Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

log/diag: Support diagnostic stacktraces on SIGSEGV #6243

Closed
wants to merge 6 commits into from
Closed

log/diag: Support diagnostic stacktraces on SIGSEGV #6243

wants to merge 6 commits into from

Conversation

jlucovsky
Copy link
Contributor

Continuation of #6201
This PR supports configuring Suricata to emit a one-line diagnostic message containing a stacktrace when SIGSEGV occurs.

Requires

  • --enable-libunwind to configure support
  • libunwind must be available for configuration
  • Enablement in Suricata's configuration file (logging.sigsegv-stacktrace)

Example output:

[1172175] 17/6/2021 -- 09:58:38 - (suricata.c:1106) <Notice> (LogVersion) -- This is Suricata version 7.0.0-dev running in SYSTEM mode
[1172175] 17/6/2021 -- 09:58:38 - (tm-threads.c:2004) <Notice> (TmThreadWaitOnThreadInit) -- Threads created -> W: 16 FM: 1 FR: 1   Engine started.
[1172189] 17/6/2021 -- 09:58:49 - (suricata.c:331) <Error> (SignalHandlerSigsegv) -- [ERRCODE: SC_ERR_SIGSEGV(339)] - stacktrace:ReceiveAFPLoop+0x000007f9;TmThreadsSlotPktAcqLoop+0x00000ca9;start_thread+0x000000d9;clone+0x00000043
Aborted

Link to redmine ticket: 4526

Describe changes:

  • Default configuration setting changed to on when configured with --enable-libunwind.

#suricata-verify-pr:
#suricata-verify-repo:
#suricata-verify-branch:
#suricata-update-pr:
#suricata-update-repo:
#suricata-update-branch:
#libhtp-pr:
#libhtp-repo:
#libhtp-branch:

@jlucovsky
configure.ac: Support libunwind configuration
8c8344a 
This commit adds support for enabling libunwind -- a library that can be
used to display stack information.

Use --enable-libunwind to check for availability. A diagnostic message
is displayed if libunwind cannot be found as requested.
@jlucovsky
error: Add error code for SIGSEGV diagnostic
9141c37 
This commit adds an error code for the diagnostic code used for SIGSEGV
diagnostic messages.
@jlucovsky
logging: Stacktrace on SIGSEGV setting
6fb6d9a 
This commit adds a configuration setting to enable a stack trace message
if Suricata receives a SIGSEGV.
@jlucovsky
logging/diag: Enable stacktrace diagnostic if config'd
0f5d902 
This commit adds a signal handler for SIGSEGV when configured. The
signal handler emits a one line stack trace using SCLogError. The intent
is to provide diagnostic information in deployments where core files are
not possible.

The diagnostic message is from the offending thread and includes the
stack trace; each frame includes the symbol + offset.
@jlucovsky
general: Fix typo
8be58a9
@jlucovsky
doc/yaml: SIGSEGV option description
5844248
@jlucovsky jlucovsky requested review from norg and a team as code owners July 1, 2021 13:58
@codecov
Copy link

codecov bot commented Jul 1, 2021

Codecov Report

Merging #6243 (5844248) into master (b8499de) will decrease coverage by 0.00%.
The diff coverage is 0.00%.

@@            Coverage Diff             @@
##           master    #6243      +/-   ##
==========================================
- Coverage   76.94%   76.94%   -0.01%     
==========================================
  Files         611      611              
  Lines      186146   186147       +1     
==========================================
- Hits       143236   143224      -12     
- Misses      42910    42923      +13
Flag Coverage Δ
fuzzcorpus 52.82% <0.00%> (-0.01%) ⬇️
suricata-verify 51.13% <0.00%> (-0.03%) ⬇️
unittests 63.08% <0.00%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

@jlucovsky jlucovsky mentioned this pull request Jul 1, 2021
Closed
@suricata-qa
Copy link

field test baseline % diff
tlpr1_stats_chk
.tcp.insert_list_fail 219 255 86.0%

@jlucovsky jlucovsky mentioned this pull request Aug 24, 2021
Closed
@jlucovsky
Copy link
Contributor Author

Continued in #6309

@jlucovsky jlucovsky closed this Aug 24, 2021
@jlucovsky jlucovsky deleted the 4526/3 branch January 30, 2022 15:28
thomasjwinter added a commit to thomasjwinter/suricata that referenced this pull request Aug 8, 2023
@thomasjwinter
iprep: fix parsing ip-rep data with carriage return
3344b71 
Commit e7c0f0a removed uses of atoi with a new number parsing
functions. This broke parsing ip-reputation data files that contained
trailing carriage returns as it was being included in the number
string to convert.

Bug: OISF#6243.
thomasjwinter added a commit to thomasjwinter/suricata that referenced this pull request Aug 31, 2023
@thomasjwinter
iprep: fix parsing ip-rep data with carriage return
a284f01 
Commit e7c0f0a removed uses of atoi with a new number parsing
functions. This broke parsing ip-reputation data files that contained
trailing carriage returns as it was being included in the number
string to convert.

Bug: OISF#6243.
jasonish pushed a commit to jasonish/suricata that referenced this pull request Sep 1, 2023
@thomasjwinter @jasonish
iprep: fix parsing ip-rep data with carriage return
6164b64 
Commit e7c0f0a removed uses of atoi with a new number parsing
functions. This broke parsing ip-reputation data files that contained
trailing carriage returns as it was being included in the number
string to convert.

Bug: OISF#6243.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@norg norg Awaiting requested review from norg

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jlucovsky @suricata-qa