Bug #5199: flow/memcap: too low setting causes crash - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #5199

open

LS LS

flow/memcap: too low setting causes crash

Bug #5199: flow/memcap: too low setting causes crash

Added by Lukas Sismis about 4 years ago. Updated 6 months ago.

Status:

Assigned

Priority:

Normal

Assignee:

Lukas Sismis

Target version:

9.0.0-beta1

Affected Versions:

6.0.19, 8.0.1, 7.0.13, 9.0.0-beta1

Effort:

Difficulty:

Label:

Description

If I set flow.memcap low (10mb) then Suri starts to hog memory. Not stopping from doing so can result in a complete system crash/freeze. It seems like it bypasses some check and memory allocation gets into an infinite loop. For demonstration purposes, I am attaching a YAML file.
I've tried it with AF-PACKET capture mode but I believe this is not connected with any capture mode and thus it will be present in whatever capture mode.

Files

suricata.yaml (74.6 KB) suricata.yaml

Lukas Sismis, 03/21/2022 10:06 AM

Subtasks 2 (2 open — 0 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: PDF Atom

Project

General

Profile

Suricata

Custom queries

Bug #5199

flow/memcap: too low setting causes crash

PA Updated by Philippe Antoine 8 months ago Actions
Copy link
#1

PA Updated by Philippe Antoine 8 months ago Actions
Copy link
#2

LS Updated by Lukas Sismis 7 months ago Actions
Copy link
#3

OT Updated by OISF Ticketbot 7 months ago Actions
Copy link
#4

OT Updated by OISF Ticketbot 7 months ago Actions
Copy link
#5

OT Updated by OISF Ticketbot 7 months ago Actions
Copy link
#6

OT Updated by OISF Ticketbot 7 months ago Actions
Copy link
#7

LS Updated by Lukas Sismis 7 months ago Actions
Copy link
#8

SB Updated by Shivani Bhardwaj 6 months ago Actions
Copy link
#9

Project

General

Profile

Suricata

Custom queries

Bug #5199

flow/memcap: too low setting causes crash

PA Updated by Philippe Antoine 8 months ago ActionsCopy link #1

PA Updated by Philippe Antoine 8 months ago ActionsCopy link #2

LS Updated by Lukas Sismis 7 months ago ActionsCopy link #3

OT Updated by OISF Ticketbot 7 months ago ActionsCopy link #4

OT Updated by OISF Ticketbot 7 months ago ActionsCopy link #5

OT Updated by OISF Ticketbot 7 months ago ActionsCopy link #6

OT Updated by OISF Ticketbot 7 months ago ActionsCopy link #7

LS Updated by Lukas Sismis 7 months ago ActionsCopy link #8

SB Updated by Shivani Bhardwaj 6 months ago ActionsCopy link #9

PA Updated by Philippe Antoine 8 months ago Actions
Copy link
#1

PA Updated by Philippe Antoine 8 months ago Actions
Copy link
#2

LS Updated by Lukas Sismis 7 months ago Actions
Copy link
#3

OT Updated by OISF Ticketbot 7 months ago Actions
Copy link
#4

OT Updated by OISF Ticketbot 7 months ago Actions
Copy link
#5

OT Updated by OISF Ticketbot 7 months ago Actions
Copy link
#6

OT Updated by OISF Ticketbot 7 months ago Actions
Copy link
#7

LS Updated by Lukas Sismis 7 months ago Actions
Copy link
#8

SB Updated by Shivani Bhardwaj 6 months ago Actions
Copy link
#9