Project

General

Profile

Actions

Bug #5870

closed

ips/af-packet: crash when copy-iface is the same as the interface

Added by Jason Ish over 1 year ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

The following is an easy to make configuration error when setting up AF_PACKET IPS:

af-packet:
  - interface: enp10s0
    cluster-id: 99
    cluster-type: cluster_flow
    defrag: yes
    copy-mode: ips
    copy-iface: enp9s0

  - interface: enp9s0
    cluster-id: 98
    cluster-type: cluster_flow
    defrag: yes
    copy-mode: ips
    copy-iface: enp9s0

which leads to a crash:

Error: suricata: stacktrace:sig 11:AFPWritePacket+0x00000200;AFPReleaseDataFromRing+0x000000cb;AFPReleasePacket+0x00000018;TmqhOutputPacketpool+0x00000f68;TmThreadsSlotProcessPkt+0x000000e6;AFPReadFromRing+0x000003e3;ReceiveAFPLoop+0x000010a0;TmThreadsSlotPktAcqLoop+0x00000dbe;start_thread+0x000002cd;__clone3+0x00000030 [SignalHandlerUnexpected:suricata.c:302]
Segmentation fault

This should be simple enough to catch and present a more user friendly error message.


Subtasks 1 (0 open1 closed)

Bug #6228: ips/af-packet: crash when copy-iface is the same as the interface (6.0.x backport)ClosedShivani BhardwajActions
Actions

Also available in: Atom PDF