Bug #284
closedHOME NET variable problem
Description
If you supply more than four (4) subnets or hosts at the HOME NET variable in the yaml config - Suricata goes through normal starting process and suddenly just quits/stops without any error reporting.
Files
Updated by Victor Julien over 13 years ago
- Status changed from New to Assigned
- Assignee set to Anoop Saldanha
- Target version set to 1.1beta3
- Estimated time set to 4.00 h
@Peter Pan, can you paste a snippet from your suricata.yaml that can be used to reproduce the issue?
@Anoop, can you have a look at whats happening?
Updated by Chris Wakelin over 13 years ago
I have 5 subnets in my working config, but one is IPv6
Updated by Anoop Saldanha over 13 years ago
Victor Julien wrote:
@Peter Pan, can you paste a snippet from your suricata.yaml that can be used to reproduce the issue?
@Anoop, can you have a look at whats happening?
cool.
@Peter Pan Can you paste your HOME_NET or the entire address-group section?
Updated by Peter Manev over 13 years ago
Sure,
@Anoop - Will do.
@Chris Graf - Can you try (if possible of course)with 5 IPv4 subnets and see if you have the same issue when you start/restart Suricata, because I had that issue on both Debian and Ubuntu.
Updated by Chris Wakelin over 13 years ago
5 IPv4 subnets seems to work as well (with one /16, two /24s, one /22 and 10.0.0.0/8; no IPv6 and no hosts).
Updated by Peter Manev over 13 years ago
- File HOME_NET.png HOME_NET.png added
- File HOME_NET2.png HOME_NET2.png added
- File suricata.yaml suricata.yaml added
Hello,
I have attached a couple of screen shots and my yaml config.
given 5 hosts - suricata just quits with no error msg after "....stage 2: building source address list... complete."
About 20-30 seconds before Suricata quits it consumes 100% CPU resources.
Updated by Peter Manev over 13 years ago
I just found out that the issue (my previuos msg) is only present if the EXTERNAL_NET variable is set to "any".
If it is set to !$HOME_NET - Suricata works fine.
Updated by Chris Wakelin over 13 years ago
My EXTERNAL_NET is set to Any, and it still works for me!
Updated by Peter Manev over 13 years ago
Mine still does not - I have 5 hosts for the HOME_NET variable and EXTERNAL__NET is set to "any" - it hangs and it quits.
I have attached my yaml which is basically a default yaml with just these variables changed... I am not sure what could possibly be the issue here.
Updated by Chris Wakelin over 13 years ago
One difference I can see is I'm trying latest git version (so more or less 1.1beta2) and I'm using Ubuntu 10.04 64-bit not 10.10 32-bit (which it seems you are?). Could it be an issue in 1.0.x or a 32/64-bit issue?
Updated by Anoop Saldanha over 13 years ago
Works fine with your yaml with both master and master-1.0.x.
Checked your snapshots. It looks like the engine was killed. The OS killed it, probably because the engine consumed too much memory. The mpm you are using is b2g, which is memory hungry(comfortably hits 2gigs), while your ram's around 1.5gig with 600mb swap). Increase your memory to around 3gigs or change your mpm to "ac" and it should work fine.
Updated by Peter Manev about 13 years ago
- Status changed from Assigned to Closed
Isolated case, not a bug.