Actions
Bug #290
closedCPU affinity misconfiguration cause 100% CPU consumption
Affected Versions:
Effort:
Difficulty:
Label:
Description
Hi, I erroneously configured cpu affinity in one suricata running under a server with 2 CPUs, with the same settings of another suricata running under a server with 8 CPUs. In that situation suricata starts without errors but it does not process any packets (inline nor pcap mode) an it shows a cpu consumption of almost 100%.
top - 10:31:07 up 4:09, 2 users, load average: 6.75, 5.68, 3.14 Tasks: 64 total, 2 running, 62 sleeping, 0 stopped, 0 zombie Cpu(s): 5.7%us, 93.9%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.3%si, 0.0%st Mem: 249128k total, 185864k used, 63264k free, 704k buffers Swap: 265068k total, 10420k used, 254648k free, 21472k cached PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 6757 root 20 0 291m 137m 1344 R 99.6 56.5 5:09.15 suricata
Of course, this event occurs under misconfiguration scenario and is not a critical issue, but it would be good if suricata shows some warnings or doesn't start in this case. I hope this could help in case you didn't notice the bug.
I am running suricata 1.1beta2. this is the cpu-affinity I ran with.
# Tune cpu affinity of suricata threads. Each family of threads can be bound
#??on specific CPUs.
cpu_affinity:
- management_cpu_set:
cpu: [ 0 ] # include only these cpus in affinity settings
- receive_cpu_set:
cpu: [ "4-7" ] # include only these cpus in affinity settings
mode: "exclusive"
prio:
default:"high"
- decode_cpu_set:
cpu: [ 0, 1 ]
mode: "balanced"
- stream_cpu_set:
cpu: [ "0-1" ]
- detect_cpu_set:
cpu: [ "0-3" ]
mode: "exclusive" # run detect threads in these cpus
prio:
low: [ 0 ]
medium: [ "1-2" ]
high: [ 3 ]
default: "medium"
- verdict_cpu_set:
cpu: [ "4-7" ]
mode: "exclusive"
prio:
default: "medium"
- reject_cpu_set:
cpu: [ 0 ]
prio:
default: "low"
- output_cpu_set:
cpu: [ "0-3" ]
prio:
default: "medium"
Files
Actions