Bug #5199: Setting flow memcap too low tries to allocate the whole system memory - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #5199

open

Setting flow memcap too low tries to allocate the whole system memory

Added by Lukas Sismis about 2 years ago.

Status:

New

Priority:

Normal

Assignee:

OISF Dev

Target version:

TBD

Affected Versions:

Effort:

Difficulty:

Label:

Description

If I set flow.memcap low (10mb) then Suri starts to hog memory. Not stopping from doing so can result in a complete system crash/freeze. It seems like it bypasses some check and memory allocation gets into an infinite loop. For demonstration purposes, I am attaching a YAML file.
I've tried it with AF-PACKET capture mode but I believe this is not connected with any capture mode and thus it will be present in whatever capture mode.

Files

suricata.yaml (74.6 KB) suricata.yaml

Lukas Sismis, 03/21/2022 10:06 AM

No data to display

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #5199

Setting flow memcap too low tries to allocate the whole system memory