Project

General

Profile

Actions

Bug #3257

closed

Lua PANIC: unprotected error in call to Lua API (stack overflow)

Added by xu hui over 4 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

HI, Suricata Team:
Since I need to hash and customize some fields, I tried to use Lua scripts to audit all HTTP traffic.The program will exit automatically after running for a period of time. The screen outputs error message: ' PANIC: unprotected error in call to Lua API (stack overflow). '
My Suricata is deployed on AWS, and the traffic mirror is from Nginx Server, so it is all HTTP traffic, about 1.5Gbps. Can Lua scripts not run in high-traffic environments?
My lua script (demo) code is in the attachment, please correct me my mistake, any help makes sense to me.

CPU: 1 CPU 36 core
Memory: 60G
Suricata: 5.0.0-rc1

Files

http_audit_demo.lua (1.88 KB) http_audit_demo.lua lua script demo xu hui, 10/17/2019 02:11 PM
Actions #1

Updated by Andreas Herz over 4 years ago

  • Assignee set to Community Ticket
  • Target version set to TBD
Actions #2

Updated by Andreas Herz over 4 years ago

Just a side note, lua is quite expensive but good hardware should still deal with it at 1.5gbit/s rate.

Actions #3

Updated by xu hui over 4 years ago

Andreas Herz wrote:

Just a side note, lua is quite expensive but good hardware should still deal with it at 1.5gbit/s rate.

Thank you for your reply! In my tests, this script works fine when specifying a URL.If no filter is specified, it will trigger this exception.

This is the detailed configuration of my hardware.

$ lscpu
Architecture:        x86_64
CPU op-mode(s):      32-bit, 64-bit
Byte Order:          Little Endian
CPU(s):              36
On-line CPU(s) list: 0-35
Thread(s) per core:  2
Core(s) per socket:  9
Socket(s):           2
NUMA node(s):        2
Vendor ID:           GenuineIntel
CPU family:          6
Model:               63
Model name:          Intel(R) Xeon(R) CPU E5-2666 v3 @ 2.90GHz
Stepping:            2
CPU MHz:             2658.363
CPU max MHz:         3500.0000
CPU min MHz:         1200.0000
BogoMIPS:            5800.17
Hypervisor vendor:   Xen
Virtualization type: full
L1d cache:           32K
L1i cache:           32K
L2 cache:            256K
L3 cache:            25600K
NUMA node0 CPU(s):   0-8,18-26
NUMA node1 CPU(s):   9-17,27-35
Flags:               fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq monitor est ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm cpuid_fault invpcid_single pti fsgsbase bmi1 avx2 smep bmi2 erms invpcid xsaveopt ida

System load

top - 06:02:09 up 9 days, 21:58,  2 users,  load average: 2.45, 2.04, 1.79
Tasks: 424 total,   1 running, 214 sleeping,   0 stopped,   0 zombie
%Cpu(s):  4.5 us,  0.1 sy,  0.0 ni, 95.2 id,  0.1 wa,  0.0 hi,  0.1 si,  0.0 st
KiB Mem : 61818916 total, 13097800 free, 34276372 used, 14444744 buff/cache
KiB Swap:        0 total,        0 free,        0 used. 34206288 avail Mem

Actions #4

Updated by Andreas Herz about 2 years ago

  • Status changed from New to Closed

Hi, we're closing this issue since there have been no further responses.
If you think this issue is still relevant, try to test it again with the
most recent version of suricata and reopen the issue. If you want to
improve the bug report please take a look at
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs

Actions

Also available in: Atom PDF