Actions
Bug #5199
openflow/memcap: too low setting causes crash
Affected Versions:
Effort:
Difficulty:
Label:
Description
If I set flow.memcap low (10mb) then Suri starts to hog memory. Not stopping from doing so can result in a complete system crash/freeze. It seems like it bypasses some check and memory allocation gets into an infinite loop. For demonstration purposes, I am attaching a YAML file.
I've tried it with AF-PACKET capture mode but I believe this is not connected with any capture mode and thus it will be present in whatever capture mode.
Files
Updated by Philippe Antoine 2 months ago
Is this still the case in 8 ?
Could you describe more step by step how to reproduce ?
Updated by Lukas Sismis about 1 month ago
- Status changed from Feedback to Assigned
- Assignee changed from OISF Dev to Lukas Sismis
- Target version changed from TBD to 9.0.0-beta1
- Affected Versions 6.0.19, 8.0.1, 7.0.13, 9.0.0-beta1 added
- Label Needs backport to 7.0, Needs backport to 8.0 added
yes, it is still present, will evaluate more.
Updated by OISF Ticketbot about 1 month ago
- Label deleted (
Needs backport to 8.0)
Updated by OISF Ticketbot about 1 month ago
- Label deleted (
Needs backport to 7.0)
Updated by Lukas Sismis about 1 month ago
Could you describe more step by step how to reproduce ?
Just set flow memcap to 10mb, prealloc to 100k, and it starts consuming memory infinitely.
./src/suricata -c suricata.yaml -S /dev/null -l /tmp/ --af-packet=lo
Updated by Shivani Bhardwaj 3 days ago
- Subject changed from Setting flow memcap too low tries to allocate the whole system memory to flow/memcap: too low setting causes crash
Actions