Bug #5199
open
flow/memcap: too low setting causes crash
Added by Lukas Sismis over 3 years ago.
Updated 4 days ago.
Description
If I set flow.memcap low (10mb) then Suri starts to hog memory. Not stopping from doing so can result in a complete system crash/freeze. It seems like it bypasses some check and memory allocation gets into an infinite loop. For demonstration purposes, I am attaching a YAML file.
I've tried it with AF-PACKET capture mode but I believe this is not connected with any capture mode and thus it will be present in whatever capture mode.
Files
Is this still the case in 8 ?
Could you describe more step by step how to reproduce ?
- Status changed from New to Feedback
- Status changed from Feedback to Assigned
- Assignee changed from OISF Dev to Lukas Sismis
- Target version changed from TBD to 9.0.0-beta1
- Affected Versions 6.0.19, 8.0.1, 7.0.13, 9.0.0-beta1 added
- Label Needs backport to 7.0, Needs backport to 8.0 added
yes, it is still present, will evaluate more.
- Label deleted (
Needs backport to 8.0)
- Label deleted (
Needs backport to 7.0)
Could you describe more step by step how to reproduce ?
Just set flow memcap to 10mb, prealloc to 100k, and it starts consuming memory infinitely.
./src/suricata -c suricata.yaml -S /dev/null -l /tmp/ --af-packet=lo
- Subject changed from Setting flow memcap too low tries to allocate the whole system memory to flow/memcap: too low setting causes crash
Also available in: Atom
PDF