Project

General

Profile

Actions
Copy link

Bug #5199

open

Setting flow memcap too low tries to allocate the whole system memory

Added by Lukas Sismis over 3 years ago. Updated 18 days ago.

Status:
Feedback
Priority:
Normal
Assignee:
OISF Dev
Target version:
TBD
Affected Versions:
Effort:
Difficulty:
Label:

Description

If I set flow.memcap low (10mb) then Suri starts to hog memory. Not stopping from doing so can result in a complete system crash/freeze. It seems like it bypasses some check and memory allocation gets into an infinite loop. For demonstration purposes, I am attaching a YAML file.
I've tried it with AF-PACKET capture mode but I believe this is not connected with any capture mode and thus it will be present in whatever capture mode.

Files

suricata.yaml (74.6 KB) suricata.yaml Lukas Sismis, 03/21/2022 10:06 AM
Actions
Copy link
 #1

Updated by Philippe Antoine 20 days ago

Is this still the case in 8 ?
Could you describe more step by step how to reproduce ?

Actions
Copy link
 #2

Updated by Philippe Antoine 18 days ago

  • Status changed from New to Feedback
Actions
Copy link

Also available in: Atom PDF