Actions
Bug #925
closedprealloc-sessions value bigger than allowed in suricata.yaml
Affected Versions:
Effort:
Difficulty:
Label:
Description
This is Suricata version 2.0beta1 RELEASE and latest git
If we set the prealloc threads value to a value bigger than the limit allows:
stream:
memcap: 32mb
checksum-validation: yes # reject wrong csums
prealloc-sessions: 32768000000
inline: no # auto will use inline mode in IPS mode, yes or no set it statically
reassembly:
memcap: 64mb
depth: 1mb # reassemble 1mb into a stream
toserver-chunk-size: 2560
toclient-chunk-size: 2560
notice - prealloc-sessions: 32768000000
Suricata silently defaults to 2703228928 :
- <Info> - Running in 'auto' checksum mode. Detection of interface state will require 1000 packets. - <Info> - Found an MTU of 1500 for 'eth0' - <Info> - Set snaplen to 1500 for 'eth0' - <Info> - RunModeIdsPcapAutoFp initialised - <Info> - stream "prealloc-sessions": 2703228928 (per thread) - <Info> - stream "memcap": 33554432 - <Info> - stream "midstream" session pickups: disabled - <Info> - stream "async-oneside": disabled - <Info> - stream "checksum-validation": enabled - <Info> - stream."inline": disabled - <Info> - stream "max-synack-queued": 5 - <Info> - stream.reassembly "memcap": 67108864 - <Info> - stream.reassembly "depth": 1048576 - <Info> - stream.reassembly "toserver-chunk-size": 2435 - <Info> - stream.reassembly "toclient-chunk-size": 2508 - <Info> - all 4 packet processing threads, 3 management threads initialized, engine started.
It would be useful if there is a warning or ERR in that condition.
Updated by Anoop Saldanha about 11 years ago
- Assignee set to Anoop Saldanha
Updated by Victor Julien about 11 years ago
- Status changed from New to Closed
- Target version set to 2.0beta2
- % Done changed from 0 to 100
Actions