https://redmine.openinfosecfoundation.org/
https://redmine.openinfosecfoundation.org/favicon.ico?1701117002
2018-11-16T14:55:06Z
Open Information Security Foundation
Suricata - Bug #2662: unix socket - memcap read/set showing unlimited where there are limited values configured by default
https://redmine.openinfosecfoundation.org/issues/2662?journal_id=10426
2018-11-16T14:55:06Z
Victor Julien
victor@inliniac.net
<ul><li><strong>Assignee</strong> set to <i>Giuseppe Longo</i></li></ul><p>Giuseppe, I think you wrote this feature. Could you check this out? Thanks!</p>
Suricata - Bug #2662: unix socket - memcap read/set showing unlimited where there are limited values configured by default
https://redmine.openinfosecfoundation.org/issues/2662?journal_id=10427
2018-11-16T14:59:36Z
Giuseppe Longo
giuseppe@glongo.it
<ul></ul><p>Yes sure.</p>
Suricata - Bug #2662: unix socket - memcap read/set showing unlimited where there are limited values configured by default
https://redmine.openinfosecfoundation.org/issues/2662?journal_id=10443
2018-11-17T14:13:09Z
Giuseppe Longo
giuseppe@glongo.it
<ul></ul><p>Not able to reproduce the issue with the default config.</p>
<pre>
This is Suricata version 4.1.0-dev (rev 787473ec6)
>>> memcap-list
Success:
[
{
"name": "stream",
"value": "64mb"
},
{
"name": "stream-reassembly",
"value": "256mb"
},
{
"name": "flow",
"value": "128mb"
},
{
"name": "applayer-proto-http",
"value": "unlimited"
},
{
"name": "defrag",
"value": "32mb"
},
{
"name": "ippair",
"value": "16mb"
},
{
"name": "host",
"value": "32mb"
}
]
>>> memcap-show stream
Success:
{
"value": "64mb"
}
>>>
# ./bin/suricata --dump-config | grep -i "memcap"
defrag.memcap = 32mb
flow.memcap = 128mb
stream.memcap = 64mb
stream.reassembly.memcap = 256mb
host.memcap = 32mb
</pre>
Suricata - Bug #2662: unix socket - memcap read/set showing unlimited where there are limited values configured by default
https://redmine.openinfosecfoundation.org/issues/2662?journal_id=10452
2018-11-20T08:49:16Z
Peter Manev
petermanev@gmail.com
<ul></ul><p>It actually happens when there is no config present if installed in a non default location:</p>
<pre>
pevma@DonPedro:~/Work/Suricata/suricomp/suricata (master)$ sudo /opt/suritest/bin/suricatasc /opt/suritest/var/run/suricata/suricata-command.socket
Command list: shutdown, command-list, help, version, uptime, running-mode, capture-mode, conf-get, dump-counters, reload-rules, ruleset-reload-rules, ruleset-reload-nonblocking, ruleset-reload-time, ruleset-stats, ruleset-failed-rules, register-tenant-handler, unregister-tenant-handler, register-tenant, reload-tenant, unregister-tenant, add-hostbit, remove-hostbit, list-hostbit, reopen-log-files, memcap-set, memcap-show, memcap-list, pcap-file, pcap-file-continuous, pcap-file-number, pcap-file-list, pcap-last-processed, pcap-interrupt, pcap-current, quit
>>> memcap-list
Success:
[
{
"name": "stream",
"value": "unlimited"
},
{
"name": "stream-reassembly",
"value": "unlimited"
},
{
"name": "flow",
"value": "unlimited"
},
{
"name": "applayer-proto-http",
"value": "unlimited"
},
{
"name": "defrag",
"value": "unlimited"
},
{
"name": "ippair",
"value": "unlimited"
},
{
"name": "host",
"value": "16mb"
}
]
>>> quit
[+] Quit command client
pevma@DonPedro:~/Work/Suricata/suricomp/suricata (master)$ sudo /opt/suritest/bin/suricata -V
This is Suricata version 4.1.0-dev (rev 787473ec)
pevma@DonPedro:~/Work/Suricata/suricomp/suricata (master)$
pevma@DonPedro:~/Work/Suricata/suricomp/suricata (master)$ sudo /opt/suritest/bin/suricata -T
[12959] 20/11/2018 -- 09:45:59 - (suricata.c:1895) <Info> (ParseCommandLine) -- Running suricata under test mode
[12959] 20/11/2018 -- 09:45:59 - (conf-yaml-loader.c:430) <Error> (ConfYamlLoadFile) -- [ERRCODE: SC_ERR_FATAL(171)] - failed to open file: /opt/suritest/etc/suricata//suricata.yaml: No such file or directory
pevma@DonPedro:~/Work/Suricata/suricomp/suricata (master)$
</pre>
Suricata - Bug #2662: unix socket - memcap read/set showing unlimited where there are limited values configured by default
https://redmine.openinfosecfoundation.org/issues/2662?journal_id=11020
2019-02-18T11:01:57Z
Victor Julien
victor@inliniac.net
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Assigned</i></li><li><strong>Target version</strong> set to <i>5.0beta1</i></li></ul>
Suricata - Bug #2662: unix socket - memcap read/set showing unlimited where there are limited values configured by default
https://redmine.openinfosecfoundation.org/issues/2662?journal_id=11877
2019-04-25T11:46:03Z
Victor Julien
victor@inliniac.net
<ul><li><strong>Target version</strong> changed from <i>5.0beta1</i> to <i>5.0rc1</i></li></ul>
Suricata - Bug #2662: unix socket - memcap read/set showing unlimited where there are limited values configured by default
https://redmine.openinfosecfoundation.org/issues/2662?journal_id=13133
2019-07-27T22:05:50Z
Andreas Herz
oisf@herzandreas.de
<ul></ul><p>I can't reproduce it, can you share the exact details peter?</p>
Suricata - Bug #2662: unix socket - memcap read/set showing unlimited where there are limited values configured by default
https://redmine.openinfosecfoundation.org/issues/2662?journal_id=13160
2019-07-27T23:48:31Z
Peter Manev
petermanev@gmail.com
<ul><li><strong>Status</strong> changed from <i>Assigned</i> to <i>Closed</i></li></ul><p>I can't reproduce it any longer with latest master too.</p>
<pre>
sudo /opt/suritest/bin/suricatasc /opt/suritest/var/run/suricata/suricata-command.socket
Command list: shutdown, command-list, help, version, uptime, running-mode, capture-mode, conf-get, dump-counters, reload-rules, ruleset-reload-rules, ruleset-reload-nonblocking, ruleset-reload-time, ruleset-stats, ruleset-failed-rules, register-tenant-handler, unregister-tenant-handler, register-tenant, reload-tenant, unregister-tenant, add-hostbit, remove-hostbit, list-hostbit, reopen-log-files, memcap-set, memcap-show, memcap-list, iface-stat, iface-list, iface-bypassed-stat, ebpf-bypassed-stat, quit
>>> memcap-list
Success:
[
{
"name": "stream",
"value": "64mb"
},
{
"name": "stream-reassembly",
"value": "256mb"
},
{
"name": "flow",
"value": "128mb"
},
{
"name": "applayer-proto-http",
"value": "unlimited"
},
{
"name": "defrag",
"value": "32mb"
},
{
"name": "ippair",
"value": "16mb"
},
{
"name": "host",
"value": "32mb"
}
]
>>>
</pre>