Project

General

Profile

Actions
Copy link

Bug #8576

open
RM

Suricata stops processing packets when receiving via GRE/ERSPAN

Bug #8576: Suricata stops processing packets when receiving via GRE/ERSPAN

Added by Richard McConnell 26 days ago. Updated 19 days ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Target version:
TBD
Affected Versions:
8.0.3
Effort:
Difficulty:
Label:

Description

An issue was identified with Suricata 8 where it would stop working as expected, reporting 0 packetRate and no longer producing payloads.
From investigation, the issue looks to only affect instances where suricata receives GRE or ERSPAN encapsulated traffic although only a 20% of these are affected.
We have been unable to reproduce this in our lab setting

From our investigation within our product we found:
  • Normal behaviour would return after a restart, normally triggered by the weekly rules release, then stop some random amount of time after
  • This has occurred across a number of different OS - ubuntu 24.04, rhel 8.10, rhel 9.5 etc

JI Updated by Jason Ish 25 days ago ยท Edited Actions
Copy link
 #1

This may be fixed in 8.0.5, just released today.

JF Updated by Juliana Fajardini Reichow 19 days ago Actions
Copy link
 #2

  • Status changed from New to Feedback

Hi @Richard McConnell could you please confirm whether this is fixed with 8.0.5 release?

Actions
Copy link

Also available in: PDF Atom