Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

log/diag: Support diagnostic stacktraces on unexpected signals #6309

Closed
wants to merge 6 commits into from
Closed

log/diag: Support diagnostic stacktraces on unexpected signals #6309

wants to merge 6 commits into from

Conversation

jlucovsky
Copy link
Contributor

Continuation of #6243
This PR supports configuring Suricata to emit a one-line diagnostic message containing a stacktrace when a signal that terminates Suricata execution (e.g., SIGABRT or SIGSEGV) occurs.

Requires:

  • --enable-libunwind to configure support
  • libunwind must be available for when building Suricata
  • Enablement in Suricata's configuration file (logging.stacktrace-on-signal)

Example output:

[1429359] 24/8/2021 -- 10:15:02 - (suricata.c:1108) <Notice> (LogVersion) -- This is Suricata version 7.0.0-dev running in SYSTEM mode
[1429359] 24/8/2021 -- 10:15:02 - (tm-threads.c:2004) <Notice> (TmThreadWaitOnThreadInit) -- Threads created -> W: 16 FM: 1 FR: 1   Engine started.
[1429373] 24/8/2021 -- 10:15:04 - (suricata.c:332) <Error> (SignalHandlerUnexpected) -- [ERRCODE: SC_ERR_SIGNAL(339)] - stacktrace:sig 6:raise+0x000000cb;AFPReadFromRing+0x00000174;ReceiveAFPLoop+0x00000c06;TmThreadsSlotPktAcqLoop+0x00000ca9;start_thread+0x000000d9;clone+0x00000043
Aborted

Link to redmine ticket: 4526

Describe changes:

  • Default configuration setting changed to on when configured with --enable-libunwind.

#suricata-verify-pr:
#suricata-verify-repo:
#suricata-verify-branch:
#suricata-update-pr:
#suricata-update-repo:
#suricata-update-branch:
#libhtp-pr:
#libhtp-repo:
#libhtp-branch:

@jlucovsky
configure.ac: Support libunwind configuration
82421d5 
This commit adds support for enabling libunwind -- a library that can be
used to display stack information.

Use --enable-libunwind to check for availability. A diagnostic message
is displayed if libunwind cannot be found as requested.
@jlucovsky
error: Add error code for sig-related diagnostics
418ecd5 
This commit adds an error code for the diagnostic code used for
diagnostic messages following unexpected termination due to signals..
@jlucovsky
logging: Stacktrace on signal term setting
43c8500 
This commit adds a configuration setting to enable a stack trace message
if Suricata receives a signal that terminates execution, such as
SIGSEGV, SIGABRT.
@jlucovsky
logging/diag: Enable stacktrace diagnostic if config'd
2d2bf42 
This commit adds a signal handler for SIGSEGV when configured. The
signal handler emits a one line stack trace using SCLogError. The intent
is to provide diagnostic information in deployments where core files are
not possible.

The diagnostic message is from the offending thread and includes the
stack trace; each frame includes the symbol + offset.
@jlucovsky
general: Fix typo
5942148
@jlucovsky
doc/yaml: Signal-termination option description
271c5a9
@jlucovsky jlucovsky requested review from norg and a team as code owners August 24, 2021 14:17
@jlucovsky jlucovsky mentioned this pull request Aug 24, 2021
Closed
@codecov
Copy link

codecov bot commented Aug 24, 2021

Codecov Report

Merging #6309 (271c5a9) into master (cf21694) will decrease coverage by 0.04%.
The diff coverage is 0.00%.

@@            Coverage Diff             @@
##           master    #6309      +/-   ##
==========================================
- Coverage   76.97%   76.93%   -0.05%     
==========================================
  Files         611      611              
  Lines      185941   185957      +16     
==========================================
- Hits       143130   143066      -64     
- Misses      42811    42891      +80
Flag Coverage Δ
fuzzcorpus 52.85% <0.00%> (-0.02%) ⬇️
suricata-verify 51.07% <0.00%> (-0.09%) ⬇️
unittests 63.12% <0.00%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline 3920

@victorjulien
Copy link
Member

Would it make sense to enable this by default if libunwind is available? So auto-detect it from configure but don't error out if it doesn't exist?

@jlucovsky
Copy link
Contributor Author

I think it would make sense to always have it since the overhead is quite low.

