Project

General

Profile

Actions

Bug #5978

closed

stream/reassembly: memcap exception policy incorrectly applied

Added by Jamie Lavigne over 1 year ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

We are seeing two related behaviors that are occurring even when we are not exceeding the stream reassembly memcap limit:

- The stream reassembly memcap exception policy can be applied despite not reaching the memcap
- We see the stats counter called segment_memcap_drop incrementing despite not reaching the memcap

We need Suricata to independently verify, but from my reading it appears that some non memory-related error handling within the stream reassembly can also be incorrectly counted as out-of-memory errors. The exception policy contains a comment [1] noting that all failures here are caused by a memcap hit, but I have found what look like two possible cases ([2] and [3]) where other unrelated error handling deeper down can cause this to happen. There may be other cases as well.

[1] https://github.com/OISF/suricata/blob/master-6.0.x/src/stream-tcp-reassemble.c#L1903-L1905
[2] https://github.com/OISF/suricata/blob/master-6.0.x/src/stream-tcp-list.c#L173
[3] https://github.com/OISF/suricata/blob/master-6.0.x/src/util-streaming-buffer.c#L703


Related issues 1 (0 open1 closed)

Related to Suricata - Bug #6003: stream/reassembly: memcap exception policy incorrectly applied (6.0.x backport)RejectedActions
Actions #1

Updated by Victor Julien over 1 year ago

  • Subject changed from The stream reassembly memcap exception policy appears to be incorrectly applied to stream/reassembly: memcap exception policy incorrectly applied
  • Target version changed from TBD to 7.0.0-rc2
Actions #2

Updated by OISF Ticketbot over 1 year ago

  • Subtask #6003 added
Actions #3

Updated by OISF Ticketbot over 1 year ago

  • Label deleted (Needs backport to 6.0)
Actions #4

Updated by Victor Julien over 1 year ago

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Victor Julien
Actions #6

Updated by Juliana Fajardini Reichow over 1 year ago

  • Status changed from Assigned to In Progress
Actions #7

Updated by Victor Julien over 1 year ago

  • Status changed from In Progress to Resolved
Actions #8

Updated by Victor Julien over 1 year ago

  • Subtask deleted (#6003)
Actions #9

Updated by Victor Julien over 1 year ago

  • Related to Bug #6003: stream/reassembly: memcap exception policy incorrectly applied (6.0.x backport) added
Actions #10

Updated by Victor Julien over 1 year ago

  • Status changed from Resolved to Closed
  • Priority changed from High to Normal
Actions

Also available in: Atom PDF