Suricata crashing on OpenBSD

mayak · October 31, 2021, 8:35am

Dear all,

I am having troubles with Suricata (6.0.2) on OpenBSD (6.9 and 7.0). The service keeps crashing and I do not get any leads from the logs. It is most likely a configuration issue on my end or a problem with my OpenBSD setup (using a link aggregation / trunk interface).

Please find my configuration file here:

If I start Suricata with the same configuration file on a virtual machine (with a simple “untagged” VirtIO network interface) the Suricata process doesn’t crash. I should note that the virtual machine barely sees any traffic.

I tried enabling the debug log level, but I don’t seem to get more logs:

logging:
  default-log-level: debug

<...>

  outputs:
  - console:
      enabled: yes
      # type: json
  - file:
      enabled: yes
      level: debug
      filename: suricata.log
      # type: json
  - syslog:
      enabled: yes
      facility: local5
      format: "[%i] <%d> -- "
      # type: json

Any hints are appreciated.

Thank you,
mayak

vjulien · November 2, 2021, 10:48am

Perhaps you can try running suricata in gdb and share a back trace of the crash.

Also, can you share what type of interface this is?

pcap:
  - interface: aggr0

mayak · November 4, 2021, 4:08pm

Thank you very much for your help. The aggr0 interface is a “trunk/bond” between two interfaces:

$ cat /etc/hostname.aggr0

trunkport em1 trunkport em2 lacpmode active lacptimeout slow

Those are Intel i211AT interfaces on an PC Engines APU4.

I will try to create a core dump / trace either today or tomorrow. Thanks.

Topic		Replies	Views
Suricata Crashes on a regular basis Help	11	409	September 11, 2023
Default Configuration error - stalls Help	1	444	December 4, 2022
Suricata exiting with error Help suricata	3	119	January 25, 2024
Suricata with ebpf Help	8	575	January 10, 2023
Suricata 5.0.3 - Segmentation Fault when shutdown via suricatasc Help ips	3	1056	December 27, 2020

Suricata crashing on OpenBSD

Related Topics