Actions
Bug #2763
opendifferent number of events on exact same runs with asan and no asan builds
Affected Versions:
Effort:
Difficulty:
Label:
Description
I am observing different number of events being logged with he exact same pcap/server//rules/run used - the difference is that once suricata is compiled with asan the other run it is compiled without it.
The server/HW is not oversubscribed and being 50% busy during the runs.
The pcap has been privately shared.
LSAN_OPTIONS=suppressions=/home/pmanev/inthetrenches/test/asan-ginfiz-runs/oisf-current/qa/lsan.suppress ASAN_SYMBOLIZER_PATH=/usr/lib/llvm-6.0/bin/llvm-symboli
zer /opt/suricata-asan/bin/suricata -c /home/pmanev/inthetrenches/test/asan-ginfiz-runs/fuzz.suricata.warfare.socket.yaml -r /home/pmanev/Work/QA/pcaps/merged-all/all.pcap -l tmplog/ -s /opt/su$
icata-git-rctests/etc/suricata/rules/events-allenabled.rules --set "flow.memcap = 12gb" --set "stream.memcap = 5gb" --set "stream.reassembly.memcap = 10gb" ; time cat tmplog/eve.json | perl -ne 'print "$1\n" if
/\"event_type\":\"(.*?)\"/' | sort | uniq -c
[30985] 22/12/2018 -- 15:53:40 - (suricata.c:1085) <Notice> (LogVersion) -- This is Suricata version 4.1.0-dev (rev b51e4a39)
[30985] 22/12/2018 -- 15:57:21 - (tm-threads.c:2172) <Notice> (TmThreadWaitOnThreadInit) -- all 41 packet processing threads, 2 management threads initialized, engine started.
[30985] 22/12/2018 -- 19:01:48 - (suricata.c:2847) <Notice> (SuricataMainLoop) -- Signal Received. Stopping engine.
[14770] 22/12/2018 -- 20:03:41 - (source-pcap-file.c:383) <Notice> (ReceivePcapFileThreadExitStats) -- Pcap-file module read 1 files, 275652306 packets, 152382822719 bytes
16528957 alert
785278 dhcp
7335001 dns
4715322 fileinfo
38535165 flow
5243434 http
45 ikev2
153154 smb
261524 smtp
8311 ssh
94 tftp
332283 tls
real 24m7.913s
user 4m26.049s
sys 2m59.843s
/opt/suricata-git-rctests/bin/suricata -c /home/pmanev/inthetrenches/test/asan-ginfiz-runs/fuzz.suricata.warfare.socket.yaml -r /home/pmanev/Work/QA/pcaps/merged-all/all.pcap -l tmplog/ -s /opt/suricata-git-rctests/etc/suricata/rules/events-allenabled.rules --set "flow.memcap = 12gb" --set "stream.memcap = 5gb" --set "stream.reassembly.memcap = 10gb" ; time cat tmplog/eve.json | perl -ne 'print "$1\n" if /\"event_type\":\"(.*?)\"/' | sort | uniq -c
rm: cannot remove 'tmplog/*': No such file or directory
[32716] 24/12/2018 -- 04:31:07 - (suricata.c:1085) <Notice> (LogVersion) -- This is Suricata version 4.1.0-dev (rev b51e4a39)
[32716] 24/12/2018 -- 04:31:47 - (tm-threads.c:2172) <Notice> (TmThreadWaitOnThreadInit) -- all 41 packet processing threads, 2 management threads initialized, engine started.
[32716] 24/12/2018 -- 05:35:41 - (suricata.c:2847) <Notice> (SuricataMainLoop) -- Signal Received. Stopping engine.
[32765] 24/12/2018 -- 05:35:42 - (source-pcap-file.c:383) <Notice> (ReceivePcapFileThreadExitStats) -- Pcap-file module read 1 files, 275652306 packets, 152382822719 bytes
16358316 alert
785278 dhcp
7334252 dns
4830923 fileinfo
39725087 flow
5368469 http
45 ikev2
159412 smb
263012 smtp
8311 ssh
94 tftp
361000 tls
real 24m0.977s
user 4m19.900s
sys 3m3.456s
Actions