Suricata 6.0.8 upgrade will probably fix high(er) cpu load during no or low traffic #6065
Closed
2 tasks done
Labels
upstream
Third party issue
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
Describe the bug
This is more of a heads up, not a bug. But it seemed important enough to mention to the devs and to track it here too.
More info is in this OPNsense forum thread:
21.7.3_1 - higher system load after upgrade caused by Suricata
Summary:
Since OPNsense 21.7.3 several users experienced significant higher cpu load while intrusion detection was enabled.
This was the first version released with suricata 6.x. (6.0.3)
Suricata 6.x switched from pthread to usleep for flowmanager in release 6.x.
In the most recent suricata release 6.0.8 the devs reverted back to usleep, see [5]
The higher load is noticeable during idling, with no traffic, possibly caused by high context switching. How much the load increases will depend on the kind of hardware and can vary. On virtualized instances of OPNsense and suricata possibly there is an extra increase of the load.
I did several tests with vanilla suricata installs in proxmox with an ubuntu and freebsd vm.
Test results are added in the above linked suricata bug [5]. And they confirmed on my hardware that the load during idle went back at levels of suricata release 5.x.
The ipfire devs are testing 6.0.8 too and see similar results. See [2].
[1] https://forum.suricata.io/t/cpu-usage-of-version-6-0-0/706
[2] https://bugzilla.ipfire.org/show_bug.cgi?id=12548
[3] https://redmine.openinfosecfoundation.org/issues/4096
[4] https://redmine.openinfosecfoundation.org/issues/4379
[5] https://redmine.openinfosecfoundation.org/issues/4421
The text was updated successfully, but these errors were encountered: