Bug #1779
closedSuricata 3.0.1 RELEASE on Linux Kernel 4.4.0 (Ubuntu 14.04)
Added by Samiux A almost 8 years ago. Updated about 7 years ago.
Description
Suricata daemon will quit unexpectedly for some times.
OS : Ubuntu Server 64-bit 14.04.3 with Ubuntu 4.40-21 kernel
and
Ubuntu Server 64-bit 16.04
Suricata : 3.0.1
The debug error is showing lua.
Files
gdb.txt (1.53 KB) gdb.txt | gdb log file | Samiux A, 05/05/2016 03:07 AM | |
gdb-2.txt (1.12 KB) gdb-2.txt | gdb.txt with "thread apply all bt" | Samiux A, 05/05/2016 03:58 AM | |
gdb-3.txt (3.75 KB) gdb-3.txt | with bt | Samiux A, 05/05/2016 06:34 AM | |
gdb.txt (13.9 KB) gdb.txt | finally with "thread apply all bt" | Samiux A, 05/13/2016 03:49 AM |
Updated by Victor Julien almost 8 years ago
- Priority changed from High to Normal
Can you add more info? See https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs. Especially: "thread apply all bt"
"
Updated by Victor Julien almost 8 years ago
It doesn't contain the requested info.
Updated by Samiux A almost 8 years ago
The following links are the output of the gdb :
Updated by Samiux A almost 8 years ago
When I use the drop rules at https://github.com/EmergingThreats/et-luajit-scripts, some online movies or some downloads (but not all) will quit Suricata unexpectedly. When I remove all those rules, there is no unexpectedly quit of Suricata while watching online movies and download.
I also have some other lua rules enabled but they are working normally.
I think some bad written lua script/rules will quit Suricata unexpectedly. It may be bug of Suricata.
Updated by Peter Manev almost 8 years ago
Is that a reproducible segfault or Suricata just quits unexpectedly ?
Updated by Samiux A almost 8 years ago
It is reproducible segfault when I download/update the same game on iPad Mini.
Updated by Peter Manev almost 8 years ago
Which lua drop rules are those that you use more specifically? (there are 3 that I see there - luajit-drop.rules, dyndns-drop.rules, dyndns-http-alert-and-drop.rules)
Can you share the gdb info (after you enable debugging in Suri)?
Updated by Samiux A almost 8 years ago
It is luajit-drop.rules.
They are attached here.
Updated by Peter Manev almost 8 years ago
Ok. so they are the same gdb output - I thought it was a new case.
Can you please upload the output of "thread apply all bt" as previously requested (I only see "bt" in the txt files)
Updated by Samiux A almost 8 years ago
How to do that? I am not familiar with gdb. Detail is required.
Updated by Samiux A almost 8 years ago
I have used the flag --enable-debug and the Suricata does not crash but the traffic flow is slowed down a lot. I think Suricata cannot handle timeout properly for a high speed traffic on very slow lua script that caused the Suricata quit unexpectedly. I disable all very slow speed lua scripts/rules to avoid the problem.
Updated by Peter Manev almost 8 years ago
Yes - it affects performance.
Although if your after a useful core dump you should use "./configure CFLAGS="-ggdb -O0"
Updated by Andreas Herz over 7 years ago
- Assignee set to Anonymous
- Target version set to TBD
Updated by Samiux A about 7 years ago
Those lua rules are not in use at the moment and Suricata has been updated to 3.2. The lua rules problem may be caused by the bad coding by ET or something else. Anyway, the lua rules have been disabled. This thread can be closed. Thanks.
Updated by Victor Julien about 7 years ago
- Status changed from New to Closed
- Assignee deleted (
Anonymous) - Target version deleted (
TBD)
Ok, thanks Samiux!