Drop stats explanation

LucaC · January 18, 2022, 5:08pm

Hi everybody,

I’m trying to tune my suricata configuration. Inspecting the log files produced by suricata I stumbled on segment_memcap_drop_delta and reassembly_gap_delta. I thought that increasing the reassembly memcap would fix my drop but i was wrong. Can anyone please explain me the difference between this two metrics?

Thanks,

Luca

Andreas_Herz · January 26, 2022, 10:19pm

What version are you running? There was a bug that lead to high memory usage.

The first one tells you that due to reaching the memcap limit parts are droped.

The other is that there is a gap within a stream when it was reassembled.

Topic		Replies	Views
TCP.reassembly_gap without packet loss Help suricata	1	795	July 18, 2022
Question on tcpreassembly-memuse Help suricata	3	66	August 8, 2024
Suspected memleak in Suricata 6.0.3 Help	5	1029	April 7, 2022
Several question(mpm, memory leak) Help	9	1171	May 26, 2021
Minimum number of flow to hit reassembly memcap in worst case Help suricata	0	284	March 6, 2023

Drop stats explanation

Related topics