Actions
Bug #922
closedtrackers value in suricata.yaml
Affected Versions:
Effort:
Difficulty:
Label:
Description
This is Suricata version 2.0beta1 RELEASE and latest git
defrag: memcap: 32mb hash-size: 65536 trackers: 65535000000000 # number of defragmented flows to follow max-frags: 65535 # number of fragments to keep (higher than trackers) prealloc: yes timeout: 60
If we set the number of trackers bigger than what Suricata can handle , we receive an ERR message but Suricata's loading/start does not stop.
01:30:42 - <Info> - Found an MTU of 1500 for 'eth0' 01:30:42 - <Error> - [ERRCODE: SC_ERR_NUMERIC_VALUE_ERANGE(61)] - Numeric value out of range (65535000000000 > 4294967295) 01:30:42 - <Info> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56 01:30:42 - <Info> - preallocated 1000 defrag trackers of size 144
.....
Since impact is not clear from the ERR code/msg , it is probably better if Suri stops the initialization phase.
Unless it defaults to the max possible value, but then it would be better if that is described in the ERR message
Updated by Victor Julien over 10 years ago
- Assignee set to OISF Dev
- Target version set to 2.0beta2
Updated by Anoop Saldanha over 10 years ago
- Assignee changed from OISF Dev to Anoop Saldanha
Updated by Anoop Saldanha over 10 years ago
Added a more relevant error message.
Updated by Victor Julien over 10 years ago
- Status changed from New to Closed
- % Done changed from 0 to 100
Merged https://github.com/inliniac/suricata/pull/536, thanks!
Actions