Actions
Bug #5199
openSetting flow memcap too low tries to allocate the whole system memory
Affected Versions:
Effort:
Difficulty:
Label:
Description
If I set flow.memcap low (10mb) then Suri starts to hog memory. Not stopping from doing so can result in a complete system crash/freeze. It seems like it bypasses some check and memory allocation gets into an infinite loop. For demonstration purposes, I am attaching a YAML file.
I've tried it with AF-PACKET capture mode but I believe this is not connected with any capture mode and thus it will be present in whatever capture mode.
Files
Updated by Philippe Antoine about 1 month ago
Is this still the case in 8 ?
Could you describe more step by step how to reproduce ?
Updated by Philippe Antoine about 1 month ago
- Status changed from New to Feedback
Updated by Lukas Sismis 18 days ago
- Status changed from Feedback to Assigned
- Assignee changed from OISF Dev to Lukas Sismis
- Target version changed from TBD to 9.0.0-beta1
- Affected Versions 6.0.19, 8.0.1, 7.0.13, 9.0.0-beta1 added
- Label Needs backport to 7.0, Needs backport to 8.0 added
yes, it is still present, will evaluate more.
Updated by Lukas Sismis 18 days ago
Could you describe more step by step how to reproduce ?
Just set flow memcap to 10mb, prealloc to 100k, and it starts consuming memory infinitely.
./src/suricata -c suricata.yaml -S /dev/null -l /tmp/ --af-packet=lo
Actions