Bug #8576: Suricata stops processing packets when receiving via GRE/ERSPAN - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #8576

open

Suricata stops processing packets when receiving via GRE/ERSPAN

Bug #8576: Suricata stops processing packets when receiving via GRE/ERSPAN

Added by Richard McConnell about 9 hours ago.

Status:

New

Priority:

Normal

Assignee:

Target version:

TBD

Affected Versions:

8.0.3

Effort:

Difficulty:

Label:

Description

An issue was identified with Suricata 8 where it would stop working as expected, reporting 0 packetRate and no longer producing payloads.
From investigation, the issue looks to only affect instances where suricata receives GRE or ERSPAN encapsulated traffic although only a 20% of these are affected.
We have been unable to reproduce this in our lab setting

From our investigation within our product we found:

Normal behaviour would return after a restart, normally triggered by the weekly rules release, then stop some random amount of time after
This has occurred across a number of different OS - ubuntu 24.04, rhel 8.10, rhel 9.5 etc

No data to display

Actions

Copy link

Also available in: PDF Atom

Project

General

Profile

Suricata

Custom queries

Bug #8576

Suricata stops processing packets when receiving via GRE/ERSPAN