@jlucovsky jlucovsky mentioned this pull request Sep 3, 2021
Closed
@jlucovsky
Copy link
Contributor Author

Continued in #6338

@jlucovsky jlucovsky closed this Sep 3, 2021
@jlucovsky jlucovsky deleted the 4526/4 branch January 30, 2022 15:28
hadiqaalamdar added a commit to hadiqaalamdar/suricata that referenced this pull request Oct 23, 2023
@hadiqaalamdar
detect/analyzer: add more details for the flowbits keyword
dd1c2f6 
Task OISF#6309
@hadiqaalamdar hadiqaalamdar mentioned this pull request Oct 23, 2023
Closed
3 tasks
hadiqaalamdar added a commit to hadiqaalamdar/suricata that referenced this pull request Oct 24, 2023
@hadiqaalamdar
detect-flowbits: adding details for flowbits
d326c89 
Task OISF#6309
@hadiqaalamdar hadiqaalamdar mentioned this pull request Oct 24, 2023
Closed
3 tasks
hadiqaalamdar added a commit to hadiqaalamdar/suricata that referenced this pull request Oct 25, 2023
@hadiqaalamdar
detect-flowbits: adding details for flowbits
ffcfd91 
Task OISF#6309
@hadiqaalamdar hadiqaalamdar mentioned this pull request Oct 25, 2023
Closed
3 tasks
hadiqaalamdar added a commit to hadiqaalamdar/suricata that referenced this pull request Oct 25, 2023
@hadiqaalamdar
detect-flowbits: adding details for flowbits
e373c3f 
Task OISF#6309
@hadiqaalamdar hadiqaalamdar mentioned this pull request Oct 25, 2023
Closed
3 tasks
hadiqaalamdar added a commit to hadiqaalamdar/suricata that referenced this pull request Dec 5, 2023
@hadiqaalamdar
detect-flowbits: adding details for flowbits
91fbf2a 
Task OISF#6309
@hadiqaalamdar hadiqaalamdar mentioned this pull request Dec 5, 2023
Closed
3 tasks
hadiqaalamdar added a commit to hadiqaalamdar/suricata that referenced this pull request Dec 7, 2023
@hadiqaalamdar
detect/analyzer: add details to flowbits keyword
163e4ce 
Task OISF#6309
@hadiqaalamdar hadiqaalamdar mentioned this pull request Dec 7, 2023
Closed
3 tasks
hadiqaalamdar added a commit to hadiqaalamdar/suricata that referenced this pull request Dec 7, 2023
@hadiqaalamdar
detect/analyzer: add details to flowbits keyword
da84764 
Task OISF#6309
@hadiqaalamdar hadiqaalamdar mentioned this pull request Dec 7, 2023
Closed
3 tasks
hadiqaalamdar added a commit to hadiqaalamdar/suricata that referenced this pull request Dec 8, 2023
@hadiqaalamdar
detect/analyzer: add details to flowbits keyword
b2d4b64 
Task OISF#6309
@hadiqaalamdar hadiqaalamdar mentioned this pull request Dec 8, 2023
Closed
3 tasks
hadiqaalamdar added a commit to hadiqaalamdar/suricata that referenced this pull request Dec 11, 2023
@hadiqaalamdar
detect/analyzer: add details to flowbits keyword
9a24326 
Task OISF#6309
hadiqaalamdar added a commit to hadiqaalamdar/suricata that referenced this pull request Dec 11, 2023
@hadiqaalamdar
detect/analyzer: add details to flowbits keyword
e7b1810 
Task OISF#6309
@hadiqaalamdar hadiqaalamdar mentioned this pull request Dec 11, 2023
Closed
3 tasks
hadiqaalamdar added a commit to hadiqaalamdar/suricata that referenced this pull request Dec 13, 2023
@hadiqaalamdar
detect/analyzer: add details to flowbits keyword
3006993 
Task OISF#6309
@hadiqaalamdar hadiqaalamdar mentioned this pull request Dec 13, 2023
Closed
3 tasks
victorjulien pushed a commit to victorjulien/suricata that referenced this pull request Dec 13, 2023
@hadiqaalamdar @victorjulien
detect/analyzer: add details to flowbits keyword
774f05d 
Task OISF#6309
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@norg norg Awaiting requested review from norg

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jlucovsky @suricata-qa @victorjulien