Project

General

Profile

Bug #329

Updated by Victor Julien about 13 years ago

Well about the situation here that we have (as pointed out by Delta Yeh): 
 My scenario - Set up - 2 machines: 
 (1) - with Suricata current git and Apache on it as well. No rules for Suri. and a just regular default web server installation. 
 (2) - "testing node" - for the successful reproduction of the tests we need "ab" installed which comes by default with the apache package (you might need one more apache web server install here) 

 So then: 
 <pre> 
 1. Start Suri on node (1)  
 2. Make sure the web server on node (1) is up and running 
 3. From node (2) in a shell execute: 
 " ab -c 1 -n 60000 http://x.x.x.x/ "  
 - x.x.x.x    is the IP of the apache server (1) 
 </pre> 

 The result is    (at least in my case) - Suri does not release the memory after the test from node (2) is completed. If you run consecutive tests it will exhaust the memory and crash exit. 

 I have tested that on Debina/Ubuntu and BSD, with or without rules, with different mpm_alg, with different flow timeout options - the result is the same. 

 Things that I have noticed: 
 The "ab" test does not make "proper" Fin-Ack tcp tear down - The connections are just left to time out. Even so, 3 hrs after the tests Suri still didn't release the mem resources.

Back