Bug #922: trackers value in suricata.yaml - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #922

closed

trackers value in suricata.yaml

Added by Peter Manev about 11 years ago. Updated about 11 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Anoop Saldanha

Target version:

2.0beta2

Affected Versions:

Effort:

Difficulty:

Label:

Description

This is Suricata version 2.0beta1 RELEASE and latest git

defrag:
  memcap: 32mb
  hash-size: 65536
  trackers: 65535000000000 # number of defragmented flows to follow
  max-frags: 65535 # number of fragments to keep (higher than trackers)
  prealloc: yes
  timeout: 60

If we set the number of trackers bigger than what Suricata can handle , we receive an ERR message but Suricata's loading/start does not stop.

 01:30:42 - <Info> - Found an MTU of 1500 for 'eth0'
 01:30:42 - <Error> - [ERRCODE: SC_ERR_NUMERIC_VALUE_ERANGE(61)] - Numeric value out of range (65535000000000 > 4294967295)
 01:30:42 - <Info> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
 01:30:42 - <Info> - preallocated 1000 defrag trackers of size 144

.....

Since impact is not clear from the ERR code/msg , it is probably better if Suri stops the initialization phase.
Unless it defaults to the max possible value, but then it would be better if that is described in the ERR message

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #922

trackers value in suricata.yaml

Updated by Victor Julien about 11 years ago

Updated by Anoop Saldanha about 11 years ago

Updated by Anoop Saldanha about 11 years ago

Updated by Victor Julien about 11 years ago