General

Profile

Andreas Herz

Issues

open closed Total
Assigned issues 7 48 55
Reported issues 27 47 74

Projects

Project Roles Registered on
Suricata Developer, OISF Team, OISF Manager 12/02/2015
Suricata-Update Developer, OISF Team, OISF Manager 10/31/2017

Activity

07/12/2021

02:50 PM Suricata Bug #4502: TCP reassembly memuse approaching memcap value results in TCP detection being stopped
I did a check on all deployments and while I can see the issue everywhere I can also confirm that it's not solely rel... Andreas Herz

07/07/2021

06:50 PM Suricata Bug #4502: TCP reassembly memuse approaching memcap value results in TCP detection being stopped
Comparing the two outputs between the good and the bad one you can see that the good one has 92% in the SCMallocFunc ... Andreas Herz
01:09 PM Suricata Bug #4502: TCP reassembly memuse approaching memcap value results in TCP detection being stopped
I added two valgrind runs with massif enabled, as you can see one has stable memory usage, the other has a steady inc... Andreas Herz

06/30/2021

08:58 PM Suricata Bug #4502: TCP reassembly memuse approaching memcap value results in TCP detection being stopped
A deeper dive revealed:
last known good commit https://github.com/OISF/suricata/commit/48605f48674b1478a7dfcb03d67...
Andreas Herz

06/18/2021

10:04 PM Suricata Support #4521: what's the wrong with my installing suricata
please provide your suricata config file and the command line command how suricata is running exactly, ideally some s... Andreas Herz

05/27/2021

11:37 AM Suricata Bug #4502: TCP reassembly memuse approaching memcap value results in TCP detection being stopped
good catch, we did a rebuild with the same versions that are used for 6.0 but no change, 5.0 still looking good and 6... Andreas Herz
09:16 AM Suricata Bug #4502: TCP reassembly memuse approaching memcap value results in TCP detection being stopped
midstream pickup is not enabled.
Both runs you see are the same traffic (via trex), same config it's just the diff...
Andreas Herz

05/26/2021

09:14 PM Suricata Bug #4502: TCP reassembly memuse approaching memcap value results in TCP detection being stopped
We also saw, on live deployments, that the flow.timeout_inuse counter is between 30-70% of the overall flows. So migh... Andreas Herz

05/25/2021

10:22 AM Suricata Bug #4502 (New): TCP reassembly memuse approaching memcap value results in TCP detection being stopped
We discovered on the majority of 6.0 deployments have an increase in overall memory usage but especially for tcp reas... Andreas Herz

04/30/2021

10:50 PM Suricata Documentation #3017 (Closed): No documentation for "rawbytes" keyword
https://github.com/OISF/suricata/pull/5508 Andreas Herz

Also available in: Atom