Project

General

Profile

Bug #2763

different number of events on exact same runs with asan and no asan builds

Added by Peter Manev 3 months ago. Updated 9 days ago.

Status:
New
Priority:
Normal
Assignee:
Target version:
-
Affected Versions:
Effort:
Difficulty:
Label:

Description

I am observing different number of events being logged with he exact same pcap/server//rules/run used - the difference is that once suricata is compiled with asan the other run it is compiled without it.
The server/HW is not oversubscribed and being 50% busy during the runs.
The pcap has been privately shared.

LSAN_OPTIONS=suppressions=/home/pmanev/inthetrenches/test/asan-ginfiz-runs/oisf-current/qa/lsan.suppress ASAN_SYMBOLIZER_PATH=/usr/lib/llvm-6.0/bin/llvm-symboli
zer  /opt/suricata-asan/bin/suricata -c /home/pmanev/inthetrenches/test/asan-ginfiz-runs/fuzz.suricata.warfare.socket.yaml -r /home/pmanev/Work/QA/pcaps/merged-all/all.pcap -l tmplog/ -s /opt/su$
icata-git-rctests/etc/suricata/rules/events-allenabled.rules --set "flow.memcap = 12gb" --set "stream.memcap = 5gb" --set "stream.reassembly.memcap = 10gb" ; time cat tmplog/eve.json | perl -ne 'print "$1\n" if 
/\"event_type\":\"(.*?)\"/' | sort | uniq -c                                                                                                                                                                       

[30985] 22/12/2018 -- 15:53:40 - (suricata.c:1085) <Notice> (LogVersion) -- This is Suricata version 4.1.0-dev (rev b51e4a39)                                                                                                                      
[30985] 22/12/2018 -- 15:57:21 - (tm-threads.c:2172) <Notice> (TmThreadWaitOnThreadInit) -- all 41 packet processing threads, 2 management threads initialized, engine started.                                    
[30985] 22/12/2018 -- 19:01:48 - (suricata.c:2847) <Notice> (SuricataMainLoop) -- Signal Received.  Stopping engine.                                                                                               
[14770] 22/12/2018 -- 20:03:41 - (source-pcap-file.c:383) <Notice> (ReceivePcapFileThreadExitStats) -- Pcap-file module read 1 files, 275652306 packets, 152382822719 bytes                                        

16528957 alert                                                                                                                                                                                                     
 785278 dhcp                                                                                                                                                                                                       
7335001 dns                                                                                                                                                                                                       
4715322 fileinfo                                                                                                                                                                                                   
38535165 flow                                                                                                                     
5243434 http                                                                                                                                                                                                       
     45 ikev2
 153154 smb
 261524 smtp
   8311 ssh
     94 tftp
 332283 tls

real    24m7.913s
user    4m26.049s
sys     2m59.843s

/opt/suricata-git-rctests/bin/suricata -c /home/pmanev/inthetrenches/test/asan-ginfiz-runs/fuzz.suricata.warfare.socket.yaml -r /home/pmanev/Work/QA/pcaps/merged-all/all.pcap -l tmplog/ -s /opt/suricata-git-rctests/etc/suricata/rules/events-allenabled.rules --set "flow.memcap = 12gb" --set "stream.memcap = 5gb" --set "stream.reassembly.memcap = 10gb" ;  time cat tmplog/eve.json | perl -ne 'print "$1\n" if /\"event_type\":\"(.*?)\"/' | sort | uniq -c
rm: cannot remove 'tmplog/*': No such file or directory
[32716] 24/12/2018 -- 04:31:07 - (suricata.c:1085) <Notice> (LogVersion) -- This is Suricata version 4.1.0-dev (rev b51e4a39)

[32716] 24/12/2018 -- 04:31:47 - (tm-threads.c:2172) <Notice> (TmThreadWaitOnThreadInit) -- all 41 packet processing threads, 2 management threads initialized, engine started.
[32716] 24/12/2018 -- 05:35:41 - (suricata.c:2847) <Notice> (SuricataMainLoop) -- Signal Received.  Stopping engine.
[32765] 24/12/2018 -- 05:35:42 - (source-pcap-file.c:383) <Notice> (ReceivePcapFileThreadExitStats) -- Pcap-file module read 1 files, 275652306 packets, 152382822719 bytes

16358316 alert
 785278 dhcp
7334252 dns
4830923 fileinfo
39725087 flow
5368469 http
     45 ikev2
 159412 smb
 263012 smtp
   8311 ssh
     94 tftp
 361000 tls

real    24m0.977s
user    4m19.900s
sys     3m3.456s

History

#1

Updated by Victor Julien 9 days ago

  • Assignee set to OISF Dev

Also available in: Atom PDF