herz
- Target version changed from TBD to 70
Updated by Victor Julien over 8 years ago
- Target version changed from 70 to 3.1.1
Updated by Giuseppe Longo over 8 years ago
Backtrace:
[24420] 17/6/2016 -- 11:45:25 - (source-nfq.c:590) <Info> (NFQInitThread) -- binding this thread 0 to queue '0' [24420] 17/6/2016 -- 11:45:25 - (source-nfq.c:612) <Info> (NFQInitThread) -- setting queue length to 4096 [24420] 17/6/2016 -- 11:45:25 - (source-nfq.c:625) <Info> (NFQInitThread) -- setting nfnl bufsize to 6144000 [24420] 17/6/2016 -- 11:45:25 - (source-nfq.c:389) <Info> (NFQMutexInit) -- NFQ running in 'workers' runmode, will not use mutex. Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fffe792f700 (LWP 24420)] 0x000000000057a35f in CaptureStatsSetup (tv=0x6120003ac6c0, s=0x24) at decode.c:579 579 s->counter_ips_accepted = StatsRegisterCounter("ips.accepted", tv); (gdb) bt #0 0x000000000057a35f in CaptureStatsSetup (tv=0x6120003ac6c0, s=0x24) at decode.c:579 #1 0x0000000000bc5479 in VerdictNFQThreadInit (tv=0x6120003ac6c0, initdata=0x0, data=0x7fffe792e400) at source-nfq.c:763 #2 0x0000000000ca7324 in TmThreadsSlotPktAcqLoop (td=0x6120003ac6c0) at tm-threads.c:300 #3 0x00007ffff5b726aa in start_thread (arg=0x7fffe792f700) at pthread_create.c:333 #4 0x00007ffff4e9813d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
How to reproduce:
sudo src/suricata -c suricata.yaml -q 0 --runmode workers -l /tmp/ -v
Updated by Andreas Herz over 8 years ago
You might want to test the fix:
https://github.com/inliniac/suricata/pull/2154
Would need more testing if it's now working as expected, did at a small test at my home setup.
Updated by Victor Julien over 8 years ago
- Status changed from Assigned to Closed
- Target version changed from 3.1.1 to 3.1
Actions