Suricata is crashing on all firerwalls starting April 19th, 2025

geotek · April 19, 2025, 01:54:24 PM

We are using the proofpoint rules and all OPNsense versions from 25.1 to 24.x are affected. Error message is:

<Error> -- Just ran out of space in the queue. Fatal Error. Exiting. Please file a bug report on this

It looks like a broken rule update is responsible for this, since ample memory and disk space is available on our boxes.

geotek · April 20, 2025, 11:25:21 AM

One more observation: Only boxes with one of the three Aho-Corasick Pattern matchers are affected, even with today's updated rules. Boxes with Hyperscan matcher were not affected. After changing the matcher to Hyperscan, the problem was solved on all of our previously affected firewalls.

I hope this helps identifying and fixing the cause.

allenlook · April 21, 2025, 02:47:02 PM

Ours started erroring out on the 20th, same symptoms, and same temporary resolution - Hyperscan.

ErikLievense

Same here

Suricata is crashing on all firerwalls starting April 19th, 2025

geotek

April 19, 2025, 01:54:24 PM

geotek

April 20, 2025, 11:25:21 AM #1

allenlook

April 21, 2025, 02:47:02 PM #2

ErikLievense

Today at 01:58:34 AM #3